Segment 1 - Secrets and their role in infrastructure security
From API keys and tokens to environment variables and credentials, secrets are foundational—and often overlooked—attack surfaces in cloud-native and distributed systems. We break down the risks tied to poor secret hygiene, discuss emerging patterns for secure secret management at scale, and shares insights on integrating secrets management into systems design.
This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them!
Segment 2 - Weekly Enterprise News
In this week's enterprise security news, we have:
- Funding, mostly focused on identity security and ‘secure-by-design’
- Palo Alto acquires one of the more mature AI security startups, Protect AI
- LimaCharlie is first with a cybersecurity-focused MCP offering
- Meta releases a ton of open source AI security tooling, including LlamaFirewall
- Exploring the state of AI in the SOC
- The first research on whether AI is replacing jobs is out
- Some CEOs are requiring employees to be more productive with AI
- Are prompts the new IOCs?
- Are puppies the new booth babes?
- We get closure on two previous stories we covered:
- one about an ex-Disney employee,
- and one about a tiny dog
Segment 3 - Executive Interviews from RSAC
CYWARE The legacy SecOps market is getting disrupted. The traditional way of ingesting large troves of data, analysis and actioning is not efficient today. Customers and the market are moving towards a more threat centric approach to effectively solve their security operations challenges.
- CERT Water Management Case Study
- Cybersecurity Alert Fatigue! How Threat Intelligence Can Turn Data Overload Into Actionable Insights Blog
- Frost & Sullivan's 2024 Threat Intelligence Platform Radar Report
- 2025 TIP Buyer’s Guide
This segment is sponsored by Cyware. Visit https://securityweekly.com/cywarersac to request a demo!
SUMOLOGIC Intelligent SecOps is more than a buzzword—it's a blueprint for modernizing security operations through real-time analytics, contextual threat intelligence, and AI-powered automation. In this segment, Sumo Logic’s Field CTO Chas Clawson explains how SOC teams can accelerate detection and response, cut through alert noise, and improve security outcomes by fusing AI-driven automation with human context and expertise. He also shares the latest security capabilities Sumo Logic announced at the RSA Conference to help organizations build and operate Intelligent SecOps.
- Press Release: Sumo Logic Unifies Security to Deliver Intelligent Security Operations
- Blog: RSAC 2025 Intelligent Security Operations
- Brief: Sumo Logic Threat Intelligence
- Chas Blog: Cloudy with a chance of breach: advanced threat hunting strategies for a hyperconnected and SaaSy world
- LinkedIn Live: Implications of AI in a modern defense strategy
This segment is sponsored by Sumo Logic. Visit https://securityweekly.com/sumologicrsac to learn more about them!
Jawahar is a seasoned leader with over 25 years of experience driving innovation, growth, and customer success in the security product space. He currently serves as President of Cyware, a pivotal role in empowering organizations with advanced, AI-driven threat intelligence and security solutions. Before Cyware, Jawahar was President and COO of Appgate, where he was responsible for all go-to-market functions including sales, marketing, and customer success, and held the position of a Section 16 public company officer. Before that, he was instrumental in transforming specialization sales for Splunk’s advanced security offerings, significantly contributing to growth and customer intimacy. He also held various leadership roles in go-to-market and product functions during his tenure at Cisco.
Chas Clawson is the VP of Security Strategy at Sumo Logic, where he helps organizations rethink how they secure modern workloads in an increasingly AI-driven world. A technologist with over 20 years of experience, Chas has consulted Fortune 500 companies and federal agencies alike — from architecting the Department of Commerce’s ESOC SIEM solution to conducting offensive security exercises as part of the NSA Red Team.
Before joining Sumo, he spent years helping both public and private sector teams modernize their SOCs, and today he channels that experience into shaping the future of cloud-native security and AI-driven defense. When he’s not talking about security strategy, you’ll likely find him teaching cyber courses at the University of Maryland Global Campus — or trying to keep up with his five energetic kids at home (a different kind of threat landscape).
Sergey Gorbaty is a security architect with over 15 years of experience securing both on-premise and cloud-based products. He currently serves as a Senior Principal Security Architect at Fastly, where he leads security improvements across a highly distributed fleet of compute and delivery services.
Sergey holds a Master’s degree in Information Security from Carnegie Mellon University. He is a co-author of several publications presented at Black Hat USA and holds multiple patents related to runtime analysis and securing JavaScript-based web applications.
Fernando Medrano is Deputy CISO at Fastly, where he leads global security strategy, architecture, and risk management for one of the internet’s most performance-critical platforms. With over two decades of experience spanning cloud-native environments, critical infrastructure, and Fortune 500 enterprises, he has built and led teams across all major security domains. Fernando has briefed both business and government leaders, offering a practical, forward-looking perspective on today’s most complex cybersecurity challenges. He holds a master’s degree in Information Security from Georgia Tech and executive leadership certifications from Emory and Stanford.
Identiverse 2025 is returning to Las Vegas, June 3-6. Hear from 250+ expert speakers and connect with 3,000+ identity security professionals across four days of keynotes, breakout sessions, and deep dives into the latest identity security trends. Plus, take part in hands-on workshops and explore the brand-new Non-Human Identity Pavilion. Register now and save 25% with code IDV25-SecurityWeekly at https://www.securityweekly.com/IDV2025
Adrian Sanabria
- FUNDING: Provided by the Security, Funded newsletter, issue #192 – Markets Don’t Do Conference Breaks
Vibe Check
Last week's vibe check asks, "What’s your take on the rise of vibe coding from a security perspective?"
The overwhelming answer was, "OK for MVPs, not production" (nevermind that the definition of an MVP is literally a 1.0 production product...)
Funding
- Persona, a US-based identity verification and anti-fraud platform for customer identities and account recovery, raised a $200.0M Series D from Founders Fund and Ribbit Capital
- Veza, a US-based data protection platform focused on identity and authorization, raised a $108.0M Series D from New Enterprise Associates (NEA)
- Minimus (formerly named Gutsy), an Israel-based secure-by-design container image platform, raised a $51.0M Seed from YL Ventures and Mayfield Fund
- UK-based Valarian is emerging from stealth with a $20M in total funding, lead by Scout Ventures. Their product, Valarian Defence, focuses on providing "compartmentalized systems for secure communication, compliance, and continuity"
- LayerX Security, an Israel-based remote browser isolation platform, raised a $11.0M Series A from Jump Capital
Acquisitions
- Protect AI, a US-based platform for securing artificial intelligence (AI) and machine learning (ML) workloads, was acquired by Palo Alto Networks for '$500M plus'. Protect AI had previously raised $108.5M in funding AND had done one acquisition itself (SydeLabs, which was doing AI red teaming). Cole Grolmus had some good thoughts on deal rationale.
- NEW PRODUCTS: LimaCharlie’s new MCP Server offering
First in the security space with an MCP offering, they claim!
- NEW TOOLS: Meta releases LlamaFirewall and a bunch of other AI-related open source security tools
- LlamaFirewall is a traditional (too soon to say this?) AI firewall; appears to be largely focused on input, where some commercial AI firewalls also inspect prompt output for data access control issues before returning it to the requestor
- AutoPatchBench, a "benchmark for AI-powered security fixes"
- A sensitive document classification framework that makes it easy to apply LLMs to preventing sensitive data exfil
- PromptGuard v2 model family for detecting and stopping prompt injection attacks (integrates with LlamaFirewall)
- CodeShield, which now integrates with LlamaFirewall, and does live blocking of insecure LLM code outputs <- aaahh, so LlamaFirewall DOES do output scanning
- New "cybersecurity defender reasoning evals", which they apparently worked on with Crowdstrike and will release soon
- Audio deepfake detection (an ML model shared only with trusted partners?!?)
WOW, that's a lot.
- INSIGHTS: Erik Bloch explores the state of AI for SOCs (via LinkedIn)
Some very interesting insights from Erik, who I'm trying to get on the podcast so we can go deeper on this topic.
- Everyone's doing things a little bit different when it comes to using AI/LLM to alleviate SOC pains
- Some products are cool, bring value, and these teams actually understand how SOCs work - others had unrealistic expectations and broke existing workflows
- No vendors had hard data to share on whether any of their approaches are actually working
- If "please and thank you" is costing OpenAI millions of extra dollars, imagine what AI-based SOC triage tools could do with thousands of alerts every day!
- Erik did some quick math and found that 3 vendors he talked to would charge $3m-$4m per year at the 1000 alerts per day rate.
On this post, I raised a question: "What if, instead of automating triage on alerts that are ultimately not important to the org, we focused on having less alerts? Is anyone focusing on alleviating alert fatigue by reducing the raw number of alerts?" and he referred me to a company called Alpha Level, so I'll be checking them out soon...
- STUDIES: Large Language Models, Small Labor Market Effects
I have some thoughts on this paper. There is a long version.
The short version is that I think this study was WAY early - Microsoft Copilot wasn't even a year old yet. As fast as this market is growing and moving, enterprises just can't move THAT fast. A year ago, no one I talked to was using GenAI internally. Now? They all are.
Looking forward to the next studies on how AI is impacting productivity and jobs (which aren't necessarily the same thing!)
- TRENDS: Warmly CEO: “Do 30% more with AI, or you’re underperforming”
An interesting counterpoint to the study we've got to talk about this week...
- ESSAYS: The Detection Opportunity Cost
- ESSAYS: Why Prompts Are the New IOCs You Didn’t See Coming!
- ESSAY: AI-Powered Risk Analysis: Elevating Cybersecurity Insights
Goes well with my thoughts on "why is AI triaging garbage alerts instead of us getting rid of garbage alerts in the first place"
- ESSAYS: Are Puppies the New Booth Babes: What Do You Think?
- ANALYSIS: Signal v. Noise in the RSA Innovation Sandbox
Some great analysis on RSAC's Innovation Sandbox from Rami McCarthy and Mike Privette
- LEGAL: Ex-Disney Worker Who Hacked Menus Gets 3 Years in Prison
We get to close the loop on a few stories. One sad, one happy!
This is the sad one.
LESSON: Don't get angry and do stupid retaliatory stuff against your ex-employer when you get fired.
- SQUIRREL: Tears of joy as Valerie the runaway dachshund finally reunited with owners
Our other story we get to wrap up.
This is the happy one!
