Segment 1 - Secrets and their role in infrastructure security
From API keys and tokens to environment variables and credentials, secrets are foundational—and often overlooked—attack surfaces in cloud-native and distributed systems. We break down the risks tied to poor secret hygiene, discuss emerging patterns for secure secret management at scale, and shares insights on integrating secrets management into systems design.
This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them!
Segment 2 - Weekly Enterprise News
In this week's enterprise security news, we have:
- Funding, mostly focused on identity security and ‘secure-by-design’
- Palo Alto acquires one of the more mature AI security startups, Protect AI
- LimaCharlie is first with a cybersecurity-focused MCP offering
- Meta releases a ton of open source AI security tooling, including LlamaFirewall
- Exploring the state of AI in the SOC
- The first research on whether AI is replacing jobs is out
- Some CEOs are requiring employees to be more productive with AI
- Are prompts the new IOCs?
- Are puppies the new booth babes?
- We get closure on two previous stories we covered:
- one about an ex-Disney employee,
- and one about a tiny dog
Segment 3 - Executive Interviews from RSAC
CYWARE The legacy SecOps market is getting disrupted. The traditional way of ingesting large troves of data, analysis and actioning is not efficient today. Customers and the market are moving towards a more threat centric approach to effectively solve their security operations challenges.
- CERT Water Management Case Study
- Cybersecurity Alert Fatigue! How Threat Intelligence Can Turn Data Overload Into Actionable Insights Blog
- Frost & Sullivan's 2024 Threat Intelligence Platform Radar Report
- 2025 TIP Buyer’s Guide
This segment is sponsored by Cyware. Visit https://securityweekly.com/cywarersac to request a demo!
SUMOLOGIC Intelligent SecOps is more than a buzzword—it's a blueprint for modernizing security operations through real-time analytics, contextual threat intelligence, and AI-powered automation. In this segment, Sumo Logic’s Field CTO Chas Clawson explains how SOC teams can accelerate detection and response, cut through alert noise, and improve security outcomes by fusing AI-driven automation with human context and expertise. He also shares the latest security capabilities Sumo Logic announced at the RSA Conference to help organizations build and operate Intelligent SecOps.
- Press Release: Sumo Logic Unifies Security to Deliver Intelligent Security Operations
- Blog: RSAC 2025 Intelligent Security Operations
- Brief: Sumo Logic Threat Intelligence
- Chas Blog: Cloudy with a chance of breach: advanced threat hunting strategies for a hyperconnected and SaaSy world
- LinkedIn Live: Implications of AI in a modern defense strategy
This segment is sponsored by Sumo Logic. Visit https://securityweekly.com/sumologicrsac to learn more about them!
Jawahar Sivasankaran currently serves as President of Cyware with more than 25 years of experience fostering security product innovation, growth leadership, and customer success at Cisco, Splunk, and Appgate. Most recently, as President and COO of Appgate, Jawahar led all go-to-market functions including sales, marketing, and customer success and served as a Section 16 public company officer.
Previously at Splunk, Jawahar played a key leadership role in transforming specialization sales for Splunk’s advanced security offerings, driving growth and customer intimacy. Before that, he held various leadership positions in go-to-market and product functions at Cisco. Over the past year, he has served as an advisor to leading consulting and private equity firms, including with Advent International as an Industry Operating Advisor. Jawahar is active in the startup ecosystem as an investor and advisor focused on scale-up activities.
As a technologist interested in disruptive cloud technologies, Chas joined Sumo Logic’s Cyber Security team with over 15 years in the field, consulting with many federal agencies on how to secure modern workloads. In the federal space, he spent time as an architect designing the Department of Commerce ESOC SIEM solution. He also worked at the NSA as a civilian conducting Red Team assessments and within the office of compliance and policy. Commercially, he has worked with MSSP practices and security consulting services for various fortune 500 companies. Chas also enjoys teaching Networking & Cyber Security courses as a Professor at the University of Maryland Global College.
Sergey Gorbaty is a security architect with over 15 years of experience securing both on-premise and cloud-based products. He currently serves as a Senior Principal Security Architect at Fastly, where he leads security improvements across a highly distributed fleet of compute and delivery services.
Sergey holds a Master’s degree in Information Security from Carnegie Mellon University. He is a co-author of several publications presented at Black Hat USA and holds multiple patents related to runtime analysis and securing JavaScript-based web applications.
Fernando Medrano is Deputy CISO at Fastly, where he leads global security strategy, architecture, and risk management for one of the internet’s most performance-critical platforms. With over two decades of experience spanning cloud-native environments, critical infrastructure, and Fortune 500 enterprises, he has built and led teams across all major security domains. Fernando has briefed both business and government leaders, offering a practical, forward-looking perspective on today’s most complex cybersecurity challenges. He holds a master’s degree in Information Security from Georgia Tech and executive leadership certifications from Emory and Stanford.
Identiverse 2025 is returning to Las Vegas, June 3-6. Hear from 250+ expert speakers and connect with 3,000+ identity security professionals across four days of keynotes, breakout sessions, and deep dives into the latest identity security trends. Plus, take part in hands-on workshops and explore the brand-new Non-Human Identity Pavilion. Register now and save 25% with code IDV25-SecurityWeekly at https://www.securityweekly.com/IDV2025
Adrian Sanabria
- FUNDING: Provided by the Security, Funded newsletter, issue #192 – Markets Don’t Do Conference Breaks
Vibe Check
Last week's vibe check asks, "What’s your take on the rise of vibe coding from a security perspective?"
The overwhelming answer was, "OK for MVPs, not production" (nevermind that the definition of an MVP is literally a 1.0 production product...)
Funding
- Persona, a US-based identity verification and anti-fraud platform for customer identities and account recovery, raised a $200.0M Series D from Founders Fund and Ribbit Capital
- Veza, a US-based data protection platform focused on identity and authorization, raised a $108.0M Series D from New Enterprise Associates (NEA)
- Minimus (formerly named Gutsy), an Israel-based secure-by-design container image platform, raised a $51.0M Seed from YL Ventures and Mayfield Fund
- UK-based Valarian is emerging from stealth with a $20M in total funding, lead by Scout Ventures. Their product, Valarian Defence, focuses on providing "compartmentalized systems for secure communication, compliance, and continuity"
- LayerX Security, an Israel-based remote browser isolation platform, raised a $11.0M Series A from Jump Capital
Acquisitions
- Protect AI, a US-based platform for securing artificial intelligence (AI) and machine learning (ML) workloads, was acquired by Palo Alto Networks for '$500M plus'. Protect AI had previously raised $108.5M in funding AND had done one acquisition itself (SydeLabs, which was doing AI red teaming). Cole Grolmus had some good thoughts on deal rationale.
- NEW PRODUCTS: LimaCharlie’s new MCP Server offering
First in the security space with an MCP offering, they claim!
- NEW TOOLS: Meta releases LlamaFirewall and a bunch of other AI-related open source security tools
- LlamaFirewall is a traditional (too soon to say this?) AI firewall; appears to be largely focused on input, where some commercial AI firewalls also inspect prompt output for data access control issues before returning it to the requestor
- AutoPatchBench, a "benchmark for AI-powered security fixes"
- A sensitive document classification framework that makes it easy to apply LLMs to preventing sensitive data exfil
- PromptGuard v2 model family for detecting and stopping prompt injection attacks (integrates with LlamaFirewall)
- CodeShield, which now integrates with LlamaFirewall, and does live blocking of insecure LLM code outputs <- aaahh, so LlamaFirewall DOES do output scanning
- New "cybersecurity defender reasoning evals", which they apparently worked on with Crowdstrike and will release soon
- Audio deepfake detection (an ML model shared only with trusted partners?!?)
WOW, that's a lot.
- INSIGHTS: Erik Bloch explores the state of AI for SOCs (via LinkedIn)
Some very interesting insights from Erik, who I'm trying to get on the podcast so we can go deeper on this topic.
- Everyone's doing things a little bit different when it comes to using AI/LLM to alleviate SOC pains
- Some products are cool, bring value, and these teams actually understand how SOCs work - others had unrealistic expectations and broke existing workflows
- No vendors had hard data to share on whether any of their approaches are actually working
- If "please and thank you" is costing OpenAI millions of extra dollars, imagine what AI-based SOC triage tools could do with thousands of alerts every day!
- Erik did some quick math and found that 3 vendors he talked to would charge $3m-$4m per year at the 1000 alerts per day rate.
On this post, I raised a question: "What if, instead of automating triage on alerts that are ultimately not important to the org, we focused on having less alerts? Is anyone focusing on alleviating alert fatigue by reducing the raw number of alerts?" and he referred me to a company called Alpha Level, so I'll be checking them out soon...
- STUDIES: Large Language Models, Small Labor Market Effects
I have some thoughts on this paper. There is a long version.
The short version is that I think this study was WAY early - Microsoft Copilot wasn't even a year old yet. As fast as this market is growing and moving, enterprises just can't move THAT fast. A year ago, no one I talked to was using GenAI internally. Now? They all are.
Looking forward to the next studies on how AI is impacting productivity and jobs (which aren't necessarily the same thing!)
- TRENDS: Warmly CEO: “Do 30% more with AI, or you’re underperforming”
An interesting counterpoint to the study we've got to talk about this week...
- ESSAYS: The Detection Opportunity Cost
- ESSAYS: Why Prompts Are the New IOCs You Didn’t See Coming!
- ESSAY: AI-Powered Risk Analysis: Elevating Cybersecurity Insights
Goes well with my thoughts on "why is AI triaging garbage alerts instead of us getting rid of garbage alerts in the first place"
- ESSAYS: Are Puppies the New Booth Babes: What Do You Think?
- ANALYSIS: Signal v. Noise in the RSA Innovation Sandbox
Some great analysis on RSAC's Innovation Sandbox from Rami McCarthy and Mike Privette
- LEGAL: Ex-Disney Worker Who Hacked Menus Gets 3 Years in Prison
We get to close the loop on a few stories. One sad, one happy!
This is the sad one.
LESSON: Don't get angry and do stupid retaliatory stuff against your ex-employer when you get fired.
- SQUIRREL: Tears of joy as Valerie the runaway dachshund finally reunited with owners
Our other story we get to wrap up.
This is the happy one!
