Full episode and show notes

Hardware-level zero trust, don’t trust AI with your employees, and the news – Matias Katz, J Wolfgang Goerlich – ESW #446

Segment 1: Interview with Mathias Katz What if you had enterprise-grade network security protections traveling with your users’ laptops? What if it could be built into the laptop, but still stay safe even if the laptop OS and firmware were entirely compromised? Mathias and his company, Byos have built such a thing, and BOY do we have some questions for him. Segment 2: Interview with Wolfgang Goerlich Addressing the nuanced, nefarious threats of AI Sure, we need to worry about AI prompt injection and AI data leakage, but what about the threats to our BRAINS? Seriously, as we start to have daily conversations with this technology, how are they going to shape how we think? What inherent biases ...

Full Segment Notes

Segment 1: Interview with Mathias Katz

What if you had enterprise-grade network security protections traveling with your users' laptops? What if it could be built into the laptop, but still stay safe even if the laptop OS and firmware were entirely compromised?

Mathias and his company, Byos have built such a thing, and BOY do we have some questions for him.

Segment 2: Interview with Wolfgang Goerlich

Addressing the nuanced, nefarious threats of AI

Sure, we need to worry about AI prompt injection and AI data leakage, but what about the threats to our BRAINS? Seriously, as we start to have daily conversations with this technology, how are they going to shape how we think? What inherent biases in the training, fine tuning, guardrails, or lack of guardrails are going to affect our decisions or how we work?

Wolfgang is concerned about this, so he performed a human/AI experiment. With almost 1000 people partaking in the experiment, the results are sure to be intriguing.

Segment 3: This week's enterprise security news

Finally, in the enterprise security news,

  1. survey results on how folks are feeling about openclaw
  2. some hidden drama discovered in KEV updates
  3. some new KEV tools
  4. is AI replacing traditional code scanning tools?
  5. remote code execution in notepad
  6. no, not notepad++, NOTEPAD.EXE
  7. you know, the one that ships preinstalled on Windows
  8. the RSAC innovation sandbox finalists
  9. dealing with legacy vulnerabilities
  10. Don't accept OpenClaw Mac Minis from strangers!

All that and more, on this episode of Enterprise Security Weekly.

Guests
CEO at Byos

Matias Katz is the Founder and CEO of Byos, where he leads a team building hardware-enforced zero trust security devices for the US defense and intelligence community. A former hacker turned entrepreneur, Matias founded his first cybersecurity company in 2008, providing purple team solutions to enterprises and government entities across Latin America. He is a published author, international speaker, and has presented at major security conferences including Black Hat USA, Hack In Paris, and RootedCON. He also founded Andsec Security Conference in Buenos Aires, which grew to 1,500 attendees before its final edition in 2017.

At Byos, the team has built a microsegmentation platform that provides edge networking protection, asset invisibility, and secure resource access without requiring network redesigns. Built for zero trust networking, Byos seamlessly integrates with existing devices, reducing risk across critical infrastructure sectors including defense, manufacturing, healthcare, energy, and financial services. The company serves customers across the US federal government and Department of Defense.

CISO at Oakland County, Michigan
https://jwgoerlich.com

I’ve spent my career immersed in solving the constant and ever evolving challenge of cybersecurity. The constant change and evolution always keeps it interesting. Right now I’m defining security models for LLM. In the past, l’ve co-led the industry charge towards securing cloud, putting the Sec in DevOps, and making Zero trust deployable and manageable for enterprises of every size. I’m an IANS Al, Zero Trust, and Security Leadership expert and you’ll find me speaking as well as listening at conferences.

Leader, coach, mentor, manager, tinker, tailor, soldier, spy.

Announcements

  • Security Weekly listeners save $100 on their RSAC 2026 All Access Pass! RSAC 2026 Conference will take place March 23rd to March 26th in San Francisco. To register using our discount code, please visit securityweekly.com/rsac26 and use the code 56U5SECWEEKLY! We hope to see you there!

  • Most security conferences talk about threats. Zero Trust World lets you attack them. From March 4th to 6th, 2026 in Orlando, Florida, this hands-on cybersecurity event features live hacking labs where you’ll break real environments, think like an adversary, and learn how attacks really work. You’ll also get expert sessions, real-world case studies, CPE credits, and networking with top practitioners. And yes — the Security Weekly team will be there too. Don’t miss it! Register today at securityweekly.com/ZTW.

List of Articles

Adrian Sanabria

  1. FUNDING/M&A courtesy of the Security, Funded newsletter issue #230 – The One Vendor to Rule Them All

    VIBE CHECK

    How are we feeling about OpenClaw and Moltbook, fam?

    • 32% - Fun to play with, but never in a company
    • 26% - Exciting, and I can't stop monitoring the situation
    • 16% - Crypto scams all the way down
    • 16% - OpenClaw? Is that a hippie Red Lobster?
    • 11% - Scared and I have to brief my execs/board on it

    “Boil it and serve it with hushpuppies, but don't let it near the domain controllers!”

    FUNDING

    • RAPIDFORT, a United States-based software supply chain security platform for container workloads, raised a $42.0M Series A from Blue Cloud Ventures and Forgepoint Capital.
    • Orion Security, an Israel-based data security posture management (DSPM) platform, raised a $32.0M Series A from Norwest.
    • Nullify, an Australia-based autonomous product security engineering (APSE) platform, raised a $12.0M Seed from SYN Ventures.

    ACQUISITIONS

    • Qoria, an Australia-based digital safety and Internet security platform for schools, was acquired by Aura for $675.0M. Qoria has not previously disclosed any funding events.
    • AllTrue.ai, a Canada-based AI governance and risk management platform, was acquired by Varonis Systems for $150.0M. AllTrue.ai has not previously disclosed any funding events.
    • MightyID, a United States-based backup and recovery platform for IAM systems and identity migrations, was acquired by Semperis for an undisclosed amount. MightyID has not previously disclosed any funding events.
    • SquareX, a Singapore-based remote browser isolation platform, was acquired by Zscaler for an undisclosed amount. SquareX had previously raised $26.0M in funding.
  2. FREE TOOLS: Making the CISA KEV actionable for real-world risk
  3. FREE TOOLS: KeygraphHQ/shannon: Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark.
  4. DUMPSTER FIRES: CVE-2026-20841 – Security Update Guide – Microsoft – Windows Notepad App Remote Code Execution Vulnerability

    An RCE in Notepad? NOTEPAD? Is nothing sacred???

  5. RSAC SEASON: Finalists Announced for RSAC Innovation Sandbox Contest 2026

    The finalists include:

    1. Charm Security: an Agentic AI Workforce purpose-built to prevent and resolve scams, social engineering, and human-centric fraud
    2. Clearly AI: helps teams ship secure software fast by replacing manual work with AI-powered reviews
    3. Crash Override: embeds in CI/CD to capture build execution data that APIs can't access, prove what's deployed with automated SLSA Level-2 compliance, complete provenance tracking, and certificate management before production impact
    4. Fig Security: Security Operations Resilience —keeping detection and response working through constant change
    5. Geordie AI: a security and governance platform purpose-built for AI agents
    6. Glide Identity: a next-generation authentication platform built for the AI era
    7. Humanix.ai is designed to stop social engineering attacks. Using conversational AI trained on cognitive psychology, Humanix detects and responds to attacks on people—manipulation, deception, and impersonation—as they happen.
    8. Realm Lab's mission is to make AI applications trustworthy, reliable, and safe
    9. Token Security accelerates secure enterprise Agentic AI adoption by discovering, managing, and governing every AI agent and non-human identity
    10. ZeroPath is a code security tool that replaces traditional SAST, SCA, Secrets, and IaC stacks with a single, AI-native engine
  6. ESSAYS: Cybersecurity predictions for 2026
  7. LEGACY VULNS: Reducing the Attack Surface for End-of-Support Edge Devices
  8. LEGACY VULNS: Windows’ original Secure Boot certificates expire in June—here’s what you need to do
  9. STATE OF AI: What Happens When CFOs Get Serious About Gen AI
  10. TRENDS: Anthropic’s newest AI model uncovered 500 zero-day software flaws in testing

    More and more, it's looking like GenAI might become the new standard for code scanning. I've got to think the ASPM/AppSec vendors out there are getting nervous.

    One thing that seems difficult to find: what is it going to cost? Will it be cheaper than the bug bounties paid out? In other words, will security researchers be able to cover their AI token costs with the bug awards they receive?

  11. RESEARCH: The Noise in the Silence: Unmasking CISA’s Hidden KEV Ransomware Updates

    A fascinating insight and very relevant to the RSA talk I'm giving with Adam Shostack, making the case for breach transparency.

  12. SQUIRREL: US Military show down party balloon after assessing as drone

Ayman Elsawah

  1. Remote Access To OpenClaw everywhere – what could go wrong?!
Show More

Stay in the Know, No Smoke and Mirrors – Join Our Newsletter

Get expert insights and technical breakdowns straight to your inbox.
Join Now

You can skip this ad in 5 seconds