Best MLSecOps Podcasts (2025)

1
Holistic AI Pentesting Playbook 49:23

Play Pause

1d ago49:23

49:23

Send us a text Jason Haddix, CEO of Arcanum Information Security, joins the MLSecOps Podcast to share his methods for assessing and defending AI systems. Full transcript, video, and links to episode resources available at https://mlsecops.com/podcast/holistic-ai-pentesting-playbook. Thanks for checking out the MLSecOps Podcast! Get involved with th…

1
EP229 Beyond the Hype: Debunking Cloud Breach Myths (and What DBIR Says Now) 35:05

6d ago35:05

35:05

Guest: Alex Pinto, Associate Director of Threat Intelligence, Verizon Business, Lead the Verizon Data Breach Report Topics: How would you define “a cloud breach”? Is that a real (and different) thing? Are cloud breaches just a result of leaked keys and creds? If customers are responsible for 99% of cloud security problems, is cloud breach really ab…

1
EP228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines 27:09

13d ago27:09

27:09

Guest Alan Braithwaite, Co-founder and CTO @ RunReveal Topics: SIEM is hard, and many vendors have discovered this over the years. You need to get storage, security and integration complexity just right. You also need to be better than incumbents. How would you approach this now? Decoupled SIEM vs SIEM/EDR/XDR combo. These point in the opposite dir…

1
EP227 AI-Native MDR: Betting on the Future of Security Operations? 23:58

20d ago23:58

23:58

Guests: Eric Foster, CEO of Tenex.AI Venkata Koppaka, CTO of Tenex.AI Topics: Why is your AI-powered MDR special? Why start an MDR from scratch using AI? So why should users bet on an “AI-native” MDR instead of an MDR that has already got its act together and is now applying AI to an existing set of practices? What’s the current breakdown in labor …

1
AI Agent Security: Threats & Defenses for Modern Deployments 31:39

25d ago31:39

31:39

Send us a text Researchers Yifeng (Ethan) He and Peter Rong join host Madi Vorbrich to break down their paper "Security of AI Agents." They explore real-world AI agent threats, like session hijacks and tool-based jailbreaks, and share practical defenses, from sandboxing to agent-to-agent protocols. Full transcript with links to resources available …

1
EP226 AI Supply Chain Security: Old Lessons, New Poisons, and Agentic Dreams 24:39

27d ago24:39

24:39

Guest: Christine Sizemore, Cloud Security Architect, Google Cloud Topics: Can you describe the key components of an AI software supply chain, and how do they compare to those in a traditional software supply chain? I hope folks listening have heard past episodes where we talked about poisoning training data. What are the other interesting and unexp…

1
Autonomous Agents Beyond the Hype 24:02

1M ago24:02

24:02

Send us a text Part 2 with Gavin Klondike dives into autonomous AI agents—how they really work, the attack paths they open, and practical defenses like least-privilege APIs and out-of-band auth. A must-listen roadmap for anyone building—or defending—the next generation of AI applications. Full transcript with links to resources available at https:/…

1
EP225 Cross-promotion: The Cyber-Savvy Boardroom Podcast: EP2 Christian Karam on the Use of AI 24:46

1M ago24:46

24:46

Hosts: David Homovich, Customer Advocacy Lead, Office of the CISO, Google Cloud Alicja Cade, Director, Office of the CISO, Google Cloud Guest: Christian Karam, Strategic Advisor and Investor Resources: EP2 Christian Karam on the Use of AI (as aired originally) The Cyber-Savvy Boardroom podcast site The Cyber-Savvy Boardroom podcast on Spotify The C…

1
EP224 Protecting the Learning Machines: From AI Agents to Provenance in MLSecOps 30:40

1M ago30:40

30:40

Guest: Diana Kelley, CSO at Protect AI Topics: Can you explain the concept of "MLSecOps" as an analogy with DevSecOps, with 'Dev' replaced by 'ML'? This has nothing to do with SecOps, right? What are the most critical steps a CISO should prioritize when implementing MLSecOps within their organization? What gets better when you do it? How do we adap…

1
EP223 AI Addressable, Not AI Solvable: Reflections from RSA 2025 31:37

1M ago31:37

31:37

Guests: no guests, just us in the studio Topics: At RSA 2025, did we see solid, measurably better outcomes from AI use in security, or mostly just "sizzle" and good ideas with potential? Are the promises of an "AI SOC" repeating the mistakes seen with SOAR in previous years regarding fully automated security operations? Does "AI SOC" work according…

1
Beyond Prompt Injection: AI’s Real Security Gaps 26:02

2M ago26:02

26:02

Send us a text In Part 1 of this two-part MLSecOps Podcast, Principal Security Consultant Gavin Klondike joins Dan and Marcello to break down the real threats facing AI systems today. From prompt injection misconceptions to indirect exfiltration via markdown and the failures of ML Ops security practices, Gavin unpacks what the industry gets wrong—a…

1
EP222 From Post-IR Lessons to Proactive Security: Deconstructing Mandiant M-Trends 35:19

2M ago35:19

35:19

Guests: Kirstie Failey @ Google Threat Intelligence Group Scott Runnels @ Mandiant Incident Response Topics: What is the hardest thing about turning distinct incident reports into a fun to read and useful report like M-Trends? How much are the lessons and recommendations skewed by the fact that they are all “post-IR” stories? Are “IR-derived” secur…

1
EP221 Special - Semi-Live from Google Cloud Next 2025: AI, Agents, Security ... Cloud? 30:26

2M ago30:26

30:26

Guests: No guests [Tim in Vegas and Anton remote] Topics: So, another Next is done. Beyond the usual Vegas chaos, what was the overarching security theme or vibe you [Tim] felt dominated the conference this year? Thinking back to Next '24, what felt genuinely different this year versus just the next iteration of last year's trends? Last year, we po…

1
What’s Hot in AI Security at RSA Conference 2025? 24:14

2M ago24:14

24:14

Send us a text What’s really hot at RSA Conference 2025? MLSecOps Community Manager Madi Vorbrich sits down with Protect AI Co‑Founder Daryan “D” Dehghanpisheh for a rapid rundown of must‑see sessions, booth events, and emerging AI‑security trends—from GenAI agents to zero‑trust AI and million‑model scans. Use this episode to build a bullet‑proof R…

1
EP220 Big Rewards for Cloud Security: Exploring the Google VRP 29:13

2M ago29:13

29:13

Guests: Michael Cote, Cloud VRP Lead, Google Cloud Aadarsh Karumathil, Security Engineer, Google Cloud Topics: Vulnerability response at cloud-scale sounds very hard! How do you triage vulnerability reports and make sure we’re addressing the right ones in the underlying cloud infrastructure? How do you determine how much to pay for each vulnerabili…

1
Unpacking the Cloud Security Alliance AI Controls Matrix 35:53

2M ago35:53

35:53

Send us a text In this episode of the MLSecOps Podcast, we sit down with three expert contributors from the Cloud Security Alliance’s AI Controls Matrix working group. They reveal how this newly released framework addresses emerging AI threats—like model poisoning and adversarial manipulation—through robust technical controls, detailed implementati…

1
EP219 Beyond the Buzzwords: Decoding Cyber Risk and Threat Actors in Asia Pacific 31:46

2M ago31:46

31:46

Guest: Steve Ledzian, APAC CTO, Mandiant at Google Cloud Topics: We've seen a shift in how boards engage with cybersecurity. From your perspective, what's the most significant misconception boards still hold about cyber risk, particularly in the Asia Pacific region, and how has that impacted their decision-making? Cybersecurity is rife with jargon.…

1
EP218 IAM in the Cloud & AI Era: Navigating Evolution, Challenges, and the Rise of ITDR/ISPM 30:10

2M ago30:10

30:10

Guest: Henrique Teixeira, Senior VP of Strategy, Saviynt, ex-Gartner analyst Topics: How have you seen IAM evolve over the years, especially with the shift to the cloud, and now AI? What are some of the biggest challenges and opportunities these two shifts present? ITDR (Identity Threat Detection and Response) and ISPM (Identity Security Posture Ma…

1
From Pickle Files to Polyglots: Hidden Risks in AI Supply Chains 41:21

2M ago41:21

41:21

Send us a text Join Keith Hoodlet from Trail of Bits as he dives into AI/ML security, discussing everything from prompt injection and fuzzing techniques to bias testing and compliance challenges. Full transcript with links to resources available at https://mlsecops.com/podcast/from-pickle-files-to-polyglots-hidden-risks-in-ai-supply-chains Thanks f…

1
EP217 Red Teaming AI: Uncovering Surprises, Facing New Threats, and the Same Old Mistakes? 23:11

3M ago23:11

23:11

Guest: Alex Polyakov, CEO at Adversa AI Topics: Adversa AI is known for its focus on AI red teaming and adversarial attacks. Can you share a particularly memorable red teaming exercise that exposed a surprising vulnerability in an AI system? What was the key takeaway for your team and the client? Beyond traditional adversarial attacks, what emergin…

1
EP216 Ephemeral Clouds, Lasting Security: CIRA, CDR, and the Future of Cloud Investigations 31:43

3M ago31:43

31:43

Guest: James Campbell, CEO, Cado Security Chris Doman, CTO, Cado Security Topics: Cloud Detection and Response (CDR) vs Cloud Investigation and Response Automation(CIRA) ... what’s the story here? There is an “R” in CDR, right? Can’t my (modern) SIEM/SOAR do that? What about this becoming a part of modern SIEM/SOAR in the future? What gets better w…

1
Rethinking AI Red Teaming: Lessons in Zero Trust and Model Protection 36:52

3M ago36:52

36:52

Send us a text Full transcript with links to resources available at https://mlsecops.com/podcast/rethinking-ai-red-teaming-lessons-in-zero-trust-and-model-protection This episode is a follow up to Part 1 of our conversation with returning guest Brian Pendleton, as he challenges the way we think about red teaming and security for AI. Continuing from…

1
EP215 Threat Modeling at Google: From Basics to AI-powered Magic 26:03

3M ago26:03

26:03

Guest: Meador Inge, Security Engineer, Google Cloud Topics: Can you walk us through Google's typical threat modeling process? What are the key steps involved? Threat modeling can be applied to various areas. Where does Google utilize it the most? How do we apply this to huge and complex systems? How does Google keep its threat models updated? What …

1
AI Security: Map It, Manage It, Master It 41:18

3M ago41:18

41:18

Send us a text Full transcript with links to resources available at https://mlsecops.com/podcast/ai-security-map-it-manage-it-master-it In part one of our two-part MLSecOps Podcast episode, security veteran Brian Pendleton takes us from his early hacker days to the forefront of AI security. Brian explains why mapping every AI integration is essenti…

1
EP214 Reconciling the Impossible: Engineering Cloud Systems for Diverging Regulations 29:22

3M ago29:22

29:22

Guest: Archana Ramamoorthy, Senior Director of Product Management, Google Cloud Topics: You are responsible for building systems that need to comply with laws that are often mutually contradictory. It seems technically impossible to do, how do you do this? Google is not alone in being a global company with local customers and local requirements. Ho…

1
Agentic AI: Tackling Data, Security, and Compliance Risks 23:22

3M ago23:22

23:22

Send us a text Full transcript with links to resources available at https://mlsecops.com/podcast/agentic-ai-tackling-data-security-and-compliance-risks Join host Diana Kelley and CTO Dr. Gina Guillaume-Joseph as they explore how agentic AI, robust data practices, and zero trust principles drive secure, real-time video analytics at Camio. They discu…

1
EP213 From Promise to Practice: LLMs for Anomaly Detection and Real-World Cloud Security 28:01

3M ago28:01

28:01

Guest: Yigael Berger, Head of AI, Sweet Security Topic: Where do you see a gap between the “promise” of LLMs for security and how they are actually used in the field to solve customer pains? I know you use LLMs for anomaly detection. Explain how that “trick” works? What is it good for? How effective do you think it will be? Can you compare this to …

1
AI Vulnerabilities: ML Supply Chains to LLM and Agent Exploits 24:08

4M ago24:08

24:08

Send us a text Full transcript with links to resources available at https://mlsecops.com/podcast/ai-vulnerabilities-ml-supply-chains-to-llm-and-agent-exploits Join host Dan McInerney and AI security expert Sierra Haex as they explore the evolving challenges of AI security. They discuss vulnerabilities in ML supply chains, the risks in tools like Ra…

1
EP212 Securing the Cloud at Scale: Modern Bank CISO on Metrics, Challenges, and SecOps 33:16

4M ago33:16

33:16

Guest: Dave Hannigan, CISO at Nu Bank Topics: Tell us about the challenges you're facing as CISO at NuBank and how are they different from your past life at Spotify? You're a big cloud based operation - what are the key challenges you're tracking in your cloud environments? What lessons do you wish you knew back in your previous CISO run [at Spotif…

1
EP211 Decoding the Underground: Google's Dual-Lens Threat Intelligence Magic 26:02

4M ago26:02

26:02

Guest: Kimberly Goody, Head of Intel Analysis and Production, Google Cloud Topics: Google's Threat Intelligence Group (GTIG) has a unique position, accessing both underground forum data and incident response information. How does this dual perspective enhance your ability to identify and attribute cybercriminal campaigns? Attributing cyberattacks w…

1
Implementing Enterprise AI Governance: Balancing Ethics, Innovation & Risk for Business Success 38:39

4M ago38:39

38:39

Send us a text Full transcript with links to resources available at https://mlsecops.com/podcast/implementing-a-robust-ai-governance-framework-for-business-success In this episode of the MLSecOps podcast, host Charlie McCarthy sits down with Chris McClean, Global Lead for Digital Ethics at Avanade, to explore the world of responsible AI governance.…

1
EP210 Cloud Security Surprises: Real Stories, Real Lessons, Real "Oh No!" Moments 26:58

4M ago26:58

26:58

Guest: Or Brokman, Strategic Google Cloud Engineer, Security and Compliance, Google Cloud Topics: Can you tell us about one particular cloud consulting engagement that really sticks out in your memory? Maybe a time when you lifted the hood, so to speak, and were absolutely floored by what you found – good or bad! In your experience, what's that one…

1
Unpacking Generative AI Red Teaming and Practical Security Solutions 51:53

4M ago51:53

51:53

Send us a text Full transcript with links to resources available at https://mlsecops.com/podcast/unpacking-generative-ai-red-teaming-and-practical-security-solutions In this episode, we explore LLM red teaming beyond simple “jailbreak” prompts with special guest Donato Capitella, from WithSecure Consulting. You’ll learn why vulnerabilities live in …

1
EP209 vCISO in the Cloud: Navigating the New Security Landscape (and Don’t Forget Resilience!) 29:06

4M ago29:06

29:06

Guests: Beth Cartier, former CISO, vCISO, founder of Initiative Security Guest host of the CISO mini-series: Marina Kaganovich, Executive Trust Lead, Office of the CISO @ Google Cloud Topics: How is that vCISO’ing going? What is special about vCISO and cloud? Is it easier or harder? AI, cyber, resilience - all are hot topics these days. In the cont…

1
EP208 The Modern CISO: Balancing Risk, Innovation, and Business Strategy (And Where is Cloud?) 31:19

5M ago31:19

31:19

Guest host: Marina Kaganovich, Executive Trust Lead, Office of the CISO @ Google Cloud Guest: John Rogers, CISO @ MSCI Topics: Can you briefly walk us through your CISO career path? What are some of the key (cloud or otherwise) trends that CISOs should be keeping an eye on? What is the time frame for them? What are the biggest cloud security challe…

1
EP207 Slaying the Ransomware Dragon: Can a Startup Succeed? 32:55

5M ago32:55

32:55

Guest: Bob Blakley, Co-founder and Chief Product Officer of Mimic Topics: Tell us about the ransomware problem - isn't this a bit of old news? Circa 2015, right? What makes ransomware a unique security problem? What's different about ransomware versus other kinds of malware? What do you make of the “RansomOps” take (aka “ransomware is not malware”)…

1
EP206 Paying the Price: Ransomware's Rising Stakes in the Cloud 33:01

5M ago33:01

33:01

Guest: Allan Liska, CSIRT at Recorded Future, now part of Mastercard Topics: Ransomware has become a pervasive threat. Could you provide us with a brief overview of the current ransomware landscape? It's often said that ransomware is driven by pure profit. Can you remind us of the business model of ransomware gangs, including how they operate, thei…

1
EP205 Cybersecurity Forecast 2025: Beyond the Hype and into the Reality 28:19

5M ago28:19

28:19

Guest: Andrew Kopcienski, Principal Intelligence Analyst, Google Threat Intelligence Group Questions: You have this new Cybersecurity Forecast 2025 report, what’s up with that? We are getting a bit annoyed about the fear-mongering on “oh, but attackers will use AI.” You are a threat analyst, realistically, how afraid are you of this? The report dis…

1
EP204 Beyond PCAST: Phil Venables on the Future of Resilience and Leading Indicators 30:32

6M ago30:32

30:32

Guest: Phil Venables, Vice President, Chief Information Security Officer (CISO) @ Google Cloud Topics Why is our industry suddenly obsessed with resilience? Is this ransomware’s doing? How did the PCAST report come to be? Can you share the backstory and how it was created? The PCAST report emphasizes the importance of leading indicators for securit…

1
EP203 Cloud Shared Responsibility: Beyond the Blame Game with Rich Mogull 37:13

6M ago37:13

37:13

Guest: Rich Mogull, SVP of Cloud Security at Firemon and CEO at Securosis Topics: Let’s talk about cloud security shared responsibility. How to separate the blame? Is there a good framework for apportioning blame? You've introduced the Cloud Shared Irresponsibilities Model, stating cloud providers will be considered partially responsible for breach…

1
AI Security: Vulnerability Detection and Hidden Model File Risks 38:19

6M ago38:19

38:19

Send us a text In this episode of the MLSecOps Podcast, the team dives into the transformative potential of Vulnhuntr: zero shot vulnerability discovery using LLMs. Madison Vorbrich hosts Dan McInerney and Marcello Salvati to discuss Vulnhuntr’s ability to autonomously identify vulnerabilities, including zero-days, using large language models (LLMs…

1
EP202 Beyond Tiered SOCs: Detection as Code and the Rise of Response Engineering 37:09

6M ago37:09

37:09

Guest: Amine Besson, Tech Lead on Detection Engineering, Behemoth Cyberdefence Topics: What is your best advice on detection engineering to organizations who don’t want to engineer anything in security? What is the state of art when it comes to SOC ? Who is doing well? What on Earth is a fusion center? Why classic “tiered SOCs” fall flat when deali…

1
EP201 Every CTO Should Be a CSTO (Or Else!) - Transformation Lessons from The Hoff 36:57

7M ago36:57

36:57

Guest: Chris Hoff, Chief Secure Technology Officer at Last Pass Topics: I learned that you have a really cool title that feels very “now” - Chief Secure Technology Officer? What’s the story here? Weirdly, I now feel that every CTO better be a CSTO or quit their job :-) After, ahem, not-so-recent events you had a chance to rebuild a lot of your stac…

1
EP200 Zero Touch Prod, Security Rings, and Foundational Services: How Google Does Workload Security 27:38

7M ago27:38

27:38

Guest: Michael Czapinski, Security & Reliability Enthusiast, Google Topics: “How Google protects its production services” paper covers how Google's infrastructure balances several crucial aspects, including security, reliability, development speed, and maintainability. How do you prioritize these competing demands in a real-world setting? What atta…

1
EP199 Your Cloud IAM Top Pet Peeves (and How to Fix Them) 29:26

7M ago29:26

29:26

Guests: Michele Chubirka, Staff Cloud Security Advocate, Google Cloud Sita Lakshmi Sangameswaran, Senior Developer Relations Engineer, Google Cloud Topics: What is your reaction to “in the cloud you are one IAM mistake away from a breach”? Do you like it or do you hate it? Or do you "it depends" it? :-) Everyone's talking about how "identity is the…

1
EP198 GenAI Security: Unseen Attack Surfaces & AI Pentesting Lessons 27:22

7M ago27:22

27:22

Guests: Ante Gojsalic, Co-Founder & CTO at SplxAI Topics: What are some of the unique challenges in securing GenAI applications compared to traditional apps? What current attack surfaces are most concerning for GenAI apps, and how do you see these evolving in the future? Do you have your very own list of top 5 GenAI threats? Everybody seem to! What…

1
AI Governance Essentials: Empowering Procurement Teams to Navigate AI Risk 37:41

7M ago37:41

37:41

Send us a text Full transcript with links to resources available at https://mlsecops.com/podcast/ai-governance-essentials-empowering-procurement-teams-to-navigate-ai-risk. In this episode of the MLSecOps Podcast, Charlie McCarthy from Protect AI sits down with Dr. Cari Miller to discuss the evolving landscapes of AI procurement and governance. Dr. …

1
EP197 SIEM (Decoupled or Not), and Security Data Lakes: A Google SecOps Perspective 29:34

7M ago29:34

29:34

Guest: Travis Lanham, Uber Tech Lead (UTL) for Security Operations Engineering, Google Cloud Topics: There’s been a ton of discussion in the wake of the three SIEM week about the future of SIEM-like products. We saw a lot of takes on how this augurs the future of disassembled or decoupled SIEMs. Can you explain what these disassembled SIEMs are all…

1
Crossroads: AI, Cybersecurity, and How to Prepare for What's Next 33:15

8M ago33:15

33:15

Send us a text In this episode of the MLSecOps Podcast, Distinguished Engineer Nicole Nichols from Palo Alto Networks joins host and Machine Learning Scientist Mehrin Kiani to explore critical challenges in AI and cybersecurity. Nicole shares her unique journey from mechanical engineering to AI security, her thoughts on the importance of clear AI v…

1
EP196 AI+TI: What Happens When Two Intelligences Meet? 28:08

8M ago28:08

28:08

Guest: Vijay Ganti, Director of Product Management, Google Cloud Security Topics: What have been the biggest pain points for organizations trying to use threat intelligence (TI)? Why has it been so difficult to convert threat knowledge into effective security measures in the past? In the realm of AI, there's often hype (and people who assume “it’s …