Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Ep. 62 - Zero Trust Breaks Against MCP: Why "Verified" No Longer Means Safe

Most enterprises assume their Zero Trust architecture covers their AI agents. It doesn't. Hosts Tova Dvorin and Adrian Culley break down why zero trust breaks against the Model Context Protocol (MCP)—and why "verified" no longer means "safe." They unpack trust decay, the WhatsApp and GitHub MCP exploits, rug-pull tool poisoning, CVE-2025-49596, and the rise of "zero standing trust," then close with three moves for CISOs this quarter: inventory your MCP estate, mandate authentication, and validate your controls.

Claude Fable 5 and the New Reality of AI-Enabled Third-Party Risk

Anthropic recently announced the release of Claude Fable 5, a public version of its more powerful Mythos AI model. Technology that was previously only accessible to a select few organizations is now available to businesses at an enterprise level. AI vendors are building the guardrails while threat actors are studying their attack vectors. Essentially, we are giving the keys to the AI world to businesses and hoping the guardrails hold steady. Security teams need to prepare even faster now.

Beyond Prevention: Frontier AI and the Shift to Cyber Resilience

Frontier AI is compressing the time between vulnerability discovery and exploitation, making reactive security strategies harder to sustain. In this webinar, Roland Cloutier (Former CISO of of ByteDance & TikTok, ADP, and EMC) and Gabi Reish discuss how security leaders can move beyond patching everything to prioritize real risk, measure cyber readiness, and communicate security posture to the board.

Securing Your AI Agents: Today's New Data Threat

AI agents are already inside your company - reading files, calling APIs, executing code. Most of them were never approved by security. In this session, Nightfall AI walks through exactly how agents become an attack surface: prompt injection, malicious MCP servers, credential exfiltration, and more.

Grounding the AI SOC: The Context Graph Problem

See how Torq harnesses AI in your SOC to detect, prioritize, and respond to threats faster. Request a Demo David Melamed is Head of Emerging Technologies at Torq. He joined through Torq’s acquisition of Jit, which he co-founded and led as CTO since 2020, building agentic security on a production Context Graph. A cloud security veteran with 20+ years of experience, David previously held senior technical roles at Cisco (via the CloudLock acquisition) and MyHeritage.

Our AI Agent Now Has a Security Conscience: Introducing the JFrog Plugin for Claude Code

AI coding agents are changing the pace of software development. With tools like Claude Code, developers can move from idea to implementation faster than ever, generating code, exploring unfamiliar repositories, refactoring services, and turning plain-language intent into working software. That speed is powerful. But speed without governance = risk. It also creates a new challenge: how can you govern what an AI agent builds, suggests, and pulls in from the internet?

This 'caveman' trick will slash your AI costs #ai #tokeneconomics #trending

One simple prompt change, asking an AI to respond like a caveman with shorter sentences and fewer words, reportedly cut token spend by 75 percent. It is a funny example, but it points to a bigger issue, AI efficiency and cost control will matter far more as usage spreads.

Looks Can Be Deceiving: Silent Overwrite of Agent Skills

Agent skills are the newest piece of plumbing quietly making its way onto developer machines. They're easy to install, they get to call into the user's tools on the agent's behalf, and once they're in place they tend to stay in place. While auditing the popular installer vercel-labs/skills, we saw several ways a bad actor can make the tool install something other than what the user thought they were installing.

Salt Code

AI is writing more enterprise code than ever. The problem? AI coding assistants aren’t trained on your internal security policies, compliance requirements, or industry frameworks. The solution? Salt Code, the first agentic security solution to enforce security policies inside AI coding assistants. Salt Code brings policy-driven security to the moment code is created, helping developers generate compliant code by default from prompt to production.