Mechanical Keyboard bathed in pink light!

Photo by Padraig Treanor on Unsplash

I’ve always wished that February was cybersecurity awareness month. It’s the shortest month, an inconsistent month, and a month with several pronunciations -– all the attributes of security guidance!

But it also has a day that celebrates love. Like a love for secure code.

So, whether you have a type, whether your love is constant or variable, and whatever language you use, don’t put your trust into some Zodiac star sign,

Base it on principles from secure by design.

Focusing on Proactive Controls in the Face of LLM-Assisted Malware (ep. 368)

Everyone is turning to LLMs to generate code, including attackers. Thus, it’s no great surprise that there are now examples of malware generated by LLMs. We discuss the implications of more malware with Rob Allen and what it means for orgs that want to protect themselves from ransomware.

This was a sponsored interview.

Bringing Strong Authentication and Granular Authorization To GenAI (ep. 369)

When it comes to agents and MCPs, the interesting security discussion isn’t that they need strong authentication and authorization, but what that authn/z story should look like. Where does it get implemented? Who implements it? What standards does it rely on? Dan Moore shares the useful parallels in securing APIs that should be brought into the world of MCPs — especially because so many of them are still interacting with APIs.

AppSec News about LLMs Writing & Analyzing Secure Code (ep. 370)

One premise of appsec is figuring out effective ways to answer, “What security flaws are in this code?”

The nature of the question doesn’t really change depending on who or what wrote the code. In other words, LLMs generating code really just means there’s mode code to secure. So, what about using LLMs to find security flaws? Just how effective and efficient are they?

We talked with Adrian Sanabria and John Kinsella about the latest appsec articles that show a range of results from finding memory corruption bugs in open source software to spending an inordinate amount of manual effort validating persuasive, but ultimately incorrect, security findings from an LLM.

Helping Users with Practical Advice to Protect their Digital Devices (ep. 371)

Journalists put a lot of effort into collecting information and protecting their sources, but everyone can benefit from having a digital environment that’s more secure and more privacy protecting.

Runa Sandvik shares her experience working with journalists and targeted groups to craft plans for how they use their devices and manage their information. She makes the point that the burden of security should not be just for users — platforms and software providers must be evaluating secure defaults and secure designs that improve protections for everyone.

Subscribe to catch these episodes and more! Then go check out the previous recap.