The 2025 CSA and Google Cloud survey reveals a widening gap between the "haves" and "have-nots" of AI readiness, identifying formal governance as the critical "maturity multiplier" that allows organizations to innovate faster while staying secure. Contrary to historical trends where security functions lagged behind new technology, security teams have emerged as early adopters, with over 90% actively testing or planning to use AI for critical tasks like threat detection and red teaming. As enterprises navigate complex multi-model strategies and vendor consolidation, the report emphasizes that operationalizing policies today is the only way to avoid "shadow AI" and successfully transition from pilot programs to production.
 
Sponsor:
https://vibehack.dev
https://cloudassess.vibehack.dev
https://www.cisomarketplace.services 

As AI agents move from experimental pilots to production via the Model Context Protocol (MCP), they introduce a fundamental architectural shift where Large Language Models sit at the center of security-critical decisions. This episode unpacks the Coalition for Secure AI’s comprehensive framework, exploring twelve core threat categories that range from novel vectors like tool poisoning and shadow servers to the "confused deputy" problem. Tune in to learn why traditional perimeter defenses are insufficient and how to implement defense-in-depth strategies, including cryptographic identity propagation, hardware-based isolation, and zero-trust validation for AI outputs
https://cisomarketplace.com/blog/ai-agent-security-crisis-mcp-vulnerabilities
 
https://www.coalitionforsecureai.org/securing-the-ai-agent-revolution-a-practical-guide-to-mcp-security
Whitepaper: https://github.com/cosai-oasis/ws4-secure-design-agentic-systems/blob/mcp/model-context-protocol-security.md
 
Sponsors: 
https://vibehack.dev
www.cisomarketplace.services 
 

This episode explores the Department of War's strategic pivot to "Agentic Warfare," where proactive AI systems evolve from passive tools into digital staff officers capable of executing complex workflows rather than just generating text. We discuss how commanders are shifting from "in the loop" controllers to "on the loop" mission directors, overseeing a "planning multiverse" that runs millions of simulations to "self-heal" operational plans in real time. Finally, we examine the critical race for "decision advantage," arguing that the ability to out-think adversaries with "force guided by foresight" has replaced mass as the primary mechanism of modern deterrence.
https://cisomarketplace.com/blog/pentagon-ai-strategy-defense-startups-innovation-shakeup
https://scale.com/agentic-warfare
 
Sponsor:
www.cisomarketplace.services
www.breached.company 

This series explores the Cyber Threat Intelligence Capability Maturity Model (CTI-CMM), a stakeholder-first framework designed to help intelligence programs support the specific decisions and actions of those protecting the organization. We guide listeners through the model’s eleven distinct domains and the cyclical five-step implementation process—Prepare, Assess, Plan, Deploy, and Measure—to transition teams from reactive, ad hoc practices to standardized, predictive operations. By analyzing specific use cases and maturity indicators, we demonstrate how to evolve metrics from simply counting effort to quantifying systemic impact and business value.
www.breached.company/briefing-the-cyber-threat-intelligence-capability-maturity-model-cti-cmm
 
Sponsors: 
www.breached.company
www.cisomarketplace.com 

Transnational cybercrime has evolved into a globally distributed ecosystem where identity is now "synthetic, scalable and weaponizable" due to the proliferation of deepfakes and camera injection tools targeted at digital verification systems. To counter this, the Cybercrime Atlas fosters global collaboration to map criminal infrastructure and identify technical "choke points," a strategy validated by the Serengeti operations which resulted in thousands of arrests and the seizure of $140 million in criminal funds. Simultaneously, experts recommend that institutions implement multi-layered defenses—such as trusted camera source controls and active liveness checks—to harden Know Your Customer (KYC) processes against the democratized threat of AI-generated impersonation.
https://initiatives.weforum.org/cybercrime-atlas/home
www.scamwatchhq.com/your-voice-your-face-your-money-the-terrifying-rise-of-ai-powered-scams-in-2026
 
Sponsors:
www.securitybydesign.shop
SECURE15 - 15% off cybersecurity swag
www.generatepolicy.com
CISO30  - 30% OFF for first-time buyers

This episode explores the newly drafted Cyber AI Profile, a guide designed by the National Institute of Standards and Technology (NIST) to help organizations manage the complex intersection of artificial intelligence and cybersecurity. We break down the three primary focus areas—Secure, Defend, and Thwart—which provide a structured approach to protecting AI system components, leveraging AI for defensive operations, and building resilience against AI-powered threats. Listeners will learn how this Profile integrates with the existing NIST Cybersecurity Framework (CSF) 2.0 to offer prioritized outcomes and considerations for organizations at any stage of their AI journey.
 
Sponsors:
www.cisomarketplace.com
www.airiskassess.com
compliance.airiskassess.com
 

The International Monetary Fund (IMF) actively strengthens the global financial system by evaluating national cyber frameworks through the Financial Sector Assessment Program (FSAP) and providing demand-driven Technical Assistance to address increasingly sophisticated threats. Effective regulation requires a delicate balance between principles-based flexibility and prescriptive rules, while ensuring that supervisory intensity is proportionate to an institution's size and systemic importance. However, because the financial sector is an interconnected chain, regulators must ensure that even small institutions maintain a baseline of security to prevent them from becoming the "weakest link" that triggers a systemic crisis.
www.securitycareers.help/good-practices-in-cyber-risk-regulation-and-supervision
 
Sponsors:
www.cisomarketplace.com
www.cisomarketplace.services 

This episode examines how Artificial Intelligence and quantum computing have transitioned from frontier concepts to systemic forces that are fundamentally reshaping geostrategic competition and the nature of modern warfare. We investigate the critical milestone of "Q-Day," the point where the deployment of Shor's algorithm threatens to collapse the cryptographic foundations of digital trust, alongside the risks of automated military escalation driven by AI. Lastly, we explore the potential for a "quantum arms race" and the widening "quantum divide" that could leave entire regions behind in a new, bifurcated global order.
www.breached.company/global-risks-report-2026-key-insights-and-analysis
 
Sponsors:
www.quantumsecurity.ai
www.cisomarketplace.com
www.breached.company