As 2025 comes to a close, I wanted to rewind and recap the resources, conversations and takeaways from Resilient Cyber when it comes to the intersection of AI and Cybersecurity, an intersection that has and will continue to dominate discussions in the coming years.

I hope you find these resources as helpful and informative as I have!

Interested in sponsoring an issue of Resilient Cyber?

This includes reaching over 40,000 subscribers, ranging from Developers, Engineers, Architects, CISO’s/Security Leaders and Business Executives

Reach out below!

-> Contact Us! <-

Resilient Cyber w/ Greg Martin - Agentic AI and AppSec

I kicked the year off chatting with Greg Martin of Ghost Security, breaking down how and why AI is impacting AppSec and will drive a fundamental change in how we approach the category, from tooling, workflows and methodologies.

Greg and I chatted about a lot of great topics, including:

• The hype around Agentic AI and what makes AppSec in particular such a promising area and use case for AI to tackle longstanding AppSec challenges such as vulnerabilities, insecure code, backlogs, and workforce constraints.

• Greg’s experience as a multi-time founder, including going through acquisitions but what continues to draw him back to being a builder and operational founder.

• The challenges of historical AppSec tooling and why the time for innovation, new ways of thinking and leveraging AI is due.

• Whether we think AI will end up helping or hurting more in terms of defenders and attackers and their mutual use of this promising technology.

OWASP NHI Top 10

Prior to the rapid rise and excitement around Agentic AI in 2025, in January I laid out a comprehensive piece breaking down the OWASP Non Human Identity (NHI) Top 10.

It is estimated that for every 1,000 human users, companies have 10,000 non-human connections/credentials, or even 10-50x the number of human identities in the organization.

The OWASP NHI Top 10 is a great resource for helping organization tackle risks associated with NHI’s, and Agentic identities as well.

Resilient Cyber w/ Grant Oviatt - Transforming SecOps with AI SOC Analysts

The SOC is arguably the category in Cyber getting the most attention when it comes to leveraging AI and Agents to address longstanding systemic issues. That’s why I had a great time diving into the topic of how AI SOC Analysts are and will Reshape SecOps with Prophet Security’s Grant Oviatt in January.

Resilient Cyber w/ Sounil Yu - The Intersection of AI and Need-to-Know

If you’ve been in cyber for any decent amount of time, you inevitably know of industry legend Sounil Yu, author of amazing resources and frameworks such as the D.I.E. Triad, or his Cyber Defense Matrix.

I caught up with Sounil in January to discuss the intersection of AI and the age old concept of need-to-know, and how the rise of GenAI and LLMs is changing how we should approach least privileged access and need-to-know.

Resilient Cyber w/ Ed Merrett - AI Vendor Transparency: Understanding Models, Data and Customer Impact

A key aspect of AI security involves models, data and customer impact when it comes to vendors and transparency. I had a chance to chat with AI Security firm Harmonic Security’s Director of Security & TechOps in February on all of these topics.

This includes covering GenAI data leakage, guardrails, SaaS governance, regulatory factors, especially in the EU and nuances between self-hosting GenAI/LLMs or consuming GenAI as-a-Service.

Implementing GenAI Red Teaming - The OWASP Way

Something many organizations have begun taking a look at when it comes to secure AI adoption if GenAI red teaming, or essentially taking a structured approach to identifying vulnerabilities and mitigating risks across AI systems by combining traditional adversarial testing with AI-specific methodologies and risks.

I used OWASP’s GenAI Red Teaming Guide as an example for my piece in February where I dove into the topic.

Resilient Cyber w/ Lior Div & Nate Burke - Agentic AI & the Future of Cyber

Building on my prior discussions around how AI is disrupting SecOps and the potential it holds, I sat down with Lior Div and Nate Burke of 7AI, a SecOps focused AI startup in February.

They went on to make major headlines in December of 2025 by announcing a record setting $130M Series A, and customer testimony’s about implementing the largest agentic SOC implementation that has been publicly discussed, with their early partner in DXC Technologies.

Resilient Cyber w/ Chenxi Wang - The Intersection of AI & Cybersecurity

While specific categories are interesting, it is also helpful to step back and look at the macroeconomic impact and potential of AI on cybersecurity. That’s exactly what I did with industry leader, investor and friend Chenxi Wang in March of this year.

Chenxi discussed both AI for Security and Securing AI, along with how LLMs are changing software development, how teams are and will apply AI to categories such as SecOps, GRC and AppSec and the potential for Agentic AI to drastically expand the total addressable market (TAM) by cutting into historical cyber services spend.

Vibe Coding Conundrums

One topic that really has thrown cyber practitioners and leaders into a frenzy in 2025 was that of “Vibe Coding”, or as Andrej Karpathy put it, giving into the vibes, forgetting code exists, and just trusting the output of AI coding tools.

This of course rightly scares the hell out of most in cyber, because the models bring inherent risks in code, and forgetting security is never exactly a great idea.

In this article, I broke down the implications of Vibe Coding, and what security should be thinking about when it comes to this trend. It will be interesting to see in 2026 and beyond what vibe coded software does to the attack landscape.

Resilient Cyber w/ Piyush Sharrma - AI-Powered Defense & Security Mesh

Another aspect around cybersecurity products, including AI that has played a role in conversation is that of Platforms vs. Point Products and the overwhelming alert fatigue in security due to security tool sprawl, leading to cognitive overload for security teams.

I caught up with Piyush Sharrma of Tuskira, to discuss the concept of an Agentic Security Mesh and the role of AI-powered defense.

Resilient Cyber w/ Elad Schulman - Secure Enterprise LLM/GenAI Adoption

Securing enterprise adoption when it comes to LLM and GenAI, along with chatbots, code and more are key concerns for security leaders. That’s why I really enjoyed my conversation with Elad Schulman, Cofounder of Lasso Security in April of 2025 on securing enterprise LLM and GenAI adoption.

We touched on dealing with challenges around visibility and governance, unique security considerations of using or building with AI, self-hosted vs. SaaS and potential vulnerabilities and threats associated with AI-driven development.

Resilient Cyber w/ Jit - Agentic AI for AppSec is Here

While there is a lot of focus on the risks of AI on AppSec, many are also looking to leverage AI and Agents to address longstanding AppSec challenges. Among those teams is Jit. In April I was joined by David Melamed and Shai Horovits of Jit to discuss how teams are use AI to improve security in AppSec.

Agentic AI Threats and Mitigations

It can be really difficult to discuss any technical topic or domain without a coherent taxonomy. That’s why I wrote an article in April covering OWASP’s Agentic AI Threats and Mitigations publication.

The paper does a great job explaining what agents are, how they work, their potential threats as well as corresponding mitigations. They also produced a comprehensive threat model, showing the various aspects of agentic systems and workflows and where threats can occur.

Resilient Cyber w/ Varun Badhwar - AI for AppSec - Beyond the Buzzwords

Cybersecurity and AppSec are inevitably full of buzzwords, especially in the age of AI where many vendors are struggling to stay relevant and trying to show they’re innovating. Few cut through the noise better than my friend and Endor Labs Cofounder & CEO Varun Badhwar.

Varun has joined me in the past, but in April of this year he joined me to discuss the intersection of AI and AppSec, and moving beyond buzzwords to real impacts and outcomes.

This included the dominant use of case of AI-driven development, Copilots and LLM’s, research on their often inability to produce secure code, and how AppSec and cyber can leverage AI and agentic workflows to address systemic security challenges.

Security’s AI-Driven Dilemma

As “Vibe Coding” and more legitimate AI-driven development continued to grow throughout 2025, along with broader AI adoption at-large, I wrote about cybersecurity’s AI-driven dilemma.

In this piece, I argued that security is historically a late adopter or laggard of technology cycles, which perpetuates the bolted-on, not built-in security model that we all would rather see.

I argued that security needed to change, to be an early adopter and innovator with AI, across areas such as SecOps, AppSec, GRC and beyond to address longstanding systemic issues and to avoid perpetuating problematic cycles in the past and continuing to be seen as a blocker by development and business peers.

Resilient Cyber w/ Daniel Miessler - Exploring AI’s Impact On Software, Cyber and Society

One of the folks I follow who puts out a lot of great content and thought provoking perspectives, especially on AI is Daniel Miessler of Unsupervised Learning. That’s why this conversation in April on AI’s impact on software, cyber and society was such a great one.

Orchestrating Agentic AI Securely

If you’ve been in security a while, you inevitably know of Threat Modeling, or analyzing system representations to highlight concerns about security characteristics.

While there’s popular frameworks already such as STRIDE, PASTA and others, they don’t sufficiently account for the nuances and novelty of AI, which is why I did a deep dive into Ken Huang’s MAESTRO, an AI threat modeling framework.

A fundamental aspect of MAESTRO is the 7-layer reference architecture for agentic AI. I found this aspect particularly useful when considering agentic architectures and some of their unique threats, risks, vulnerabilities, and potential mitigations.

Resilient Cyber w/ Vineeth Sai Narajala: Model Context Protocol (MCP) - Potential & Pitfalls

As AI adoption continued to grow in 2025, and excitement around agents in particular took off, a key aspect of that was the Model Context Protocol (MCP) from Anthropic. That’s why I took time to catch up with a researcher and practitioner who has incredible depth on the topic, Vineeth Sai Narajala. We walked through both the potential and pitfalls associated with MCP.

Additional Resources:

• Anthropic - Introducing the Model Context Protocol (MCP)

• Enhanced Tool Definition Interface (ETDI): A Security Fortification for the Model Context Protocol

• Enterprise-Grade Security for the Model Context Protocol (MCP): Frameworks and Mitigation Strategies

• Vulnerable MCP Project

Resilient Cyber w/ James Berthoty - Analyzing the AI Security Market

Whether you think the AI hype is real or not, the market is certainly tangible. From areas such as End User Data Control, AI Posture Management, App/Runtime, and AI for Security. That’s why I sat down with one of my favorite cyber industry analysts James Berthoty in June to discuss his AI Security Market report and key trends, analysis and takeaways.

Resilient Cyber w/ Jim Manico - Enhancing Software Security in the Era of AI

One of the most concerning aspects of the rapid AI adoption is that associated with software development, especially as coding has become among the most dominant use cases for LLMs and Agents. I was able to hangout with AppSec industry legend Jim Manico to discuss how we can enhance software security in the era of AI.

Jim discussed how he’s using entire teams of LLMs and Agents for code generation, review and orchestration and how AI is functioning as a force multiplier for AppSec when wielded correctly.

Entering the AI Controls Matrix: A look at Cloud Security Alliance’s AI Controls Matrix

As the AI landscape continued to rapidly evolve, regulatory and compliance frameworks have struggled to keep up. That’s why in July of 2025 when the Cloud Security Alliance (CSA) published their AI Controls Matrix (AICM) I spent some time walking through it, key aspects, and how organizations can use this resource to facilitate secure AI adoption.

Resilient Cyber w/ Ed Sim - The Intersection of Venture, AI and Cyber

It isn’t just the technical world that AI has quickly transformed and impacted, but Venture Capital (VC) as well, as investors race to play a role in backing some of the most disruptive and promising AI-focused startups. To get a handle on that, I chatted with Founder and GP of Boldstart Ventures Ed Sim to cover the intersection of venture capital, AI and cyber.

Resilient Cyber w/ Daniel Bardenstein - AI Supply Chain Security Risks

If you’ve followed me for a while you know that I’m incredibly passionate about software supply chain security and even wrote a book on the topic in recent years titled “Software Transparency”.

AI introduces complexity into the already problematic supply chain, from SaaS-based AI and model vendors, widespread open source model usage, platforms such as HuggingFace and more.

To get a sense of these challenges, I was joined by Daniel Bardenstein, who is the CTO & Cofounder of Manifest Cyber.

Resilient Cyber w/ Christian Posta MCP, Agents & IAM in the age of LLMs

Everyone likes to quip that “identity is the new perimeter” and for good reason, as credential compromise and identity is still at the heart of many modern incidents, and organizations are struggling to do the fundamentals well.

This is poised to become even more problematic with non-human identity (NHI) and Agentic AI. That’s why I wanted to chat with Christian Posta, Field CTO at Solo.io and one of the sharpest people I know when it comes to Identity Security. We covered MCP, Agents and what IAM looks like in the age of AI.

AI - Incentives, Economics, Technology and National Security

As AI dominated tech and economics, it also spilled into politics, with the new U.S. presidential administration making it a major priority and even annointing an “AI Czar”, which eventually led to the U.S. publishing an Executive Order (EO) in late 2025 to move towards a Federal U.S. regulatory framework for AI.

In this article, I discussed The White House publication titled “Winning the Race: America’s AI Action Plan”.

Fast and Flawed: Diving into Veracode’s “2025 GenAI Code Security Report

I discussed above the impact AI is having on AppSec, and the potential ramifications such as insecure code and an expanding attack surface. That’s why I found AppSec vendor Veracode’s “2025 GenAI Code Security Report” interesting and published an article walking through its key findings in mid 2025.

Resilient Cyber w/ Sid Trivedi - Black Hat, Cyber and AI Opportunities

Speaking of investors, one of my favorite folks to chat with is Sid Trivedi of Foundation Capital. Sid and I sat down in August to discuss Black Hat, Cyber and AI opportunities.

We covered topics such as Black Hat’s Startup Spotlight Competition, M&A headlines, how innovative startups can standout and the impact of AI on the VC landscape.

AI Adoption: Seatbelts, Air Bags & Oversight Optional: A look at IBMs 2025 Cost of a Data Breach Report: The AI Oversight Gap

One of the cyber industry’s most cited and discussed reports each year is IBM’s Cost of a Data Breach Report. 2025’s report focused heavily on the AI oversight gap, and how organizations are rapidly adopting the technology despite not being fully prepared to govern and secure it.

It showed that nearly 30% of organizations were experiencing security incidents involving AI models or applications, with a mix of third-party vendors, SaaS, on-prem and open source.

They also found that shadow AI usage was driving up incident costs as well.

Resilient Cyber w Andrew Carney DARPA AI Cyber Challenge AIxCC

While many are rightly worried about the risks of AI and the potential threats, many are also looking to see how we can use AI to address systemic issues and innovate with the technology.

One that got a lot of attention in 2025 was DARPA’s AI Cyber Challenge (AIxCC). I was joined in August by the Program Manager, Andrew Carney to discuss the competition, key findings and the promising potential for AI to address major issues such as vulnerabilities in widely used open source.

Resilient Cyber w/ Michael Bargury - The Agentic AI Security Imperative

As I have discussed, Agentic AI has dominated headlines in 2025 and many have dubbed it the year of AI agents, or that we’re entering the decade of Agentic AI. That’s why I had to catch up with industry leader Michael Bargury, Cofounder and CTO at Agentic AI Security firm Zenity.

We covered the state of agentic AI adoption, potential enterprise risks, zero-click exploits and the risks associated with agentic coding platforms as well.

Resilient Cyber w/ Rob T. Lee - Navigating AI’s Impact on Cyber & the Workforce

No conversation about AI is complete without discussing a hot topic, the workforce. Many in white collar/tech have worried and discussed the potential impact that AI is and will have on the workforce.

That’s why I had SANS’s Institute’s Chief of Research (COR) and Chief AI Officer (CAIO) Rob T. Lee join me to discuss AI’s impact on both cybersecurity and the workforce, as well as helpful guidance from SANS for the community on AI security.

SANS Critical AI Security Guidelines

Speaking of AI security guidelines, I did a dedicated piece diving into SANS Critical AI Security Guidelines. It covers key areas from access control, data protection and all the way to monitoring and GRC.

Resilient Cyber w/ Alon Jackson - Enterprise Agentic Security

Few topics have gotten as much attention as Identity when it comes to Agentic AI, and rightly so. Agents are poised to exponentially out number human users, leading to challenges around authentication and authorization and IAM more broadly, all areas where cyber already has struggled historically.

In September, Astrix Security’s CEO/Cofounder, Alon Jackson joined me to discuss Enterprise Agentic Security, and the concept of an Agent Control Plane.

Resilient Cyber w/ Snehal Antani - AI and Autonomous Pen Testing

Many of the resources and discussions up until this point were focused on defense cybersecurity operations, but what about offense? That’s where Snehal Antani, CEO and Founder of Horizon3 came in.

We unpacked the topic of autonomous pen testing, the impact of AI and Agents on OffSec and the ongoing race between hackers/attackers and defenders when it comes to leveraging AI to be more effective in their respective goals.

Software Dependency Dilemma’s in the AI Era

As I discussed above, one of the most impactful ways AI is impacting the industry involves the SDLC and software development. Organizations are rapidly leaning into LLM and AI coding tools to increase their volume and velocity. However, this adoption brings a lot of risk and potential peril as well.

That’s why I broke down Endor Labs 2025 State of Dependency Management Report, looking at AI code generation and MCP servers.

To help breakdown the report and its key takeaways, I was joined by Endor Labs Head of Security Research (Henrik Plate) and VP, Product and Design (Amod Gupta) to discuss their recent publication, the 2025 State of Dependency Management.

Beyond the Hype of AI Agents in the SOC

The SOC arguably saw the most hype when it comes to AI use cases within cybersecurity. Some estimates state there are 80~ AI SOC focused startups/companies in the ecosystem now. To try and move beyond the hype and look at the real impact, I did a deep dive into the report “Beyond the Hype: A Benchmark Study of AI Agents in the SOC” from Dropzone AI and Cloud Security Alliance.

As seen below, the early results are indeed promising:

Resilient Cyber w/ Kamal Shah - The State of AI in SecOps

Building on the theme of digging into the intersection of AI and SecOps, I caught up with Prophet Cofounder and CEO Kamal Shah to discuss the State of AI in SecOps. Kamal and I walked through the actual state of AI in SecOps, how AI is impacting the future of the SOC, what hype vs. reality is, and much more.

State of AI in SecOps - 2025

Speaking of the State of AI in SecOps, I did a standalone article unpacking the key findings from Prophet Security’s comprehensive report.

The report, and it’s key findings above show drastic time savings with the use of AI in the SOC, improved reporting, expanded abilities to triage and investigate alerts and more. This adds fuel to the promise of AI SOC and the potential to address longstanding technical and workforce challenges as we head into 2026.

OWASP Top 10 for Agentic Applications

As we rounded out the year and Agentic AI continued to be a hot topic, I had the pleasure of serving on OWASP’s Distinguished Review Board for their Agentic Security Initiative (ASI), as we published the industry’s first Agentic AI Top 10 from OWASP.

This will serve as a critical resource for the community in the years to come as the growth of Agentic AI and Agents is poised to expand exponentially.

Resilient Cyber Wins Media Creator of the Year

A bit of a personal note as we wrap up 2026. Really humbled and honored to win the SANS Institute’s Content Creator of the Year award this past weekend for Resilient Cyber in 2025.

I first came across SANS over a decade ago, as a student taking courses in SecOps and Incident Response and have continued to enjoy their courses, with the latest one I’ve taken being focused on GenAI Security.

To join their team in D.C. for the SANS Difference Makers Awards (DMA) this past weekend among so many amazing industry leaders from the community such as Sounil Yu Kirsten Davies, Mitchel Herckis, Amit Elazari, Dr. J.S.D, Robert M. Lee and many others was awesome. Many of whom have been guests on the show over the years too.

Congratulations to my fellow category awardee Dave Bittner N2K | CyberWire who’s track record and accomplishments are incredible. Big shout out to Rob T. Lee, Chris Cochran and the entire SANS team for the great event they put on for the community.

If you’ve followed me or Resilient Cyber the past year, I hope you’ve enjoyed the articles, newsletter and interviews - and stay tuned for more to come in 2026!

Closing Thoughts

As you can see, it’s been a very busy year around all things AI and Cybersecurity. Through Resilient Cyber I’ve done my best to bring deep analysis of the latest trends, innovations and conversations with industry leaders, as I am growing in this space along with the community.

I look forward to continuing to look to provide value to you all as we head into 2026 and beyond during this incredibly transformative time AI is creating in technology and society!