Host Paul Roberts welcomes Conversing Labs guest Steve Wilson, Chief AI and Product Officer at Exabeam and co-chair of the OWASP GenAI Security Project. Steve discusses his path from early programming to AppSec at Contrast Security and leading the OWASP Top 10 for LLMs, which grew into a large community and later an Agentic Top 10.
Wilson explains AI’s recent leap via transformer architecture, cloud scale, and GPUs, and describes Exabeam’s evolution from SIEM and behavior analytics to generative and agentic AI with multiple security agents. He summarizes his 2024 O’Reilly book expanding OWASP risks into case studies and secure development practices, emphasizing that AppSec alone is insufficient for autonomous agents, requiring monitoring and “agent behavior analytics.” The conversation highlights AI supply chain risks (models, plugins/MCP, OpenClaw skills, fake Chrome extensions), scoping/least privilege, and the practical impact of tools like Claude Code on AppSec and security operations.
00:00 Welcome and Guest Intro 02:35 Steve’s Cyber Journey 04:13 OWASP LLM Top 10 Origins 06:21 From LLMs to Agents 06:59 Tron and AI History 09:32 Why Transformers Changed Everything 11:35 What Exabeam Actually Does 16:08 Writing the LLM Security Book 20:27 Agent Risks Beyond AppSec 22:05 What Changed Since 2024 23:30 Reasoning Models and Strawberry 26:18 Agentic Top 10 and Supply Chain 27:11 Hallucinated Dependencies 27:47 Model Supply Chain Trust 28:57 Plugins And Agent Exploits 29:58 MCP And Skills Risks 31:01 Chrome Plugin Trap 33:47 RAISE Framework Overview 35:12 Monitoring Digital Workers 38:40 Scoping And RAG 41:44 Excessive Agency Controls 43:02 Sandboxed Assistant Build 45:16 AI Impact On Infosec 49:15 Closing And Contact
Podden och tillhörande omslagsbild på den här sidan tillhör
ReversingLabs. Innehållet i podden är skapat av ReversingLabs och inte av,
eller tillsammans med, Poddtoppen.