Episode 14: AI Risks, Threat Modeling, and The Future of Vibe Coding cover art

Episode 14: AI Risks, Threat Modeling, and The Future of Vibe Coding

Episode 14: AI Risks, Threat Modeling, and The Future of Vibe Coding

Listen for free

View show details

About this listen

Episode 14 of the Distilled Security Podcast is here!

This week, the team welcomes guest John Zeolla, a cybersecurity expert and AI enthusiast, for a deep dive into the risks, realities, and potential of artificial intelligence.


Topics include:

  • Shadow AI in the Enterprise: Why business leaders are adopting AI faster than CISOs can assess the risks—and how features are outpacing controls.

  • Third-Party AI Risk: Understanding vendor integrations with ChatGPT and others, and how contracts alone can’t guarantee security.

  • Data Sprawl and Provenance: How uncontrolled data flows and poor identity scoping create dangerous exposure in generative AI platforms.

  • Threat Modeling for AI: Why traditional frameworks like STRIDE still apply—and how techniques like “LLM as a judge” are reshaping modern risk analysis.

  • Hallucinations, Misuse, and Insider Access: From AI-summarized HR documents to leaked board data, the team explores how improper permissions are amplified by intelligent agents.

  • AI in Real Business Use: From customer support chatbots to code review tools, where AI adds value—and where it creates new points of failure.

  • Governance and Culture: The role of CISOs, legal, and finance leaders in aligning AI ambition with responsible oversight.

  • Bourbon Review – Elijah Craig Private Barrel Pick: A smooth 94-proof selection sponsored by Liberty Liquors (MD), bringing sweet caramel and balance to this week’s pour.

  • BSides Pittsburgh Preview: With nearly 1,000 tickets sold, the team teases event highlights, panel interviews, and John's upcoming talk on "vibe coding."


Timestamps

00:00 – Welcome & Introductions
02:20 – What’s “Shadow AI”?
06:45 – Third-Party Risk & AI Integrations
11:10 – Contracts ≠ Security
14:00 – Data Sprawl & Identity Challenges
19:05 – Threat Modeling for AI
23:40 – “LLM as a Judge” in Risk Analysis
28:15 – Hallucinations & Misuse Scenarios
33:00 – Insider Access Amplified by AI
36:30 – Real-World Use Cases (Chatbots, Code Review, etc.)
41:55 – Governance, Culture & CISO Alignment
48:20 – Bourbon Review: Elijah Craig Private Barrel
52:30 – BSides PGH Preview & John’s “Vibe Coding” Talk
57:00 – Final Thoughts & Wrap-Up


Hosts

  • Justin Leapline – LinkedIn
  • Joe Wynn – LinkedIn
  • Rick Yocum – LinkedIn

Guest

  • John Zeolla – Zenable.io

Connect with Us

  • Website: distilledsecuritypodcast.com
  • Twitter: @DisSecPod
  • Email: hello@distilledsecuritypodcast.com

What listeners say about Episode 14: AI Risks, Threat Modeling, and The Future of Vibe Coding

Average Customer Ratings

Reviews - Please select the tabs below to change the source of reviews.

Audible.com.au reviews

Amazon Reviews
No Reviews are Available
In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.