Casey Ellis, founder of Bugcrowd, joins the show to talk about the evolution of bug bounty, how hackers went from outsiders to strategic assets, and why AI-generated bug reports are putting pressure on security teams. We also get into VDPs vs public bounties, pentesting, vulnerability economics, and where security research is headed over the next five years.

In this episode of the Secure Disclosure Podcast, we dive into the human side of security with Sean Juroviesky. From why people remain the biggest challenge in cybersecurity to how organizations can build effective security cultures, this conversation explores identity, access management, and the risks introduced by shadow IT and AI. We unpack how to make the secure path the easiest path, how to detect risky behavior without alienating employees, and why over-permissioned AI tools may be the next big threat. It’s a practical, honest discussion on balancing security, usability, and the rapid evolution of AI in modern organizations.SponsorThis episode is brought to you by Aikido — https://aikido.devSecure everything from code to cloud

AI agents are here, and they’re already transforming how we work. But beneath the hype lies a massive, unsolved security problem.In this episode, Mackenzie Jackson sits down with Johannes Keienburg to unpack the reality of autonomous agents: why they’re so powerful, why they’re so dangerous, and why access control is about to become the biggest challenge in cybersecurity.From broken authorization to “agents without brakes,” they explore how today’s systems are fundamentally unprepared—and what needs to change before things go seriously wrong.