Episode 313 - AppSec Role Evolution, AI Skills & Risks, Phishing AI Agents

Ken Johnson and Seth Law examine the intensifying pressure on security practitioners as AI-driven development causes an unprecedented acceleration in industry velocity. A primary theme is the emergence of "shadow AI," where developers utilize unauthorized AI coding assistants and personal agents, introducing significant data classification risks and supply chain vulnerabilities. The discussion dives into technical concepts like AI agent "skills"—markdown files providing specialized directions—and the corresponding security risks found in new skill registries, such as malicious tools designed to exfiltrate credentials and crypto assets. The hosts also review 1Password’s SCAM (Security Comprehension Awareness Measure), highlighting broad performance gaps in an AI's ability to detect phishing, with some models failing up to 65% of the time. To manage these unpredictable systems, the hosts advocate for a shift toward high-level validation roles, emphasizing the need for Subject Matter Expertise to combat "reasoning drift" and maintain safety through test-driven development and periodic "checkpoints". Ultimately, they conclude that while AI can simulate expertise, human oversight remains vital to secure the probabilistic nature of modern agentic workflows.

You can listen to Episode 313 - AppSec Role Evolution, AI Skills & Risks, Phishing AI Agents online on Radio and Podcast. Open the player on this page to stream the available audio.

Episode 313 - AppSec Role Evolution, AI Skills & Risks, Phishing AI Agents is an episode from Absolute AppSec by Ken Johnson and Seth Law.

The episode duration depends on the source podcast feed and may not always be available.

This episode was published on Feb 17, 2026.

Yes. Use the heart button on the episode page to add it to your favorite episodes list.

Yes. This page shows related episodes from Absolute AppSec when more episodes are available from the podcast feed.