Episode 319 - Vercel Breach, Security vs. Compliance, Pull Request Flows w/ AI Agents

Episode 319 covers a range of industry developments, primarily focusing on the recent Vercel security incident and the evolving landscape of AI-driven compliance. The hosts detail how a Vercel employee's use of a consumer-level Context AI plan led to a workspace compromise via a leaked OAuth token, eventually allowing attackers to access sensitive environment variables. This leads to a critical discussion about the SOC 2 provider Delve, with the hosts addressing allegations regarding "fake" compliance automation and the general limitations of auditing frameworks that do not inherently equate to true security. This episode also explores the future of the Pull Request (PR) flow, debating whether traditional human-led code reviews are "dead" due to the massive volume of code generated by AI agents. While they acknowledge that startups are moving toward autonomous commits, Seth argues that the PR concept is evolving into a system of agentic attestation and guardrails rather than disappearing entirely. The episode concludes with community survey results on this shift and a reminder about the hosts' upcoming training sessions in Singapore.

You can listen to Episode 319 - Vercel Breach, Security vs. Compliance, Pull Request Flows w/ AI Agents online on Radio and Podcast. Open the player on this page to stream the available audio.

Episode 319 - Vercel Breach, Security vs. Compliance, Pull Request Flows w/ AI Agents is an episode from Absolute AppSec by Ken Johnson and Seth Law.

The episode duration depends on the source podcast feed and may not always be available.

This episode was published on Apr 21, 2026.

Yes. Use the heart button on the episode page to add it to your favorite episodes list.

Yes. This page shows related episodes from Absolute AppSec when more episodes are available from the podcast feed.