In this episode we sit down with Amir Kessler and Aviram Shmueli of AppSec innovator Jit to dive into the complexities of the modern AppSec landscape and explore the emerging Application Security Posture Management (ASPM) ecosystem.

- First off, for folks not familiar with your backgrounds, can you tell us a bit about both of your backgrounds and how you got to the roles you're in now?

- We're seeing a ton of interest in the topic of ASPM in the AppSec space. What do you think has led to this emerging category and what key problems is it looking to solve?

- I know your team puts a big emphasis on not just the tech but also the DexEx and UX. Why is this so critical to address AppSec risks and securing organizations and their code?

- While there is value in ASPM platforms, many Dev teams and engineers are opinionated about their tools, how important is this flexibility and extensibility in the platform that the Jit team has built?

- A key challenge includes vulnerability overload. Teams drowning in massive vulnerability backlogs and trying to add vulnerability context and focus on the most relevant risks for developers. How does Jit approach this?

- Not all ASPM platforms are the same, but we see many vendors rallying around the category. What do you think makes Jit unique and differentiates what the team has built?

- For those that don't know you, can you tell us a bit about your background and your current role?

- I know you help lead the ATLAS project for MITRE, what exactly is ATLAS and how did it come about?

- The AI threat landscape is evolving quickly, as organizations are rapidly adopting GenAI, LLM's and AI more broadly. We are still flushing out some fundamental risks, threats and vulnerabilities to consider. Why is it so important to have a way to characterize it all?

- When it comes to AI Security, there is also a lot of hype, buzz and dare I say FUD out there. Why are you so adamant that we take a data-driven and actionable approach?

- I know you recently helped participate in the first big AI security incident focused TTX, including with CISA and other Government and Industry partners, can you speak a bit about the experience and why exercises like this are important for organizations to do when it comes to AI security?

- As someone close to the AI domain, when it comes to security, what are your thoughts on both where we're headed for security of AI, and AI to bolster security?

- For folks wanting to learn more about ATLAS, and the work MITRE is doing around AI security, where should folks get started?

- What are some key open questions and opportunities for the community to help shape the future of AI security and assurance?


https://atlas.mitre.org/ ← Check out MITRE ATLAS!

In this episode we sit down with GenAI and Security Leader Steve Wilson to discuss securing the explosive adoption of GenAI and LLM's. Steve is the leader of the OWASP Top 10 for LLM's and the upcoming book The Developer's Playbook for LLM Security: Building Secure AI Applications

-

- First off, for those not familiar with your background, can you tell us a bit about yourself and what brought you to focusing on AI Security as you have currently?

- Many may not be familiar with the OWASP LLM Top 10, can you tell us how the project came about, and some of the value it provides the community?

- I don't want to talk through the list item by item, but I wanted to ask, what are some of the key similarities and key differences when it comes to securing AI systems and applications compared to broader historical AppSec?

- Where do you think organizations should look to get started to try and keep pace with the businesses adoption of GenAI and LLM's?

- You've also been working on publishing the Developers Playbook to LLM Security which I've been working my way through an early preview edition of and it is great. What are some of the core topics you cover in the book?

- One hot topic in GenAI and LLM is the two large paths of either closed and open source models, services and platforms. What are some key considerations from your perspective for those adopting one or the other?

- I know software supply chain security is a key part of LLM and GenAI security, why is that, and what should folks keep in mind?

- For those wanting to learn more, where can they find more resources, such as the LLM Top 10, your book, any upcoming talks etc?