Episode 22: Is AI Good for Security, CIRCIA Starts the Clock, and the M&A Problem Nobody's Talking About
In this episode of the Distilled Security Podcast, we tackle four topics shaping the cybersecurity landscape — from AI's real impact on defense to a wave of regulatory and market changes every security team needs to be tracking.
🔹 Is AI Good for Security? — Anthropic's model finding hundreds of zero days, stock market panic after Claude Code's launch (CrowdStrike down 11%), the "hard things easy, easy things hard" reality of AI, why human-out-of-the-loop isn't ready yet, the coming spike in vulnerability disclosures, and how defenders should be using AI for better hygiene
🔹 CIRCIA Final Rule (May 2026) — The federal incident reporting law hitting critical infrastructure, 72-hour incident and 24-hour ransom payment notification clocks, how "substantial cyber incident" triggers differ from materiality, mid-market companies falling in scope, overlapping timelines with HIPAA/SEC/state breach laws, and building your incident response playbook now
🔹 Protecting Yourself Against a Changing Compliance Landscape — CMMC Phase 2, HIPAA overhaul, CCPA audits all converging, why a unified security program beats framework-by-framework chasing, evidence over policy in audits, engineering continuous compliance through automation, and the reality of doing this without dedicated staff
🔹 Cybersecurity M&A / Consolidation Problem — Google acquiring Wiz for $32B, 10% of the cybersecurity industry changing hands, operational benefits of fewer vendors vs. pricing pressure and talent drain, the OneTrust "sticker on the side" integration warning, Cisco's Startup Studios model, and why consolidation only works if they don't break what made the acquisition special
🥃 Spirit Review: WhistlePig 12 Year Old World Rye
PA Fine Wine & Good Spirits Select — Finished in Madeira, Sauternes & Port barrels, 86 proof
https://www.whistlepigwhiskey.com/
📬 Send Us Your Questions!
ask@distilledsecuritypodcast.com
🎙️ Hosts
Justin Leapline – @justinleapline
Joe Wynn – @wynnjoe
Rick Yocum – @rickyocum
🌐 Connect with Us
Website: distilledsecuritypodcast.com
X: @DisSecPod
Email: hello@distilledsecuritypodcast.com
👍 Like, comment, and subscribe for weekly security and compliance insights.
