Distilled Security Podcast

In this episode, we celebrate our 2nd anniversary and Episode 24 of Distilled Security! We cover the Vercel breach, how a Roblox script led to compromised Google Workspace credentials via an unauthorized OAuth connection. Then we dive into HackerOne, pausing their own bug bounty program, overwhelmed by low-quality, AI-generated submissions. And we close out with the State of Vibe-Coded Security—4,783 AI-assisted apps scanned, 727 critical issues found, and the real question: are you vibe coding or vibe deploying? Plus, a quick look at Claude for Security dropping into public beta and what that means for the industry.

All of that, and we crack open a Peerless Double Oak to toast two years of Distilled Security. 🥃

⏱️ TIMESTAMPS:

00:00 – Intro & 2-Year Anniversary 🎉
01:26 – Behind the Scenes & Favorite Moments
08:26 – Podcast Metrics & Global Reach
24:20 – BSides Pittsburgh 2025 Update 🛡️
34:31 – The Vercel Breach & OAuth Risk
58:57 – HackerOne Pauses Bug Bounty
1:16:05 – Spirit: Peerless Double Oak 🥃
1:20:27 – Vibe Coding vs. Vibe Deploying
1:26:46 – Claude for Security & AI News
1:41:27 – Cheers to Two Years! 🥃

🎙️ Hosts
Justin Leapline – @justinleapline
Joe Wynn – @wynnjoe
Rick Yocum – @rickyocum

📬 Send Us Your Questions!
ask@distilledsecuritypodcast.com

🌐 Connect with Us
Website: distilledsecuritypodcast.com
X: @DisSecPod
Email: hello@distilledsecuritypodcast.com

👍 Like, comment, and subscribe for monthly security and compliance insights