Episode 14: AI Risks, Threat Modeling, and The Future of Vibe Coding

Episode 14 of the Distilled Security Podcast is here!

This week, the team welcomes guest John Zeolla, a cybersecurity expert and AI enthusiast, for a deep dive into the risks, realities, and potential of artificial intelligence.

Topics include:
  • Shadow AI in the Enterprise: Why business leaders are adopting AI faster than CISOs can assess the risks—and how features are outpacing controls.

  • Third-Party AI Risk: Understanding vendor integrations with ChatGPT and others, and how contracts alone can’t guarantee security.

  • Data Sprawl and Provenance: How uncontrolled data flows and poor identity scoping create dangerous exposure in generative AI platforms.

  • Threat Modeling for AI: Why traditional frameworks like STRIDE still apply—and how techniques like “LLM as a judge” are reshaping modern risk analysis.

  • Hallucinations, Misuse, and Insider Access: From AI-summarized HR documents to leaked board data, the team explores how improper permissions are amplified by intelligent agents.

  • AI in Real Business Use: From customer support chatbots to code review tools, where AI adds value—and where it creates new points of failure.

  • Governance and Culture: The role of CISOs, legal, and finance leaders in aligning AI ambition with responsible oversight.

  • Bourbon Review – Elijah Craig Private Barrel Pick: A smooth 94-proof selection sponsored by Liberty Liquors (MD), bringing sweet caramel and balance to this week’s pour.

  • BSides Pittsburgh Preview: With nearly 1,000 tickets sold, the team teases event highlights, panel interviews, and John's upcoming talk on "vibe coding."

Timestamps

00:00 – Welcome & Introductions
02:20 – What’s “Shadow AI”?
06:45 – Third-Party Risk & AI Integrations
11:10 – Contracts ≠ Security
14:00 – Data Sprawl & Identity Challenges
19:05 – Threat Modeling for AI
23:40 – “LLM as a Judge” in Risk Analysis
28:15 – Hallucinations & Misuse Scenarios
33:00 – Insider Access Amplified by AI
36:30 – Real-World Use Cases (Chatbots, Code Review, etc.)
41:55 – Governance, Culture & CISO Alignment
48:20 – Bourbon Review: Elijah Craig Private Barrel
52:30 – BSides PGH Preview & John’s “Vibe Coding” Talk
57:00 – Final Thoughts & Wrap-Up


Hosts
Guest
Connect with Us

Creators and Guests

Joe Wynn
Host
Joe Wynn
Founder & CEO @ Seiso | IANS Faculty Member | Co-founder of BSidesPGH
Justin Leapline
Host
Justin Leapline
Founder of episki | IANS Faculty Member
Rick Yocum
Host
Rick Yocum
Optimize IT Founder | Managing Director, TrustedSec
Jon Zeolla
Guest
Jon Zeolla
Cybersecurity leader passionate about simplifying complex problems and reducing toil in large enterprises. He’s an active contributor to the open-source community through the CNCF, OpenSSF, and formerly the Apache Software Foundation. As the founder of Steel City InfoSec, PittSec, and BSidesPGH's parent company, John champions collaboration, learning, and community-driven security.
Episode 14: AI Risks, Threat Modeling, and The Future of Vibe Coding
Broadcast by