Episode 14: AI Risks, Threat Modeling, and The Future of Vibe Coding
Episode 14 of the Distilled Security Podcast is here!
This week, the team welcomes guest John Zeolla, a cybersecurity expert and AI enthusiast, for a deep dive into the risks, realities, and potential of artificial intelligence.
Topics include:
- Shadow AI in the Enterprise: Why business leaders are adopting AI faster than CISOs can assess the risks—and how features are outpacing controls.
- Third-Party AI Risk: Understanding vendor integrations with ChatGPT and others, and how contracts alone can’t guarantee security.
- Data Sprawl and Provenance: How uncontrolled data flows and poor identity scoping create dangerous exposure in generative AI platforms.
- Threat Modeling for AI: Why traditional frameworks like STRIDE still apply—and how techniques like “LLM as a judge” are reshaping modern risk analysis.
- Hallucinations, Misuse, and Insider Access: From AI-summarized HR documents to leaked board data, the team explores how improper permissions are amplified by intelligent agents.
- AI in Real Business Use: From customer support chatbots to code review tools, where AI adds value—and where it creates new points of failure.
- Governance and Culture: The role of CISOs, legal, and finance leaders in aligning AI ambition with responsible oversight.
- Bourbon Review – Elijah Craig Private Barrel Pick: A smooth 94-proof selection sponsored by Liberty Liquors (MD), bringing sweet caramel and balance to this week’s pour.
- BSides Pittsburgh Preview: With nearly 1,000 tickets sold, the team teases event highlights, panel interviews, and John's upcoming talk on "vibe coding."
Timestamps
00:00 – Welcome & Introductions
02:20 – What’s “Shadow AI”?
06:45 – Third-Party Risk & AI Integrations
11:10 – Contracts ≠ Security
14:00 – Data Sprawl & Identity Challenges
19:05 – Threat Modeling for AI
23:40 – “LLM as a Judge” in Risk Analysis
28:15 – Hallucinations & Misuse Scenarios
33:00 – Insider Access Amplified by AI
36:30 – Real-World Use Cases (Chatbots, Code Review, etc.)
41:55 – Governance, Culture & CISO Alignment
48:20 – Bourbon Review: Elijah Craig Private Barrel
52:30 – BSides PGH Preview & John’s “Vibe Coding” Talk
57:00 – Final Thoughts & Wrap-Up
Hosts
Guest
- John Zeolla – Zenable.io
Connect with Us
- Website: distilledsecuritypodcast.com
- Twitter: @DisSecPod
- Email: hello@distilledsecuritypodcast.com
Creators and Guests
Guest
Jon Zeolla
Cybersecurity leader passionate about simplifying complex problems and reducing toil in large enterprises. He’s an active contributor to the open-source community through the CNCF, OpenSSF, and formerly the Apache Software Foundation. As the founder of Steel City InfoSec, PittSec, and BSidesPGH's parent company, John champions collaboration, learning, and community-driven security.
