
Loading summary
Podcast Host / Sponsor Announcer
Cybersecurity Today is brought to you by nordlayer. Teams today work across multiple tools and devices, but security often remains fragmented and this is exactly what NORD Layer can help you address. NORD Layer gives your company centralized control over access by individuals and teams and keeps connection secure from anywhere with no additional hardware required. Visit nordlayer.com cybersecurity today and use the discount code NLSUMMER26 for a special discount on your purchase.
David Spark
Welcome to Cybersecurity Today on the weekend. I'm really excited to have a conversation today with Lionel Liddy, who's the CISO for Menlo Security, whose journey has taken him from academia to the front lines of the fight today against AI vulnerabilities into the trenches of the browser. We're going to talk about the rise in some of the mythology that's come from AI vulnerability and exploitation, where we are today in terms of that sense of CISO struggling to keep up. It seems like every other week over the last six months there's been something new, something massive. Someone dropping an email saying, hey, I want to try out this new open claw and we're going to look at what the long term might hold in terms of where we have to go in terms of building better multi layered defenses for organizations. But how that may start with the browser. I hope you enjoy this conversation as much as I had in having it with Lionel. Let's get started. Lionel, it's great to have you on the show. Thanks for making the time.
Lionel Liddy
Hey David. Yeah, it's great to be here. Thanks for having me.
David Spark
Do you mind telling the audience a little bit about yourself? How did you get into security and what do you do now? And then I'll ask you a little bit about Menlo.
Lionel Liddy
Sure, yeah, I guess how I got into cybersecurity. I think it's pretty typical answer, right? As a kid I got a computer. I was like a Vic 20, like an old Commodore computer, and I started tinkering with it and trying to understand how it worked. And this was a hobby for a long time. And so that part maybe is a little less typical. I was doing more math and then at some point I needed to work on some more practical project that involved math. And this is where I ended up working on steganography, which is hiding information and images. And from there I switched to really focusing on computer security. Then actually I did go to school in Canada, went to University of Toronto. This is where I got my PhD and I was researching virtual machines and their applications to securing systems, which is an area that is still very relevant today. And then, yeah, from there went into. I decided I did not want to stay in academia, right. So I went to industry. Having worked on virtual machines, I ended up at VMware, best place to be if you want to be working on virtual machines. And there it was looking at some technologies around optimizing EDR and DLP for virtualized environments. But then it became clear that everything exciting was happening on the web and in the browser. So first at VMware started working on some security products around the web. And one thing led to another and I joined this at the time, small startup called Mendo Security. And that was, I think, 12 years ago now. So been there for a while. At first, building the products company got large enough, we needed a security engineering team, built a security engineering team. And then at some point, one thing led to another, and now I'm the CISO at Menno. So still wearing two hats, right? One is this is a security vendor. We're building a security product and, you know, we can talk a little bit more about what it is we build and. But at the same time, I'm also tasked with securing the company just like any other ciso.
David Spark
That's amazing. You don't hear many folks who go academic, PhD into the startup world, into the CISO world. It's interesting. I can think of a handful of folks that have gone through that journey, which is fascinating because I always find it adds a layer of depth and thinking about the why behind things more so than just, here's my list of tasks, here's what I need to accomplish, et cetera. And it leads to interesting innovations. But if I had to ask out of complete ignorance, and if someone has never heard of Menlo, what do you do?
Lionel Liddy
Yeah, so we do browser security. And the way we go about this is. And this ties a little bit to my background in virtualization, too, and virtual desktop infrastructure. Right. So we are building something that is similar to virtual desktop infrastructure, but for your browser. So we provide you with this isolated remote browser that is not running on your endpoint, and that is going to provide a barrier between your users and the Internet, or potentially between not your users or your users you don't fully trust and your web server. Right? So you can think of this as both like a web application firewall on Steroid, where you really have a fully controlled browser in front of your application to protect your application. That's if you're protecting your server. And then when you're protecting your users, now you visit the website and none of the active content of the website is actually executing on your endpoint. It's. And this is, yeah, I think we're going to be talking about vulnerabilities and whatnot. It's very relevant here, right? It means that if you're using Chrome and you go to a malicious website and it's trying to take advantage of a security issue in the Chrome browser, it might compromise the browser, but the browser is compromising, is going to be this cloud browser and your endpoint browser. All it's doing is giving you a view of what the cloud browser is doing. So this is where it ties into vdi, right? Like when you're using VDI on your endpoint, you really just have this little VDI client and you're interacting with a remote desktop. So here you're interacting with a remote browser and this provides you by design protection against browser attacks.
David Spark
And it's interesting and I'll segue into the AI part of the conversation, but earlier this week I covered a story where a researcher found a VM escape flaw, a 16 year old flaw in Linux. And what's interesting is it's one of those, and I think he said it was one of the first times that we've seen a dual architecture AMD and Intel VM escape kind of work universally and it wasn't that difficult to exploit. And so when I think about what AI has done in terms of scalability and speed and discovery and chainability of exploits, and I'd love to get your thoughts about the need for the kind of blast containment that you've just described in a world where things can get out of control faster than we've ever imagined.
Lionel Liddy
Yeah, for sure. It's become even more critical. Right, Because I think this, the speed that everyone is talking about means that you don't have time for reactive approaches anymore or soon you won't. Right. So approaches that are around, I'm going to get a number of indicators of compromise and I'm going to populate my web application or my secure web gateway with a list of websites you shouldn't be visiting or get some signatures. Right. Or even patch my systems if the time to exploitation is now. People are talking about negative time to exploitation, right? Like people are mostly going after zero days and exploiting this right away. You don't have time to, to patch. So you need to have other approaches that are going to give you, as you were saying, containment. Medication limits the risk. So I think, yeah, what we've built is a good fit for this era of accelerated Exploitation and just I think needing to go back to some of the security fundamentals. Right. Which is having separation of concern and having sandboxes and isolation so that if there is a vulnerability that is exploited, you don't have a house of card that completely crumbles.
David Spark
And it's interesting because I think were having a reevaluation of what became a very popular sort of stance of it's not if you're going to be breached, it's when. So don't worry about just trying to prevent anyone from ever trying to get in. It's going to be speed to detection and reaction, et cetera. And then we're realizing, okay, in this environment we have to put more up front and blast, contain, limit as much risk as we can because we can't react fast enough and we certainly can't react at human speed to machine speed threats. So it's interesting on that side.
Lionel Liddy
Yeah, I think one, I forget who said that, but I heard someone describe the future as potentially attackers are just going to do smash and grab. Right. They're just going to get in. And because it's, you've automated everything and it's AI and it's at machine speed, you're no longer going to try to be discreet and evade detection and spend months like doing reconnaissance, understanding the, understanding the environment. Instead there's just going to be, let's have AI go as fast as possible, grab all the information it can grab, encrypt what it can encrypt and take it from there. Yeah, absolutely. You still need detection, obviously we still need to do everything, but it's shifting the emphasis. Yeah.
David Spark
And what's interesting, I guess I'll step back is like this is I think a great reevaluation moment for security. What is security in the age of AI and wearing your CISO hat for a second. It has been a wild six months. Even if we rewind back to March and the amazing marketing job that Anthropic did perhaps a bit right now to its detriment in terms of some government reaction to AI hacking. But what has it been like sitting in the CISO chair of a high profile, fast growing company trying to keep up with all of this.
Lionel Liddy
Yeah, it's a roller coaster, it's fascinating but also stressful. Right. And yeah, it's a fast moving, still fairly small company. It's an engineering company. Right. So there is a culture of wanting to experiment. So yeah, my users, they are on the forefront of using these AI tools. Right. And so before I even hear about for example, openclaw in the news, like you may remember, I think, yeah, it was around March timeline. Right. And you had never heard of this thing. And then on Tuesday, it was like, all over the news. Right. And Monday morning I get an email like, what is our policy on using Open Claw? I don't even know what it is yet.
David Spark
So, yeah. And I don't think you were the only CISO who got that early message. And you were like, I don't know.
Lionel Liddy
That's right. And there's a lot of. Yeah, there's a lot of. I don't know. I think, yeah, I'm not alone here. Right. And also, answers are shifting very fast. What you thought you knew is no longer true. A month later, it's like, oh, I didn't think the model could do this or that. Right. And that does not hold anymore.
David Spark
And so let's dive in a little bit into openclaw and agentic AI in general. And this idea, everyone's going to have agents running everywhere. I'm going to set aside the current hilarity around people realizing they're getting massive bills for agents doing things that aren't necessarily adding value. That's a risk, but it's not the risks. We're going to concentrate. Let's start off with this idea of what role does the browser and what role can the browser play in the model you're talking about in containing some of the risks around agentic AI? We've seen stories where I can basically embed unseen text in a website that an agent will read, and we've already seen enough evidence where it will follow instructions that are embedded in content. So how does the browser play a role in this, or does the browser play a role in this?
Lionel Liddy
Yeah, it definitely plays a role. Right. As I was saying earlier, switch to the web and browsers, because this is where everything was happening for humans. Right. The browser was essentially the new operating system, and humans are using browsers all the time. Like, probably 80% of your day or more is spent in the browser. This is what we see. So this is where agents are going to be doing their work as well. Right. We've built a lot of, I guess, SaaS applications, non SaaS applications that are primarily accessed through browsers. Yes. In some cases they have APIs. Right. And this is what we see with agents using mcp. But in other cases, the only way to go about accessing these services is through a browser. And then the other thing is the browser was at the center of the early days of first the early days of LLMs, right? Probably your first experience was an LLM was you went to chat.OpenAI.com or something like that, right? And you did this in your browser. So all of this interaction with these various chat applications are happening in your browser. And then after that we started seeing both agentic browsers, right? Things like Atlas from, from OpenAI and Comet from Perplexity. And then we also saw was Google Microsoft adding agentic features to the browser, right? And then Anthropic adding an extension so that cloud can drive the browser, right? So the browser has really been in in the middle of all this and then creating really interesting security challenges, right? Like how do you then have the agent now is using my browser, but I'm also authenticated into my bank account and my email and how do I prevent the these agents that we know are susceptible to go rogue, right? This is a prompt injection and all this, right. From not doing the wrong thing. And we've seen all these proof of concepts at least of various attacks, right? And oh, I think it was Perplexity. The Comet had some integration with 1Password, saying oh, now all of a sudden I can trick the agent into not only entering back credentials, but going and changing the password for my 1Password vault so that I can then go as an attacker and access the entire vault, right? Because again, the browser is in the middle of all this ecosystem and extensions. So the 1Password extension, the Chrome extension, the Cloud cloud for Chrome extension, all this and the interplays between all these components. This goes back to your statement about stress and all the complexity there.
David Spark
Yeah, it's not the CISO job wasn't already hard and it'd been interesting because surveys have recently dropped that Show Even more CISOs are thinking about I'm done, I'm out, this is enough. Which is understandable from a burnout perspective. And one of the things that I find interesting is this idea around AI and guardrails that somehow we can think of all the different possible combinations and the frontier makers are going to be able to prevent people from hijacking their models. And what was interesting is NIST came out with a mathematical proof and you've got a mathematics background. It's not mine. Probably the closest I get is my statistics courses in my mba. So read into that what you will. But what was interesting about the mat the NIST proof is I thought it was a really compelling, clear case that you can't guard rail your way out of this risk. And there's been some researchers like Dizideh Shoshana Cox, who've been really critical of the AI industry of saying, no, we've got safety controls in place. No, you don't. There's infinite space to manipulate these things. And I'm curious about your thoughts from your background and what you do, but also is your CISO hat, do you trust these tools to have the right guardrails inherently?
Lionel Liddy
Yeah, I think the NIST work is, it was great work. Right. And it's also very useful in terms of helping anchor what we do because it gives you some fundamental result, right, which is, look, there's not going to be a perfect solution and it's not going to be the case that the AI labs are going to solve this problem and be like, we're done, right? And so if as a CSAR mask, hey, when are you going to be done? Right, we're not going to be done. This is. You're asking me to square the circle and I cannot do that. And the mathematical result here is actually very similar to results that we have for antivirus and edr, right, which is essentially, you can prove that it is not possible to say whether something is malicious or not. Just it's. You can. And it's very similar idea behind the proof, right, Because.
David Spark
Interesting.
Lionel Liddy
Yeah. There's something called the halting problem, and you cannot determine whether a program is going to complete or not. If the computer is sufficiently complex, it may have an infinite loop and you just cannot. It's not going to be possible for you to say, is it going to complete or not? Which means you also cannot determine whether it's malicious or not, because you cannot determine whether any given instruction in it is going to be executed. Right? So maybe this thing that is supposed to be checking something, it will never reach it, but it doesn't mean that AV is useless. Right? We've been working with AV and EDR for decades now, and it provides some level of safety, at least around low hanging fruits. Right. And we've also known for a long time that you can have polymorphic metamorphic malware and it will get around the edr. Doesn't mean it's useless. So I don't think you should take that result to say, oh, what the Frontier labs are doing is useless and we shouldn't be trying to have these soft guard drills, right? They raise the bar, they increase the difficulties for. For attacker. Again, it goes to low hanging fruit. But you should also, yeah, be mindful that it's never gonna be the end all, be all. At least not the way LLMs currently work. Right. And this is where you need, you need more than these soft guardrails that are in the LLM itself. I think this is where you need hard guardrails around it. Right. A framework to control what the agent is doing that does not rely on the LLM itself.
David Spark
And it's interesting, I'm curious to step back for a second and we started and we talked a little bit about the hype that came out and the speed of the fire hose of new things hitting CISOs all over the place. And so on one hand you've got Anthropic who's created an amazing. We have to give props, the cybersecurity and AI marketing campaign of the year. The Academy Award goes to Anthropic.
Lionel Liddy
Hands down, it worked well for them. Anything that raises security awareness and gives me ammunition to go to my, my CEO, my board, whoever that. Look, this problem is real and I need funding for it is helpful. Right. So maybe a lesson that's maybe a little bit less cynical of a take. But yes, they, they did a great job of getting publicity.
David Spark
I think you found some way to make some lemonade out of that, which is good. You're right. We should never waste a attention grabbing thing. I think it was interesting to see the US government sort of reacting with this export controls and you know, only us can have this and meanwhile China's, we're building our own stuff that's just as good, if not better than Mythos. And I guess from a CISO perspective, do we have to get around the fact that this is not a unique one company capability? The ability to discover exploit autonomously at speed and scale software vulnerabilities is a threat. That's just. It's going to be open source models, it's going to be other OpenAI came out with their version, China's got their version. Is it just. This is the new normal?
Lionel Liddy
Yeah, I think. Absolutely. And I think this is maybe the part where Anthropic did a good job of hey, Mesos is special. Right. All the other ones we now have the special sauce and this super powerful. It's not quite what they said. Right. But I think this is what transpired. Right. But what we've seen is that there's plenty of other models. There's a gradient of capabilities. Yes. It does look like Methos was a step up. Right. And full disclosure, we don't have access to Mythos. So I have not personally interacted with it. Right. But we've used other models and they all have some level of these capabilities. And we also know that this is improving fast. And yes, we've seen that. So this was just, this was recently in the news, right? These Chinese models, they can do almost the same thing. It was reminiscent of, I think was six months ago or a year ago when deepsea came out, right. And people were, oh, we thought, let's chatgpt was so special. And it turns out that maybe through distillation, but it was not that hard to replicate. I think you should assume that this is going to be, to be the same. So what we were talking about at the beginning, right, so this is going to be going faster. These models are going to be finding vulnerabilities. But I think one thing that gets buried a little bit is it goes beyond finding vulnerabilities. It's actually about being to leverage these vulnerabilities, build exploits, chain exploits. Right. And it's no longer the case that. Now what used to be the case that people would release a patch, right, and say, oh, this is just like a proof of concept. It's not. There's no full exploit around it. It's going to take weeks for people to develop and exploit. Right. And that, that no longer holds. And it's not just missiles. They can.
David Spark
Well, it's interesting because the ESET researchers last year, and it was like they were able to take a CVE documentation and feed it into an LLM and in about 15 and for about a dollar's worth of AI expense, they came up with working PoC code. We've seen that side. And my thinking about the overall issue is this, is that we have a very polluted web environment when we think about the amount of bad code, because the incentives weren't that as a, as a code maker, product maker, there was no liability. So it's just cars. Back in the day, before there were emission standards, they put out a lot of pollutants. So we've put a lot of bad code out into the world and it's going to take us decades to refactor, update, modernize, harden. No matter how much AI is going to help us deal with some of this, it's also churning out more bad code because it was trained on bad code. We're into a long haul. The web is not going to clean itself up. We are in a. I jokingly referred to it as the Love Canal era of an EPA super fund cleanup site for the Internet. And so it's polluted. And the way that I understood what you described with the work you're doing in the browser, both to protect the person browsing, or maybe their agents when they're going to a contaminated Internet, but also to protect sensitive infrastructure inside of a corporation from a flaw in a browser itself. So it really is that, lack of a better word, hazmat suit for the Internet.
Podcast Host / Sponsor Announcer
Yes.
Lionel Liddy
And for when you're looking at protecting your servers, Right. It's not necessarily a flaw in the browser, it can actually be a flaw in the server. But then the interface that you have to the server is very broad. So what I mean by that is you probably remember log 4J, right, four or five years ago, and what was going on there? It was a flaw on the server, right. And it was. Oh, you could manipulate some of the HTTP headers to have this special string that would then cause the log 4J library to misbehave. But the thing is, when users are interacting with your website, they don't send HTTP headers, Right. They go at it with a browser. But the thing is, the browser's running on the user's endpoint, so there's nothing preventing them from manipulating these headers. Right. And so this is where we come in. It's not that there's a flaw in the browser, but it's. Now, if you want to access my website, that may be vulnerable to log 4J, you can no longer go and manipulate the packets that are being sent to the website. You have to go through a browser and all you can do is click around, right? And you're going to fill forms, but you're not going to be able to manipulate HTTP headers. So this means that, okay, there's a flaw in NOC4J, but this is where it has this hazmat suit for your server. Right now, it is protected because the user, the malicious user, cannot go and bypass normal ways the browser would be interacting, interacting with the website. But yeah, it's important that in both cases, it's not about, it's not about finding the vulnerabilities, Right. It's about mitigating the impact of these vulnerabilities or making sure that these vulnerabilities are not exposed.
David Spark
Right.
Lionel Liddy
So you, you reduce your attack surface.
David Spark
I think it makes sense and I think when I think about it pragmatically, so if you've got a large enterprise, a bank, a telecommunications provider, et cetera, tens of thousands of apps, custom apps have been built over time. You are not cleaning that estate up. And one of your first arguments is probably going to be a lot of these internal apps are not accessible to the Internet. They're not accessible to others. They're behind our internal network. It's only our internal users. You've set up all of these mitigations. But if I understand what you're saying, saying is that, yes, but if I pwn one of your users, I'm inside your network using tools that your users would use. This is a way to prevent them from being able to exploit something while you're working through your burndown list of all the internal apps, you're going to have to modernize in different ways. Is it. Would that be an accurate sort of paraphrase?
Lionel Liddy
Yeah, that's spot on. Right. And just think about what would happen if log 4J happened today. Right. It happened six months down the road now with all the acceleration we're seeing with AI. Right. It's just attackers are going to have a field day. And yeah, to your point there, you have 10,000 apps. Right. How long did it take for people to understand all of the places where this vulnerable library was in use and then patch these servers? Right. And again, attackers. And now, I guess, AI powered attackers, they're chaining vulnerabilities. Right. So they're going to get in your network one way or another, and then they're going to get to that server that you thought was not on the Internet and as a result, not accessible.
David Spark
What's interesting when I think about this is to your, to your point is the scenarios that I'm thinking about as these tools become widely adopted in the development of larger, more complex, more autonomous criminal exploits. It's not just finding the next log4j. It's imagine every CISO of every major organization having to deal with 4 log4j kind of issues simultaneously in the same week. Because that's how I think this is going to play out. It's not like criminals are going to sequentially say, okay, we're just going to burn our new log 4J 2.0 this week and next week when they catch their breath, we'll hit them with this one. We are, we're heading to a point where it could be a very nasty month. Could have merged, mostly because threat actors don't coordinate. Okay, when are you gonna release? It's not like a Hollywood summer movie schedule where it's like, okay, these are the weekends. Here's where we're gonna put our stuff at. We could be heading to one of those collision weekends where a lot of stuff is gonna hit and it probably, unfortunately will start on a weekend.
Lionel Liddy
Yeah, I don't want to fear Monger. And hopefully it does not play out this way. Right. But it's definitely a possibility. Right. Just these vulnerabilities are compounding. Right. The more you have, the easier it's or the more likely it is that there's going to be some really unfortunate scenario and then, yes, we know it tends to happen on the weekend or December 21st. Right. This is, I think log 4J was like the week for the, I guess, winter holidays.
Podcast Host / Sponsor Announcer
Yeah.
David Spark
And I hear your point about not fear mongering. The other part is though that I think we, we have to acknowledge a couple of things. Number one, the environment is polluted. There are so many bugs everywhere. And I think if anything, for me, the last months, the, the lie that we all told ourselves that open source code, because many people were seeing it, bugs would get found, things would get resolved. And I think we realized that was the biggest myth, Mythos exposed. It turns out if you're not paying people to go and harden code and actually go look for bugs, sure, they're going to discover some. But it turned out they only discovered the tip of the iceberg. There's such depth of bugs at complex combinations that we're going to have a time, I think we will come to the side of it to give a little bit of hope to the conversation. It's not just all fud, but it's going to be that hump of climbing this hill that we've built this bug technical debt pile that we're going to have to just get to the other side of. If that does that make sense.
Lionel Liddy
It, it does to me. This is not, I don't have an answer to the question of like how high is the pile though. Right. As in, yeah, we thought we were maybe in a reasonably good place. We had fuzzers, we had static code analysis. And yeah, it turns out that AI is able to find more bugs. And I think as we were saying, I don't think Missus was magical. We already saw that some of the other models could find bugs. I think Mozilla, they first were using the previous version of the Claude LLM, either Opus or something and they found some and then Misos found more. Right. I don't know when this is going to stop. Hopefully it will stop at some point. Right. But is miss. Is misos 2.0 going to find a whole bunch more or as we were discussing. Right. Some other model. Right. Where does it stop? But yeah, hopefully there's a hump and we get, we get over it.
David Spark
But in the meantime, as you said, the browser is the front line. It's the trenches. It is where this battle is going to get fought day in and day. And if folks want to learn more about the work that you're doing on browser security, I guess they could check out your website and and other things. So It's Menlo Security.
Lionel Liddy
Menlosecurity.com yes, very straightforward. Menlosecurity.Com Perfect. You can also go to Menlo Security that that also works.
David Spark
Okay, perfect. Lionel, this has been a fascinating conversation. Thanks for going with me on this roller coaster journey around AI security. Really appreciate the background that you provided and the fascinating journey from the classroom and math to a crazy growing startup to now being a ciso. But also being a CISO while trying to help provide tools to other CISO is much appreciated. Thank you so much for your time.
Lionel Liddy
Yeah, thank you. I really enjoyed this. I felt like we could have talked for hours. This is just endlessly fascinating and stressful. But yeah, thanks for having me.
David Spark
Endlessly fascinating and stressful. Isn't that the CISO job description? Thank you so much Lionel.
Podcast Host / Sponsor Announcer
Once again, we'd like to thank NORD Layer for their support in sponsoring this show. Teams today work across multiple tools and devices, but security often remains fragmented. This is exactly what NORD Layer can help you address. It provides a network security platform with easy to manage network access, monitoring and control, and without additional hardware or complex infrastructure. Nordlayer helps businesses of all sizes manage and secure access to company resources going beyond what traditional VPNs can offer. And it provides encrypted connectivity with visibility across your entire network environment. And did we mention no new hardware required? Visit nordlayer.com cybersecurity today and use the code NL Summer 26 for a special discount during their summer sale.
This episode, hosted by David Spark with guest Lionel Liddy (CISO, Menlo Security), dives deep into how artificial intelligence is transforming the landscape of cybersecurity threats. The discussion covers the unprecedented speed, scale, and sophistication of AI-driven attacks, the evolving burden on CISOs, and why browser security is rapidly becoming a critical defensive front in the era of agentic AI. They address myths around open source security, the reality of persistent vulnerabilities, and debate if industry guardrails can keep up.
Guardrails Can't Do It All: Recent NIST research mathematically proves that AI models can't be fully “guardrailed” against malicious use, similar to the impossibility of perfect AV detection (halting problem).
Hype vs. Reality: Anthropic's "Mythos" model generated media and government hype—helping with security budget narratives—but the offensive potential of agentic AI is not limited to any one model, vendor, or geography.
Legacy Vulnerabilities: The web is deeply polluted with code vulnerabilities due to a lack of developer liability—decades of "technical debt" cannot be reversed quickly.
Browser Security as Hazmat: Browser isolation acts as a "hazmat suit" for users and infrastructure, preventing endpoint and internal server exploitation—even for hidden flaws (e.g., log4j).
Mitigation Focus: Modern browser security is about reducing attack surface and impact, not just vulnerability discovery.
Compounding Threats: AI doesn’t just find vulnerabilities—it chains them; the risk isn’t sequential but simultaneous, causing mass exploit events.
Burnout & Reality: The complexity, compounded by rapid AI advancements, is pushing an increasing number of CISOs toward burnout and skepticism about long-term progress.
On Legacy Myths:
“The lie that we all told ourselves that open source code, because many people were seeing it, bugs would get found, things would get resolved. And I think we realized that was the biggest myth, Mythos exposed.” — David Spark (29:42)
On Browser as Front Line:
“The browser is essentially the new operating system, and humans are using browsers all the time. Like, probably 80% of your day or more is spent in the browser. This is what we see. So this is where agents are going to be doing their work as well.” — Lionel Liddy (12:52)
On Mathematical Limits:
“It’s also very useful in terms of helping anchor what we do because it gives you some fundamental result, right, which is, look, there’s not going to be a perfect solution and it’s not going to be the case that the AI labs are going to solve this problem and be like, we're done…” — Lionel Liddy (17:08)
On AI’s New Normal:
“We have to get around the fact that this is not a unique one company capability… the ability to discover exploit autonomously at speed and scale software vulnerabilities is a threat. That's just. It's going to be open source models… China's got their version. Is it just. This is the new normal?” — David Spark (20:51)
On CISOs & Burnout:
"It's not the CISO job wasn't already hard and it'd been interesting because surveys have recently dropped that show even more CISOs are thinking about I'm done, I'm out, this is enough. Which is understandable from a burnout perspective." — David Spark (15:42)
In Summary:
AI has fundamentally shifted the defense landscape: security teams face threats at unprecedented velocity and scale, compounded by layers of legacy code vulnerabilities. Browser security—specifically isolation—is emerging as a crucial containment tool to blunt the impact of both known and yet-unknown vulnerabilities in our “polluted” web ecosystem. Hard guardrails and “hazmat” approaches will be necessary alongside (not instead of) imperfect AI controls. For CISOs, the job continues to be, in Liddy’s words, “endlessly fascinating and stressful” (32:38).
Learn More:
This summary omits sponsor messages, intro/outro, and focuses on the technical insights and perspectives central to the episode.