Crucial Tech

Two weeks ago I did in interview with Claude, ChatGPT and Grok about what could possibly cause the collapse of the AI industry. Little did I know that within the next two weeks there would be a convergence of events that might create that collapse. So this is part two of that podcast.And this podcast is the final one of season 11. We will be back after the RSA Conference with Season 12.

I read news stories every day, several times a day. When it comes to AI I hear that the industry is booming/it's crashing/it's a miracle/it's a nightmare. Everyone has an opinion and it isn't nuanced. It is also all speculation. I wondered who could give me a balanced view of whether AI will survive or thrive in it's current form. Then I was listening to one of my favorite podcasters, Mark Stockley, who had a guest that used AI created an AI companion to work out ideas for his own content. I thought, "Why not?"So I fired up Claude Sonnet 2.6 and asked about the future of AI. the answers were remarkably balanced, thoughtful... and scary as hell.

At the beginning of 2025, vibe coding (using LLMs to create computer code) was all the rage. By June, the bloom had fallen off the rose. Studies showed professional coders were losing skill, and falsely believing they were made more productive using it rather than doing it themselves. This failure of AI to produce efficiency made the fad of vibe coding crash faster than any other AI-related application. Companies producing tools to support the work lost 60% of traffic by September.Undeterred the editorial staff of Cyber Protection Magazine jumped into the fad with both feet... because the practice still has value for people who don't know jack about coding but have a few ideas. Patrick Boch and Lou Covey talk about their vibe journey to date. Don't pass up the poll.

Last week, the Cybersecurity Infrastructure Security Act of 2015 faded away without Congressional action (and because of some pretty stupid reasons from Senate Homeland Security Committee chair Rand Paul). But like Dumbledore's Phoenix could arise from the ashes in a new form. Who knows and who cares? Well, we talked to Gigamon's CSO Chaim Mazal this week about the act, and whether it's demise is good or bad. The short answer is, it depends. Listen. this is a short one and will probably make things clearer.... I think.

As the Superbowl and Olympics approach, ticket scammers are getting ready to separate fools from their money.Maybe that is harsh but it takes a pretty clueless person to fall for most phishing scams today. I talked with Anomali CISO about how emotional decisions are at the core of most online fraud and what can be done about it.

Last week I attended the most honest tech conference I can remember. The ironic thing was that it wasn’t a tech conference at all. If was the California Press Foundation (CPF) annual conference.The CPF traces its history back to 1878 when it was formed originally as the California Press Association to represent the journalism industry in the state. It morphed and partnered with different journalism groups over its existence, and today it operates independently as a statewide nonprofit supporting the next generation of journalists. At its core, it works to keep the shrinking industry alive.Journalism is crucial to the survival of democracies worldwide, and this organization is doing yeoman's work in pushing it into the 21st century.

Every year at this time I start getting pitches from PR folks offering client's predictions for the coming year. Lots of publications put out their annual predictions articles in December with their own, plus a few selected from these pitches.At Cyber Protection Magazine we do it a bit different. Our predictions don't come out until January so we can give equal review to the stuff that comes in after Christmas. So you're welcome.But in this podcast with Ian Thornton-Trump, CISO of Inversion6, we start the process early. We not only give out a few predictions but we also talk about what makes a good prediction. Hint: It doesn't start with "In 2026 we will see a continuation of..." Anything that says everything will go on as it is is not a prediction worth reading.This is a longer than normal podcast, but when Ian and I get wound up, it's hard to stop.

The technology industries run penurious marketing programs. Most spend half as much of their budgets as most of the S&P, and then complain that customers don't respond. They also blame the marketing and PR folks for the bad results of their cut-rate budgets. It doesn't have to be that way.We sat down with Beth Trier of Trier Company, a successful and well-considered agency in San Francisco, and talked about how inadequate budgets and, frankly, C-suite ignorance is damaging the process of communications. While most people may not think this is important, the lack of customer education is at the core of most technology failures, and that's because of poor marketing.

Joe Basques and I were having a conversation about the state of the tech world and decided to hit the record button. There was a lot of ground covered in 20+ minutes.First off, it's that time of year when publications do stories about what can be expected in the next year, which means journalists get swamped with pitches from companies about their executives' predictions. Most of them aren't worth considering but I will still respond. We talk about what we are looking for at the magazine.Next, dysinformation. You may wonder what that is. That's what I call the subject that includes disinformation and misinformation. We will do a special issue on the subject in December, so if you have something to say, now's the time to get it in.Finally, we often hear from companies that they can't afford to do marketing. In truth, it can be expensive, that's why Cyber Protection Magazine will launch a new affordable sponsorship program for 2026. You will be surprised at how affordable it really is.

The genesis of this podcast was a convoluted pitch that was three steps removed from the client. A marketing company working for the client hired a PR agency to distribute a press release, who then farmed out the pitching to a freelancer. I tried to get some clarity on the pitch from the freelancer and it became apparent that she had never talked with the client. Luckily, I had already met with the CEO of the client company a couple of times so I bypassed the rep and went directly to the source. She explained she had never heard of the rep or the agency she seemed to work for.All of this culminated in a story about how the cyber training industry, AKA human risk management, was trying to change and expand the scope of training so it would actually work... and how they are working against themselves.

Proxies are the largely hidden lubricant of the internet. They both protect us and make us vulnerable. The AWS and Microsoft Azure outages in the past few weeks were examples of what happens when proxies are correctly maintained. But as they protect our privacy they also protect the identities of bad actors luring us with their own malware. We talked with Sarah Ralston, CPO of Proxyware about how they are turning the tables on the bad guys.

Our expanded coverage of the viability of the AI industry, and how it could affect the cybersecurity industry, continues with this episode. We've blown out our time limit of 30 minutes because we are talking with three entrepreneurs with less dependence on AI as a product feature. We talk with Tony Garcia, CISO of Infineo; Luigi Caramico, CEO of the innovative encryption company DataKrypto; and Chris Schueler, CEO of Cyderes, an automated MSSP. TL;DL they are all sanguine about the success or failure of AI.Full story can be found at CPM

We've been having a lively debate at Cyber Protection Magazine about the potential, dangers, and chances AI is going to survive in its current form. Co-editor Patrick Boch likes to say I'm something of a Luddite about it, and it's true (Luddites were not against technology, but were adamant about protecting workers using it). I like to say that Patrick is overly optimistic. But, then, He's a lot younger than me, so optimism comes more easily to him. Plus, he's not living in the dystopian hell-hole that the US has become. Lucky dog.That being said, this is the first of several discussion Patrick and I will be having on this subject, along with several other interviews and articles to come.

More often than not, when I'm interviewing a corporate leader about the news they are presenting to me, I find a bit of news in their own content that they didn't see, That was the case when I interviewed Mike Wiacek, founder and CTO of Stairwell. The company is in a very competitive market with almost 250 companies dedicated to identifying malware before it can mess up your system, The report was about the rise of malware variants in the world, but their own report showed that, at least this year, the technology niche they are in is actually knocking that number down. He was surprised, but it made for a good discussion.

When it comes to the implementation of AI in a corporation, the question is not if or when. It’s more like, “How much if a disaster are we willing to accept?” A whole new industry niche is arising to help companies determine just how mediocre and unsafe they want to be. Tumeryk is one of those companies helping provide that insight.

The first of September began with a bang. I've got a lot to write and talk about, but barely had time to do this much. There is an AI infrastructure conference coming next week, along with a special issue on AI economics. But companies really need to start learning how to tell a story all over again. Generative AI and marketese is killing a lot of really good technology. Listen in and find out how to fix that.

A few weeks ago I talked with Paul Valente, CEO of VISO TRUST. In the excitement of Agentic AI adoption, a massive security hole has opened and Valente's goal is plugging that hole. Our conversation adds a needed reality check to the AI euphoria/

I got a pitch from Reality Defender (deepfake video detection) about a partnership with ValidSoft (deepfake voice) last week. We don’t generally cover partnership agreements because, well, we get a handful every week and they just aren’t news. But the pitch threw out a few statistics that seemed a bit off. After some research, I found out how off they were.See, fraud can be divided into two types: Criminal fraud, which companies like these are dedicated to stopping, and legally protected fraud like advertising and political speech (First Amendment and all that). As far as impacts go, the latter is much more dangerous and prevalent, but security companies can’t relly do anything about that. And that is what I discussed with Reality Defender CEO, Ben Colman discussed.Key Takeaways and LinksDeepfake fraud attempts are low in percentage but high in potential impact, especially for high-value clients in regulated industriesThere's a critical need for national regulation to address AI-generated content on consumer platforms, as current measures are insufficient.Reality Defender and Validsoft claim to lead in deepfake detection, focusing on inference-based and provenance-based approaches respectivelyThe "David Act" (Deepfake Audio Video Image Detection Act) has been proposed to require platforms to flag AI-generated content.

We are starting out the 11th season of Crucial Tech is a bang. I am completing an article on a significant security hole in AI agents that shows how the tech industry makes security an afterthought every, damn, time. One of the companies pitching a solution is Teleport, which manages identity access and I had a friendly but contentious conversation about it with their CEO, Ev Kontsevoy who insisted that identity is NOT a security issue. OK, then.

Today ends the 10th season of Crucial Tech, 250+ episodes over six years and not a single repeat subject. Today we look at an aspect of cyber insurance not yet discussed as far as we can find: Why do so few cybersecurity companies carry cyber insurance? We bring in our friend and benefactor, Spencer Timmel from Safety National Insurance, to get that answer.We are taking a few weeks off before launching into season 11. Send any ideas for new episodes to Cyber Protection Magazine.