Great Scott, we've seen this before.

If you could climb into a DeLorean and travel back through your organization's identity management history, you'd find the same pattern repeating at every stop. 2014: overprivileged Active Directory service accounts. 2017: Hadoop credentials nobody remembers creating. 2021: Tray.io integrations that are "too risky to rotate."

Different year. Same mistake. And if my calculations are correct, your AI agents are about to become the next entry in this timeline.

In this episode, we'll fire up the flux capacitor and take you on a tour through twenty-five years of IAM failures. From Operation Aurora through SolarWinds to the no-code revolution. The lesson? We keep traveling back to the same problems because we never actually fix them. We just give them new technology to hide behind.

MCP promised to be the USB-C of AI agents, a universal bridge to your tools, APIs, and data. But when the setup docs tell you to copy cookies out of Chrome DevTools and paste them into plaintext config files, something has gone very wrong. This episode traces a year of MCP security breaches from tool poisoning to full supply chain compromise, unpacks the IDE vulnerabilities turning developer laptops into open doors, and makes the case that credential brokers, not user discipline, are the architectural answer. If your AI agents hold raw OAuth tokens, this one's for you.

In 1983, Ken Thompson warned us: you can't trust code you didn't write yourself. Forty-two years later, a worm called Shai-Hulud proved him right after compromising thousands of packages in hours. Software supply chain attacks aren't just theoretical anymore, they're automated, self-replicating, and could be spreading through the packages your team installed this morning. We break down the s1ngularity and Shai-Hulud campaigns, explain why attackers target developers differently than customers, and give you seven things you can do this week to stop being an easy target.

AI systems are all the buzz - and for good reason! The productivity gains are real! But do the risks outweigh the gains?

Every AI agent you deploy has three capabilities: what it can see, what it can access, and what it can do. Combine all three, and you've handed attackers a skeleton key. In this episode, we dig into Meta's Agents Rule of Two framework and show you exactly how to build customer service bots, fraud detection systems, and inbox assistants that can't be weaponized.

Join us as we explore the treacherous waters between perfect security planning and real-world implementation. Drawing surprising parallels between the Battle of Trafalgar's communication challenges and modern cybersecurity struggles, we dive into seven critical security initiatives that often fail even the most capable companies. From zero trust architecture to passwordless authentication, we examine why brilliant ideas sometimes sink faster than a lead anchor - and more importantly, how to keep them afloat. The perfect intersection of historical insight and modern security challenges, this episode reminds us that sometimes the best security strategy isn't the most elegant – it's the one your team can actually execute.

In this hoot of an episode, we've taken a nocturnal flight through the fascinating world of User Behavior Analytics, guided by the wisdom of our feathered friends, the owls. Just as these majestic birds use their UV-powered pick-up lines to find the perfect mate, we've explored how UBA can help you find the perfect balance between trusting your users and verifying their actions. You'll walk away with a toolkit full of insights on implementing UBA in Okta, turning your security system into a wise old owl that can spot a rat from a mile away. Whether you're dealing with midnight oil burners or potential security breaches, you'll be equipped to handle it all with the grace of an owl gliding through the digital forest.

Discover how to navigate the rich landscape of open source, from safely integrating external code to contributing your own digital harvest back to the community. Learn practical strategies for implementing a robust Software Bill of Materials (SBOM), managing dependencies, and governing your open source program effectively. Explore the parallels between autumn's vibrant farm stands and the diverse ecosystem of open source projects, and gain insights on balancing innovation with security. Whether you're a seasoned tech farmer or just starting to cultivate your digital fields, this episode offers a cornucopia of actionable advice to help your organization reap the benefits of open source while mitigating potential risks.

In this thrilling episode of Plan B Security, we're diving headfirst into the treacherous Legal Labyrinth of cybersecurity. Picture this: You're a valiant CISO, armed with firewalls and patched systems, suddenly faced with a dragon named "Negligence" breathing hot legal fire your way. We'll guide you through this maze of bits, breaches, and bureaucracy, showing you how to slay the beast of data negligence and rescue Princess Data from the clutches of cybercriminals and overzealous attorneys general. From the perils of leaving your claims file on the digital equivalent of a park bench (we're looking at you, Harleysville Insurance!) to the pitfalls of playing ostrich with your head in the sand, we'll equip you with the knowledge to navigate the murky waters of FTC actions, state AG smackdowns, and the ever-looming specter of privilege waiver. So grab your digital sword and shield, and join us on this quest to keep your data safe and your legal team off your back. Remember, in the realm of cybersecurity, there's always a Plan B!