
Episode 14: AI Risks, Threat Modeling, and The Future of Vibe Coding
From Distilled Security Podcast by Justin Leapline, Joe Wynn, and Rick Yocum
July 8, 2025 · 1h 23m · Episode 14
About this episode
The episode discusses the risks and potential of AI in cybersecurity with expert John Zeolla.
Episode 14 of the Distilled Security Podcast is here! This week, the team welcomes guest John Zeolla , a cybersecurity expert and AI enthusiast, for a deep dive into the risks, realities, and potential of artificial intelligence. Topics include: Shadow AI in the Enterprise : Why business leaders are adopting AI faster than CISOs can assess the risks—and how features are outpacing controls. Third-Party AI Risk : Understanding vendor integrations with ChatGPT and others, and how contracts alone can’t guarantee security. Data Sprawl and Provenance : How uncontrolled data flows and poor identity scoping create dangerous exposure in generative AI platforms. Threat Modeling for AI : Why traditional frameworks like STRIDE still apply—and how techniques like “LLM as a judge” are reshaping modern risk analysis. Hallucinations, Misuse, and Insider Access : From AI-summarized HR documents to leaked board data, the team explores how improper permissions are amplified by intelligent agents. AI in Real Business Use : From customer support chatbots to code review tools, where AI adds value—and where it creates new points of failure. Governance and Culture : The role of CISOs, legal, and finance…
People in this episode
Hosts: Justin Leapline, Joe Wynn, Rick Yocum
Guest: John Zeolla
Topics covered
- AI Risks
- Threat Modeling
- Cybersecurity
- Data Sprawl
- Governance
- Generative AI
Keywords
- AI
- cybersecurity
- threat modeling
- data sprawl
- generative AI
- vendor risk
- CISO
Sponsors
Liberty Liquors
More episodes of Distilled Security Podcast
- Episode 24: 2 Years, 24 Episodes & The State of Security in the Age of AI · May 14, 2026 · 1h 43m
- Episode 23: Nobody read the report · April 14, 2026 · 2h 10m
- Episode 22: Is AI Good for Security, CIRCIA Starts the Clock, and the M&A Problem Nobody's Talking About · March 9, 2026 · 1h 56m
- Episode 21: AI Notetakers Are Illegal, GRC Tools Are Lying, and ISO 42001 Changes Everything · February 18, 2026 · 1h 51m
- Episode 20 : 2026 Kickoff: Security Resolutions, Key Deadlines, and Don’t Mislead the Feds · January 26, 2026 · 1h 20m
- Episode 19: Cloudflare Outage, AI-Powered Attacks & The Rise of GRC Engineering | Distilled Security Podcast · December 8, 2025 · 2h 12m
Explore listener stats, chart rankings, contacts and more on the Distilled Security Podcast podcast page.