
Episode 22: Is AI Good for Security, CIRCIA Starts the Clock, and the M&A Problem Nobody's Talking About
From Distilled Security Podcast by Justin Leapline, Joe Wynn, and Rick Yocum
March 9, 2026 · 1h 56m · Episode 22
About this episode
The episode discusses the impact of AI on security, regulatory changes, compliance challenges, and the current state of cybersecurity mergers and acquisitions.
In this episode of the Distilled Security Podcast, we tackle four topics shaping the cybersecurity landscape — from AI's real impact on defense to a wave of regulatory and market changes every security team needs to be tracking. 🔹 Is AI Good for Security? — Anthropic's model finding hundreds of zero days, stock market panic after Claude Code's launch (CrowdStrike down 11%), the "hard things easy, easy things hard" reality of AI, why human-out-of-the-loop isn't ready yet, the coming spike in vulnerability disclosures, and how defenders should be using AI for better hygiene 🔹 CIRCIA Final Rule (May 2026) — The federal incident reporting law hitting critical infrastructure, 72-hour incident and 24-hour ransom payment notification clocks, how "substantial cyber incident" triggers differ from materiality, mid-market companies falling in scope, overlapping timelines with HIPAA/SEC/state breach laws, and building your incident response playbook now 🔹 Protecting Yourself Against a Changing Compliance Landscape — CMMC Phase 2, HIPAA overhaul, CCPA audits all converging, why a unified security program beats framework-by-framework chasing, evidence over policy in audits, engineering…
People in this episode
Hosts: Justin Leapline, Joe Wynn, Rick Yocum
Topics covered
- AI in cybersecurity
- CIRCIA regulation
- compliance landscape
- cybersecurity M&A
- incident response
- vulnerability disclosures
Keywords
- AI
- cybersecurity
- CIRCIA
- compliance
- M&A
- incident response
- vulnerability
- regulations
Mentioned in this episode
Organizations: Anthropic, CrowdStrike, CMMC, HIPAA, CCPA, Google, Wiz
More episodes of Distilled Security Podcast
- Episode 24: 2 Years, 24 Episodes & The State of Security in the Age of AI · May 14, 2026 · 1h 43m
- Episode 23: Nobody read the report · April 14, 2026 · 2h 10m
- Episode 21: AI Notetakers Are Illegal, GRC Tools Are Lying, and ISO 42001 Changes Everything · February 18, 2026 · 1h 51m
- Episode 20 : 2026 Kickoff: Security Resolutions, Key Deadlines, and Don’t Mislead the Feds · January 26, 2026 · 1h 20m
- Episode 19: Cloudflare Outage, AI-Powered Attacks & The Rise of GRC Engineering | Distilled Security Podcast · December 8, 2025 · 2h 12m
- Episode 18: TRISS Highlights, Cloud Chaos & SaaS Lessons Learned · November 10, 2025 · 1h 53m
Explore listener stats, chart rankings, contacts and more on the Distilled Security Podcast podcast page.