Subscribe Share Full episode and show notes Data Security , Breach , AI/ML AI Has a data problem, cascading breaches, and the weekly news – Dimitri Sirota – ESW #459 Interview with Dimitri Sirota from BigID Most organizations think AI risk lives in the model – or the identity. It doesn’t. It lives in the data. In this episode, BigID’s CEO reframes the conversation: why legacy access controls are breaking down, why visibility into sensitive data is the missing foundation, and what it takes to govern humans and machines under a single, accountable framework. Segment Resources: BigID’s Agent Access Management Guide BigID’s podcast, CTRL + ALT + AI This Week’s Topic: Cascading Breaches We’re seeing more and more 3rd and 4th party attacks that chain through multiple layers of compromised tools and services. In this topic segment, we discuss the two main as... May 18, 2026 This episode is sponsored by Full Segment Notes Interview with Dimitri Sirota from BigID Most organizations think AI risk lives in the model – or the identity. It doesn’t. It lives in the data. In this episode, BigID’s CEO reframes the conversation: why legacy access controls are breaking down, why visibility into sensitive data is the missing foundation, and what it takes to govern humans and machines under a single, accountable framework. Segment Resources: BigID's Agent Access Management Guide BigID's podcast, CTRL + ALT + AI This Week's Topic: Cascading Breaches We’re seeing more and more 3rd and 4th party attacks that chain through multiple layers of compromised tools and services. In this topic segment, we discuss the two main aspects of this trend: How we can stop the chain of breaches from a third party library, vendor, or service provider How this might get handled at the legal, contractual, and organizational levels We discuss two big recent examples: Sonicwall's 2025 breach of their cloud firewall configuration backup service The compromise of Aqua Security's widely used Trivy open source tool The Weekly Enterprise News Finally, in the enterprise security news, Funding and M&A courtesy of the Security, Funded newsletter We have evidence that attackers are leveraging AI now (this sounds like old news, but there was little to no evidence before, when people were claiming this) The Angry admin problem emerges again Vulnerability information is getting crazy to keep up with Breach information is getting crazy to keep up with You can give your Agents an allowance now - don’t spend it all in one place Are vulnerabilities sparse or dense? Mythos, as a model, isn’t all that special Deploy your own deception sensors! Japan made something weird. Again. All that and more, on this episode of Enterprise Security Weekly. This segment is sponsored by BigID. Visit https://securityweekly.com/bigid to learn more about them! Guest Dimitri Sirota CEO and Co-Founder at BigID Dimitri Sirota is the co-founder and CEO of BigID, which helps organizations connect the dots across data & AI for security, privacy, compliance, and AI data management. A recognized security expert and serial entrepreneur, Dimitri has built and scaled multiple enterprise software companies, including Layer 7 Technologies and eTunnels. Hosts Adrian Sanabria @sawaba https://adriansanabria.com Katie Teitler-Santullo https://thereformedanalyst.substack.com/ Tyler Shields https://www.90degree.vc/ List of Articles Adrian Sanabria NEW TOOLS: OpenAI’s Daybreak Promises To Improve AppSec But Introduces A New Pricing Model: Five Buyer-Side Implications For CISOs It's official, the big AI vendors are hoping to charge cybersecurity buyers big bucks for their appsec needs. There are some interesting details in this announcement, and I'm still not clear on exactly what the costs are, but it's clear that it won't be cheap - maybe even more expensive than the unreleased Mythos. NEWS: “Security things from the last few days…” Tweet from Theo – t3.gg Security things from the last few days: - CopyFail (linux pwn'd) - CopyFail 2/Dirty Frag - 13 advisories in Next.js - Over 70 CVEs addressed in MacOS 26.5 - ~50 CVEs addressed in iOS 26.5 - YellowKey (Windows Bitlocker pwn'd entirely) - GreenPlasma (Windows privilege escalation) - CVE-2026-21510 and CVE-2026-21513 confirmed to be used by Russia for Windows RCE - CVE-2026-32202 separately confirmed to be used by Russia for sensitive document access - Mini-Shai Hulud (over 300 JS and Python packages compromised via GitHub Action cache poisoning) - Google confirms they have identified AI-powered exploitation of zero days in an unidentified "open-source, web-based system administration too" - Canvas (popular LMS used in most schools) pwn'd entirely - PAN-OS (palo alto networks) pwn'd with a 9.3 severity CVE-2026-0300 Are you scared yet? Twin brothers wipe 96 gov’t databases minutes after being fired Incident Report: CVE-2024-YIKES Agents can now create Cloudflare accounts, buy domains, and deploy SQUIRREL: Instagram You are not prepared for this. I wasn't. Water System Hack Shows Potential, And Limits, of AI Attacks Mythos ‘Discovered’ a CVE Already in Its Training Data – and That’s Still Worrying PAPERS: Vulnerability Abundance: A formal proof of infinite vulnerabilities in code Finding Zero-Days with Any Model Project Swarm Opinion AI (@opinionai) AI-augmented threat actor accesses FortiGate devices at scale Agents Rule of Two: A Practical Approach to AI Agent Security FUNDING, M&A: Courtesy of the Security, Funded newsletter, #243 – More AI, More Problems Show More Stay in the Know, No Smoke and Mirrors – Join Our Newsletter Get expert insights and technical breakdowns straight to your inbox. Join Now Related Segments Data Security Microsoft Copilot Security Risks: How to Fix Data Oversharing with AI Governance – WC #1 Encryption Post Quantum Migration Struggles, AI Threats, and Modern Defenses – Bobby Ford, HD Moore, Eyal Benishti, Ramin Farassat, Daniel dos Santos – ESW #457 Privacy Data Privacy for CISOs: How to Build a Privacy-First Security Strategy (2025 Guide) – WC #1 Related Content Data Security Tokee messaging app exposes 1.2 million users’ data in MongoDB leak Data Security Veeam enhances data protection with new AI-powered features MSSP Blumira’s Kindling Platform Helps MSSPs Streamline Alert Analysis You can skip this ad in 5 seconds