Jun 2, 2026

We dedicate an episode to catching up on appsec news with Kalyani Pawar. We see parsing problems that led to the BadHost vuln, which exposed lots of LLMs, MCPs, and agents to potential compromise. We wonder where to look for security education and practice as the camaraderie of the CTF community becomes infiltrated by LLMs. We talk about the tradeoffs in trust between using public packages vs. having agents write replacements from scratch. And we examine some of the appsec details that the Verizon DBIR reveals about how orgs are being attacked -- and how orgs might use that information to protect themselves.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Show Notes: https://securityweekly.com/asw-385