Stenobird

Episode

AI-Era AppSec: Transparency, Trust, and Risk Beyond the Firewall - Felipe Zipitria, Steve Springett, Aruneesh Salhotra, Ken Huang - ASW #363

Podcast
Application Security Weekly (Audio)
Published
Dec 30, 2025
Duration seconds
4003
Processing state
not_requested
Canonical source
https://aswaudio.libsyn.com/ai-era-appsec-transparency-trust-and-risk-beyond-the-firewall-felipe-zipitria-steve-springett-aruneesh-salhotra-ken-huang-asw-363
Audio
https://dts.podtrac.com/redirect.mp3/traffic.libsyn.com/secure/aswaudio/ASW_363_1--921a9750-7628-4a13-9757-028c48dc031d--audio-converted--f15ba35d-3a32-4f81-84f6-d3e9650c3452.mp3?dest-id=626765
JSON
/v1/public/podcasts/application-security-weekly-audio-436682/episodes/ai-era-appsec-transparency-trust-and-risk-beyond-the-firewall-felipe-zipitria-steve-springett-aruneesh-salhotra-ken-huang-asw-363
Markdown
/podcast/application-security-weekly-audio-436682/ai-era-appsec-transparency-trust-and-risk-beyond-the-firewall-felipe-zipitria-steve-springett-aruneesh-salhotra-ken-huang-asw-363.md

Actions

  • POST https://stenobird.com/v1/public/podcasts/application-security-weekly-audio-436682/episodes/ai-era-appsec-transparency-trust-and-risk-beyond-the-firewall-felipe-zipitria-steve-springett-aruneesh-salhotra-ken-huang-asw-363/transcription-requests
    Idempotently request low-priority transcript generation for this episode.
  • GET https://stenobird.com/podcast/application-security-weekly-audio-436682/ai-era-appsec-transparency-trust-and-risk-beyond-the-firewall-felipe-zipitria-steve-springett-aruneesh-salhotra-ken-huang-asw-363.md
    Read the agent-friendly Markdown representation of this episode resource.

Summary

In an era dominated by AI-powered security tools and cloud-native architectures, are traditional Web Application Firewalls still relevant? Join us as we speak with Felipe Zipitria, co-leader of the OWASP Core Rule Set (CRS) project. Felipe has been at the forefront of open-source security, leading the development of one of the world's most widely deployed WAF rule sets, trusted by organizations globally to protect their web applications. Felipe explains why WAFs remain a critical layer in modern defense-in-depth strategies. We'll explore what makes OWASP CRS the go-to choice for security teams, dive into the project's current innovations, and discuss how traditional rule-based security is evolving to work alongside — not against — AI. Segment Resources: github.com/coreruleset/coreruleset coreruleset.org The future of CycloneDX is defined by modularity, API-first design, and deeper contextual insight, enabling transparency that is not just comprehensive, but actionable. At its heart is the Transparency Exchange API, which delivers a normalized, format-agnostic model for sharing SBOMs, attestations, risks, and more across the software supply chain. As genAI transforms every sector of modern business, the security community faces a question: how do we protect systems we can't fully see or understand? In this fireside chat, Aruneesh Salhotra, Project Lead for OWASP AIBOM and Co-Lead of OWASP AI Exchange, discusses two groundbreaking initiatives that are reshaping how organizations approach AI security and supply chain transparency. OWASP AI Exchange has emerged as the go-to single resource for AI security and privacy, providing over 200 pages of practical advice on protecting AI and data-centric systems from threats. Through its official liaison partnership with CEN/CENELE…