# AI-Era AppSec: Transparency, Trust, and Risk Beyond the Firewall - Felipe Zipitria, Steve Springett, Aruneesh Salhotra, Ken Huang - ASW #363 Page: https://stenobird.com/podcast/application-security-weekly-audio-436682/ai-era-appsec-transparency-trust-and-risk-beyond-the-firewall-felipe-zipitria-steve-springett-aruneesh-salhotra-ken-huang-asw-363 Text version: https://stenobird.com/podcast/application-security-weekly-audio-436682/ai-era-appsec-transparency-trust-and-risk-beyond-the-firewall-felipe-zipitria-steve-springett-aruneesh-salhotra-ken-huang-asw-363.md Podcast: [Application Security Weekly (Audio)](https://stenobird.com/podcast/application-security-weekly-audio-436682) Published: 2025-12-30T10:00:00+00:00 Episode link: https://aswaudio.libsyn.com/ai-era-appsec-transparency-trust-and-risk-beyond-the-firewall-felipe-zipitria-steve-springett-aruneesh-salhotra-ken-huang-asw-363 Audio file: https://dts.podtrac.com/redirect.mp3/traffic.libsyn.com/secure/aswaudio/ASW_363_1--921a9750-7628-4a13-9757-028c48dc031d--audio-converted--f15ba35d-3a32-4f81-84f6-d3e9650c3452.mp3?dest-id=626765 Processing state: not_requested JSON: https://stenobird.com/v1/public/podcasts/application-security-weekly-audio-436682/episodes/ai-era-appsec-transparency-trust-and-risk-beyond-the-firewall-felipe-zipitria-steve-springett-aruneesh-salhotra-ken-huang-asw-363 Duration seconds: 4003 ## Resource In an era dominated by AI-powered security tools and cloud-native architectures, are traditional Web Application Firewalls still relevant? Join us as we speak with Felipe Zipitria, co-leader of the OWASP Core Rule Set (CRS) project. Felipe has been at the forefront of open-source security, leading the development of one of the world's most widely deployed WAF rule sets, trusted by organizations globally to protect their web applications. Felipe explains why WAFs remain a critical layer in modern defense-in-depth strategies. We'll explore what makes OWASP CRS the go-to choice for security teams, dive into the project's current innovations, and discuss how traditional rule-based security is evolving to work alongside — not against — AI. Segment Resources: github.com/coreruleset/coreruleset coreruleset.org The future of CycloneDX is defined by modularity, API-first design, and deeper contextual insight, enabling transparency that is not just comprehensive, but actionable. At its heart is the Transparency Exchange API, which delivers a normalized, format-agnostic model for sharing SBOMs, attestations, risks, and more across the software supply chain. As genAI transforms every sector of modern business, the security community faces a question: how do we protect systems we can't fully see or understand? In this fireside chat, Aruneesh Salhotra, Project Lead for OWASP AIBOM and Co-Lead of OWASP AI Exchange, discusses two groundbreaking initiatives that are reshaping how organizations approach AI security and supply chain transparency. OWASP AI Exchange has emerged as the go-to single resource for AI security and privacy, providing over 200 pages of practical advice on protecting AI and data-centric systems from threats. Through its official liaison partnership with CEN/CENELE… ## Actions - request_transcript: `POST https://stenobird.com/v1/public/podcasts/application-security-weekly-audio-436682/episodes/ai-era-appsec-transparency-trust-and-risk-beyond-the-firewall-felipe-zipitria-steve-springett-aruneesh-salhotra-ken-huang-asw-363/transcription-requests` — Idempotently request low-priority transcript generation for this episode. - read_markdown: `GET https://stenobird.com/podcast/application-security-weekly-audio-436682/ai-era-appsec-transparency-trust-and-risk-beyond-the-firewall-felipe-zipitria-steve-springett-aruneesh-salhotra-ken-huang-asw-363.md` — Read the agent-friendly Markdown representation of this episode resource. A page view does not enqueue transcription. Agents should invoke `request_transcript` explicitly when they need this episode processed. ## Transcript Full transcripts are not published on public pages unless there is a clear rights basis.