# The Human Aspect of Red Teams - Brian Fox, Tom Tovar, T. Gwyddon 'Data' Owen - ASW #379 Page: https://stenobird.com/podcast/application-security-weekly-audio-436682/the-human-aspect-of-red-teams-brian-fox-tom-tovar-t-gwyddon-data-owen-asw-379 Text version: https://stenobird.com/podcast/application-security-weekly-audio-436682/the-human-aspect-of-red-teams-brian-fox-tom-tovar-t-gwyddon-data-owen-asw-379.md Podcast: [Application Security Weekly (Audio)](https://stenobird.com/podcast/application-security-weekly-audio-436682) Published: 2026-04-21T09:00:00+00:00 Episode link: https://aswaudio.libsyn.com/the-human-aspect-of-red-teams-brian-fox-tom-tovar-t-gwyddon-data-owen-asw-379 Audio file: https://dts.podtrac.com/redirect.mp3/traffic.libsyn.com/secure/aswaudio/ASW_379_1--9f367b54-dcbd-485d-86bf-6a803bb054d4--audio-converted--f31b051e-8b50-4e2d-ae3d-baad34fe5b69.mp3?dest-id=626765 Processing state: not_requested JSON: https://stenobird.com/v1/public/podcasts/application-security-weekly-audio-436682/episodes/the-human-aspect-of-red-teams-brian-fox-tom-tovar-t-gwyddon-data-owen-asw-379 Duration seconds: 4404 ## Resource Red team exercises set goals to see if a particular outcome can be accomplished through a simulated attack, but the ultimate outcome should be educating the org about how to improve tools and processes that make attacks more difficult to succeed. Gwyddon "Data" Owen shares his experience building a red team, creating an exercise, and leveraging the results to improve security. And while the adoption of LLMs will accelerate a red team's activities, there are still plenty of foundational security controls that orgs can establish that would require a red team to be more than just fast, but fast and very careful. Coding Agents Are Getting More Cautious, But Not Safer A new study finds that while frontier AI coding models are hallucinating less than they did a year ago, they still preserve a significant amount of avoidable software risk when left ungrounded. Sonatype's research shows that connecting these models to real-time software intelligence dramatically improves remediation quality and reduces critical and high-severity vulnerability exposure by 60–70%. The takeaway is clear: safer AI-assisted development will depend not just on better models, but on grounding them in accurate, current dependency and vulnerability data. This segment is sponsored by Sonatype. Read the study: https://securityweekly.com/sonatypersac How We Achieve Agentic Outcomes in CyberSecurity: The "Do-It-For-Me" Mobile Defense If you look at deepfakes, synthetic identity, social engineering, and new malware variants coming to market, it seems like attackers have a first-mover advantage in using AI. The volume and variety of threats are growing faster than the current cyber stack can address. Against this backdrop, organizations are moving away from "do-it-yourself" delivery models (more tools, more… ## Actions - request_transcript: `POST https://stenobird.com/v1/public/podcasts/application-security-weekly-audio-436682/episodes/the-human-aspect-of-red-teams-brian-fox-tom-tovar-t-gwyddon-data-owen-asw-379/transcription-requests` — Idempotently request low-priority transcript generation for this episode. - read_markdown: `GET https://stenobird.com/podcast/application-security-weekly-audio-436682/the-human-aspect-of-red-teams-brian-fox-tom-tovar-t-gwyddon-data-owen-asw-379.md` — Read the agent-friendly Markdown representation of this episode resource. A page view does not enqueue transcription. Agents should invoke `request_transcript` explicitly when they need this episode processed. ## Transcript Full transcripts are not published on public pages unless there is a clear rights basis.