# Rethinking Security from the OS Up in the Age of AI and more RSAC 2026 Interviews - Karen Heart, Sachin Jade, Phil Calvin, Craig Sanderson, Travis Wong - ESW #456 Page: https://stenobird.com/podcast/enterprise-security-weekly-audio-1036586/rethinking-security-from-the-os-up-in-the-age-of-ai-and-more-rsac-2026-interviews-karen-heart-sachin-jade-phil-calvin-craig-sanderson-travis-wong-esw-456 Text version: https://stenobird.com/podcast/enterprise-security-weekly-audio-1036586/rethinking-security-from-the-os-up-in-the-age-of-ai-and-more-rsac-2026-interviews-karen-heart-sachin-jade-phil-calvin-craig-sanderson-travis-wong-esw-456.md Podcast: [Enterprise Security Weekly (Audio)](https://stenobird.com/podcast/enterprise-security-weekly-audio-1036586) Published: 2026-04-27T09:00:00+00:00 Episode link: https://eswaudio.libsyn.com/rethinking-security-from-the-os-up-in-the-age-of-ai-and-more-rsac-2026-interviews-karen-heart-sachin-jade-phil-calvin-craig-sanderson-travis-wong-esw-456 Audio file: https://dts.podtrac.com/redirect.mp3/traffic.libsyn.com/secure/eswaudio/ESW_456_1--0842f96e-c15b-4e43-9fed-b2a419656e50--audio-converted--d80fc4dd-0e07-497f-865b-6fd529eb75e1.mp3?dest-id=376653 Processing state: not_requested JSON: https://stenobird.com/v1/public/podcasts/enterprise-security-weekly-audio-1036586/episodes/rethinking-security-from-the-os-up-in-the-age-of-ai-and-more-rsac-2026-interviews-karen-heart-sachin-jade-phil-calvin-craig-sanderson-travis-wong-esw-456 Duration seconds: 5744 ## Resource Rethinking Security from the OS Up in the Age of AI Karen Heart discusses a file-system–first approach to security, arguing that most modern attacks—including ransomware and supply chain compromises—succeed because they inherit user permissions and operate inside overly trusted system structures. She explains how limiting file access, socket (network) access, and privilege escalation at the operating system level can reduce entire classes of attacks. Rather than relying on reactive detection, her approach emphasizes immutable, allowlisted controls embedded close to the kernel layer, designed to prevent both data exfiltration and malicious code execution at the source. The conversation also explores how AI agents and contractors expand the attack surface, reinforcing the need for strict isolation, backup protection, and deterministic system boundaries. Segment Resources: https://www.simonandschuster.com/books/Zero-Day-Secure/Karen-Heart/9781968865078 ​The New Era of DNS Resilience: Breaking down the newly finalized NIST SP 800-81 Craig Sanderson from Infoblox will dive into the newly finalized NIST SP 800-81 as it marks a pivotal shift in DNS security, emphasizing resilience through modernized practices tailored for today's distributed, cloud-driven, and threat-laden environments. This update provides actionable guidance for organizations to strengthen DNS infrastructure against evolving threats like ransomware and data exfiltration, while prioritizing initiatives like DNSSEC, encryption, and protective DNS for immediate risk reduction. This segment is sponsored by Infoblox. Visit https://securityweekly.com/infobloxrsac to learn more about them! Agentic AI and the Future of Threat Intelligence Operations Security teams collect large volumes of threat intelligence but of… ## Actions - request_transcript: `POST https://stenobird.com/v1/public/podcasts/enterprise-security-weekly-audio-1036586/episodes/rethinking-security-from-the-os-up-in-the-age-of-ai-and-more-rsac-2026-interviews-karen-heart-sachin-jade-phil-calvin-craig-sanderson-travis-wong-esw-456/transcription-requests` — Idempotently request low-priority transcript generation for this episode. - read_markdown: `GET https://stenobird.com/podcast/enterprise-security-weekly-audio-1036586/rethinking-security-from-the-os-up-in-the-age-of-ai-and-more-rsac-2026-interviews-karen-heart-sachin-jade-phil-calvin-craig-sanderson-travis-wong-esw-456.md` — Read the agent-friendly Markdown representation of this episode resource. A page view does not enqueue transcription. Agents should invoke `request_transcript` explicitly when they need this episode processed. ## Transcript Full transcripts are not published on public pages unless there is a clear rights basis.