Hacker Valley Studio

Last episode, Ron and Marcus made predictions. This episode, they brought the receipts.

A journalist built an app with vibe coding and got hacked on live television. 

A social network built entirely by AI (not a single line of human code!) exposed 1.5 million authentication tokens and private messages between agents. 

And 88% of organizations have already had an AI security incident, while barely 14% of deployed agents ever saw a security review. 

The warnings from last episode aged fast. Marcus J. Carey is back to talk about what that actually means for the people building right now, not the people theorizing about it. Ron and Marcus are in the code themselves, and this conversation is what that experience actually looks like: OpenClaw running loose on your machine, agents racking up API bills, and why guidance, not prompts, not tools, is the real skill that separates builders who thrive from builders who ship disasters.

Impactful Moments
00:00 - Introduction
02:00 - Vibe coding hack on live TV
03:30 - Mo Book leaks 1.5M auth tokens
06:00 - Marcus' origin story: War Games, 1983
08:00 - OpenClaw escapes the lab
13:30 - AT&T cuts help desk spend 90%
17:00 - Context is king, guidance is everything
19:00 - Can AI do your job rec right now?
24:00 - The first cybersecurity jobs agents will replace
27:00 - Expertise + AI = 1000x yourself
30:00 - Focus on outcomes, not new tools

 

Links
Connect with our guest, Marcus J. Carey, on LinkedIn: https://www.linkedin.com/in/marcuscarey/

 

Read the articles we referenced in this episode:
The vibe coding hack that aired on live TV, ICAEW breaks down exactly how it happened and what it means for anyone building with AI: https://www.icaew.com/insights/viewpoints-on-the-news/2026/feb-2026/cyber-dangers-of-agents-and-vibe-coding

88% of organizations have already had an AI security incident. See the full data from the Cisco State of AI Security 2026 report: https://www.helpnetsecurity.com/2026/02/23/ai-agent-security-risks-enterprise/

 

Check out our upcoming events: https://www.hackervalley.com/livestreams

Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com

Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

The CISO role isn’t the finish line, it’s a launchpad. 69% of security executives are eyeing the exit, and Anthony Johnson is proof that what comes next can be even bigger.

Anthony Johnson, former Global CISO at JP Morgan and Fannie Mae, now founder and managing partner at Delve Risk, breaks down what really happens when a security leader stops buying tools and starts building companies. From the trap of unpaid advisory boards to why AI is eliminating the entry-level pipeline, Anthony delivers a no-nonsense look at career strategy, the future of fractional work, and why understanding how your company makes money is the most underrated skill in cybersecurity. If you’re a security practitioner at any level, this episode will change how you think about your next move.

Impactful Moments
00:00 - Introduction
01:00 - Meet Anthony Johnson
02:00 - 69% of CISOs want out
06:00 - Why Anthony left the CISO seat
09:00 - Revenue changes your security priorities
11:00 - Career paths after the CISO role
13:00 - The advisory board compensation trap
17:00 - AI’s threat to the talent pipeline
22:00 - Hiring for aptitude over competency
24:00 - Soft skills win in the AI era
29:00 - Corporate loyalty is dead—now what
31:00 - Networking that actually lands roles
34:00 - Know how your company makes money
36:00 - Ron’s personal reflection on freedom

Links
Connect with our guest, Anthony Johnson, on LinkedIn: https://www.linkedin.com/in/anthony-johnson-delverisk/

Check out our upcoming events: https://www.hackervalley.com/livestreams

Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio

Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com

Continue the conversation by joining our Discord: https://hackervalley.com/discord

Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

Your email gateway isn't enough anymore, attackers are already inside the workspace through OAuth apps, browser extensions, and account takeover. 

In this episode, Ron sits down with Rajan Kapoor, VP of Security at Material Security, to break down the real risks hiding inside Google Workspace and Microsoft 365. They cover how phishing has evolved into full-blown business email compromise, why malicious OAuth apps are the new favorite attack vector, and what security teams, especially lean ones, can do right now to lock down their cloud workspace. Rajan also drops practical advice on passkeys, document sharing hygiene, and why data lifecycle management is a problem no one is solving well enough.

Impactful Moments
00:00 – Introduction
03:30 – The current state of phishing
05:30 – Outbound email compromise risk
09:30 – OAuth apps as attack vectors
15:00 – AI agents accessing your workspace
16:00 – Prompt injection is the new SQL injection
18:00 – Allow listing apps immediately
24:30 – Google Workspace vs Microsoft 365 security
27:30 – Custom detections require API expertise
28:00 – Why passkeys matter right now
32:00 – Data lifecycle management for shared docs

Links
Connect with our guest, Rajan Kapoor, on LinkedIn: https://www.linkedin.com/in/rajankkapoor/

Learn more about Material Security: https://material.security 

___
Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

Check out our upcoming events: https://www.hackervalley.com/livestreams 

Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com

Security doesn’t fail because you missed a tool, it fails because “secure today” tricks you into relaxing tomorrow. This episode exposes why the real fight isn’t compliance… it’s whether your defenses hold up once attackers hit you with machine-speed pressure.

Ron sits down with Sonali Shah, CEO of Cobalt, to talk about how human-led, AI-powered penetration testing is evolving into full-spectrum offensive security. Sonali shares how Cobalt can start a test in 24 hours, push findings directly into Slack/Teams and Jira, and use learnings from 5,000+ pentests a year to continuously sharpen what gets caught. The big takeaway: automation finds the easy stuff as humans find the business-logic traps and attack chains that actually break companies.

Impactful Moments
00:00 - Introduction
02:21- Sonali’s unexpected CEO path
06:10 - Compliance isn’t real security
10:19 - PTaaS: start in 24 hours
12:33- 5,000 pentests yearly scale
17:01 - Humans beat automation limits
20:16 - AI behavior vulnerabilities emerge
27:54 - Indirect prompt injection explained
30:51 - Why juniors + AI is risky
38:27 - 2026 becomes AI battleground

Links
Connect with Sonali on LinkedIn: https://www.linkedin.com/in/sonalinshah/

Check out Cobalt: https://www.cobalt.io

 

____
Check out our upcoming events: https://www.hackervalley.com/livestreams

Join our creative mastermind and stand out as a cybersecurity professional:
https://www.patreon.com/hackervalleystudio

Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com

Continue the conversation by joining our Discord: https://hackervalley.com/discord

Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

Text threads made AI feel personal, then agents made it productive, and suddenly “success” turns into chaos you can’t even track.

In this episode, Ron sits down with Pedram Amini, creator of Maestro, to show what agent work looks like when you stop babysitting and start orchestrating. Pedram lays out why context windows are the limiter, why harnessing beats model-chasing right now, and how Auto Run executes task-docs with fresh context every iteration so agents can run for hours (or days) without melting down.

Impactful Moments
00:00 - Intro
02:05 - Codex desktop sparks agent shift
06:40 - Harness beats model iteration
08:10 - Context window: the hidden limiter
12:10 - Terminal sprawl creates agent chaos
14:05 - Maestro panels: agents, tabs, history
17:25 - Auto Run: fresh context per task
26:15 - “Donate tokens” via Symphony PRs
28:20 - AI tax debate gets spicy
33:05 - Start simple: download and run

 

Links
Connect with Pedram on LinkedIn: https://www.linkedin.com/in/pedramamini/

Check out Maestro for yourself: https://runmaestro.ai/

 

 

Check out our upcoming events: https://www.hackervalley.com/livestreams

Join our creative mastermind and stand out as a cybersecurity professional:
https://www.patreon.com/hackervalleystudio

Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com

Continue the conversation by joining our Discord: https://hackervalley.com/discord

Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/