Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Richard Bejtlich sits down with Stan Kiefer, Corelight’s Senior Manager for Data Science, to discuss how AI serves as a vital "abstraction layer" and "knowledge multiplier" for security analysts. Stan explains that while AI can synthesize complex information, it remains untrustworthy without high-fidelity network data at its center to provide verifiable evidence. The episode explores the shift toward an "agentic ecosystem" and a tiered architecture where a central orchestrator manages specialized sub-agents to accelerate detection and investigation.

Join us for this week's Defender Fridays as we explore AI in the SOC with Josh Neil, Co-founder of Alpha Level. At Defender Fridays, we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.

Most folks build their SIEM the same way they load a junk drawer: by shoving in whatever they already have—Active Directory, firewalls, and a whole lot of “eh, why not.” But at Graylog, we think you deserve better than a glorified log toilet. In this talk, we’ll flip the script: start with the problems you’re actually trying to solve, then figure out what you need to know, then what data supports that. And with Graylog’s Intelligent Data Routing, you can now act on that plan—sending high-value data to hot storage and archiving the rest to standby storage for when (and if) it’s needed. Build your SIEM like it has a brain—and a budget.

See how CrowdStrike Falcon Shield delivers visibility, real-time detection, and automated response across your SaaS stack, stopping breaches before they spread. Subscribe and stay updated!

See how CrowdStrike Falcon Next-Gen Identity Security provides complete visibility, control, and protection across human and non-human identities. By unifying visibility, secure privileged access, and real-time detection and response, CrowdStrike stops identity-driven attacks before they begin. Subscribe and stay updated!

Prompt injection works because language models struggle to tell the difference between trusted instructions and untrusted user content. Unlike SQL injection or cross site scripting, there is no clean deterministic defence, which leaves code, libraries and AI workflows open to manipulation at multiple points.

Many organisations are pushing AI adoption at full speed while treating security as something to patch in later. The result is a market full of rapidly deployed models, third party tools and jailbreakable systems where capability gets rewarded first and control gets ignored until damage appears.

Supply chain attacks targeting AI have recently been making headlines — and keeping the CrowdStrike OverWatch team busy. Jared Myers, director of CrowdStrike OverWatch, joins Adam in this episode to discuss his team’s approach to detecting and responding to these attacks.

Security teams are under constant pressure to detect issues quickly and respond with confidence. When endpoint and network data sit in separate systems, investigations take longer and important context can be missed. In this short demo, you will see how Cato SASE Cloud and CrowdStrike Falcon work together. Falcon endpoint telemetry feeds directly into Cato’s XOps engine, where it is correlated with network activity to create guided security stories.

In this video, Kyndryl and Elastic discuss how they work together to simplify security, data, and AI systems. They explain how Search AI, Agentic AI, and observability help businesses reduce complexity, improve speed, and manage threats more effectively. Additional Resources.