Security You Should Know
Security You Should Know
CISO Series
Automating Offensive Security with XBOW
22 minutes Posted Jun 1, 2026 at 7:59 pm.
0:00
22:22
Download MP3
Show notes

In this episode, Nico Waisman, CISO at XBOW, explains how XBOW uses autonomous AI agents to run continuous, incremental penetration testing without triggering false-positive avalanches or taking down production systems. Joining him are Jacob Combs, CISO at Tandem Diabetes Care, and Davi Ottenheimer, president at Flying Penguin.

Want to know:

  • Why can't traditional pen tests keep up with modern attack surfaces?
  • How XBOW's attack credit model maps to the way security teams already size testing effort?
  • What stops an autonomous pen testing agent from causing real damage in production?
  • How incremental testing works when a new pull request changes the application?
  • Where XBOW is headed on prompt injection and LLM-specific vulnerabilities?
  • How you audit what the AI actually did during an assessment?
  • What novel vulnerability chains are emerging as AI reasoning models get more capable?

Check out the episode for the answers you need.

Huge thanks to our sponsor, XBOW