Cobalt Shares Hard Lessons From the State of Pen Testing Report

What happens when artificial intelligence starts accelerating cyberattacks faster than most organizations can test, fix, and respond? In this fast-tracked episode of Tech Talks Daily, I sat down with Sonali Shah, CEO of Cobalt, to unpack what real-world penetration testing data is revealing about the current state of enterprise security. With more than two decades in cybersecurity and a background that spans finance, engineering, product, and strategy, Sonali brings a grounded, operator-level view of where security teams are keeping up and where they are quietly falling behind. Our conversation centers on what happens when AI moves from an experiment to an attack surface. Sonali explains how threat actors are already using the same AI-enabled tools as defenders to automate reconnaissance, identify vulnerabilities, and speed up exploitation. We discuss why this is no longer theoretical, referencing findings from companies like Anthropic, including examples where models such as Claude have demonstrated both power and unpredictability. The takeaway is sobering but balanced. AI can automate a large share of the work, but human expertise still plays a defining role, both for attackers and defenders. We also dig into Cobalt's latest State of Pentesting data, including why median remediation times for serious vulnerabilities have improved while overall closure rates remain stubbornly low. Sonali breaks down why large enterprises struggle more than smaller organizations, how legacy systems slow progress, and why generative AI applications currently show some of the highest risk with some of the lowest fix rates. As more companies rush to deploy AI agents into production, this gap becomes harder to ignore. One of the strongest themes in this episode is the shift from point-in-time testing to continuous, programmatic risk reduction. Sonali explains what effective continuous pentesting looks like in practice, why automation alone creates noise and friction, and how human-led testing helps teams move from assumptions to evidence. We also address a persistent confidence gap, where leaders believe their security posture is strong, even when testing shows otherwise. We close by tackling one of the biggest myths in cybersecurity. Security is never finished. It is a constant process of preparation, testing, learning, and improvement. The organizations that perform best accept this reality and build security into daily operations rather than treating it as a one-off task. So as AI continues to accelerate both innovation and attacks, how confident are you that your security program is keeping pace, and what would continuous testing change inside your organization? I would love to hear your thoughts. Useful Links Connect with Sonali Shah Learn more about Cobalt Check out the Cobalt Learning Center State of Pentesting Report Thanks to our sponsors, Alcor, for supporting the show.

What happens when AI stops talking and starts working, and who really owns the value it creates? In this episode of Tech Talks Daily, I'm joined by Sina Yamani, founder and CEO of Action Model, for a conversation that cuts straight to one of the biggest questions hanging over the future of artificial intelligence.  As AI systems learn to see screens, click buttons, and complete tasks the way humans do, power and wealth are concentrating fast. Sina argues that this shift is happening far quicker than most people realize, and that the current ownership model leaves everyday users with little say and even less upside. Sina shares the thinking behind Action Model, a community-owned approach to autonomous AI that challenges the idea that automation must sit in the hands of a few giant firms. We unpack the concept of  Large Action Models, AI systems trained to perform real online workflows rather than generate text, and why this next phase of AI demands a very different kind of training data. Instead of scraping the internet in the background, Action Model invites users to contribute actively, rewarding them for helping train systems that can navigate software, dashboards, and tools just as a human worker would. We also explore ActionFi, the platform's outcome-based reward layer, and why Sina believes attention-based incentives have quietly broken trust across Web3. Rather than paying for likes or impressions, ActionFi focuses on verifying real actions across the open web, even when no APIs or integrations exist. That raises obvious questions around security and privacy.  This conversation does not shy away from the uncomfortable parts. We talk openly about job displacement, the economic reality facing businesses, and why automation is unlikely to slow down. Sina argues that resisting change is futile, but shaping who benefits from it remains possible. He also reflects on lessons from his earlier fintech exit and how movements grow when people feel they are pushing back against an unfair system. By the end of the episode, we look ahead to a future where much of today's computer-based work disappears and ask what success and failure might look like for a community-owned AI model operating at scale. If AI is going to run more of the internet on our behalf, should the people training it have a stake in what it becomes, and would you trust an AI ecosystem owned by its users rather than a handful of billionaires? Useful Links Connect with Sina Yamani on LinkedIn or X Learn more about the Action Model Follow on X Learn more about the Action Model browser extension Check out the whitelabel integration docs Join their Waitlist Join their Discord community Thanks to our sponsors, Alcor, for supporting the show.

What does it really take to remove decades of technical debt without breaking the systems that still keep the business running? In this episode of Tech Talks Daily, I sit down with Pegasystems leaders Dan Kasun, Head of Global Partner Ecosystem, and John Higgins, Chief of Client and Partner Success, to unpack why legacy modernization has reached a breaking point, and why AI is forcing enterprises to rethink how software is designed, sold, and delivered. Our conversation goes beyond surface-level AI promises and gets into the practical reality of transformation, partner economics, and what actually delivers measurable outcomes. We explore how Pega's AI-powered Blueprint is changing the entry point to enterprise-grade workflows, turning what used to be long, expensive discovery phases into fast, collaborative design moments that business and technology teams can engage with together. Dan and John explain why the old "wrap and renew" approach to legacy systems is quietly compounding technical debt, and why reimagining workflows from the ground up is becoming essential for organizations that want to move toward agentic automation with confidence. The discussion also dives into Pega's deep collaboration with Amazon Web Services, including how tools like AWS Transform and Blueprint work together to accelerate modernization at scale.  We talk candidly about the evolving role of partners, why the idea of partners as an extension of a sales force is outdated, and how marketplaces are reshaping buying, building, and operating enterprise software. Along the way, we tackle some uncomfortable truths about AI hype, technical debt, and why adding another layer of technology rarely fixes the real problem. This is an episode for anyone grappling with legacy systems, skeptical of quick-fix AI strategies, or rethinking how partner ecosystems need to operate in a world where speed, clarity, and accountability matter more than ever. As enterprises move toward multi-vendor, agent-driven environments, are we finally ready to retire legacy thinking along with legacy systems, or are we still finding new ways to delay the inevitable? Useful Links Connect with Dan Kasun Connect with John Higgins Learn more about Pega Blueprint Thanks to our sponsors, Alcor, for supporting the show.

What does it really take to move AI from proof-of-concept to something that delivers value at scale? In this episode of Tech Talks Daily, I'm joined by Simon Pettit, Area Vice President for the UK and Ireland at UiPath, for a grounded conversation about what is actually happening inside enterprises as AI and automation move beyond experimentation. Simon brings a refreshingly practical perspective shaped by an unconventional career path that spans the Royal Navy, nearly two decades at NetApp, and more than seven years at UiPath. We talk about why the UK and Ireland remain a strategic region for global technology adoption, how London continues to play a central role for companies expanding into Europe, and why AI momentum in the region is very real despite the broader economic noise. A big part of our discussion focuses on why so many organizations are stuck in pilot mode. Simon explains how hype, fragmented experimentation, and poor qualification of use cases often slow progress, while successful teams take a very different approach. He shares real examples of automation already delivering measurable outcomes, from long-running public sector programs to newer agent-driven workflows that are now moving into production after clear ROI validation. We also explore where the next wave of challenges is emerging. As agentic AI becomes easier for anyone to create, Simon draws a direct parallel to the early days of cloud computing and VM sprawl. Visibility, orchestration, and cost control are becoming just as important as innovation itself. Without them, organizations risk losing control of workflows, spend, and accountability as agents multiply across the business. Looking ahead, Simon outlines why AI success will depend on ecosystems rather than single platforms. Partnerships, vertical solutions, and the ability to swap technologies as the market evolves will shape how enterprises scale responsibly. From automation in software testing to cross-functional demand coming from HR, finance, and operations, this conversation captures where AI is delivering today and where the real work still lies. If you're trying to separate AI momentum from AI noise, this episode offers a clear, experience-led view of what it takes to turn potential into progress. What would need to change inside your organization to move from pilots to production with confidence? Useful Links Learn more about Simon Pettit Connect with UiPath Follow on LinkedIn Thanks to our sponsors, Alcor, for supporting the show.

*]:pointer-events-auto scroll-mt-[calc(var(--header-height)+min(200px,max(70px,20svh)))]" dir="auto" tabindex="-1" data-turn-id= "72e2f87d-7178-4c4c-8917-454a147e9ed3" data-testid= "conversation-turn-14" data-scroll-anchor="true" data-turn= "assistant"> What happens when speed, scale, and convenience start to erode trust in the images brands rely on to tell their story? In this episode of Tech Talks Daily, I spoke with Dr. Rebecca Swift, Senior Vice President of Creative at Getty Images, about a growing problem hiding in plain sight, the rise of low-quality, generic, AI-generated visuals and the quiet damage they are doing to brand credibility. Rebecca brings a rare perspective to this conversation, leading a global creative team responsible for shaping how visual culture is produced, analyzed, and trusted at scale. We explore the idea of AI "sloppification," a term that captures what happens when generative tools are used because they are cheap, fast, and available, rather than because they serve a clear creative purpose. Rebecca explains how the flood of mass-produced AI imagery is making brands look interchangeable, stripping visuals of meaning, craft, and originality. When everything starts to look the same, audiences stop looking altogether, or worse, stop trusting what they see. A central theme in our discussion is transparency. Research shows that the majority of consumers want to know whether an image has been altered or created using AI, and Rebecca explains why this shift matters. For the first time, audiences are actively judging content based on how it was made, not just how it looks. We talk about why some brands misread this moment, mistaking AI usage for innovation, only to face backlash when consumers feel misled or talked down to. Rebecca also unpacks the legal and ethical risks many companies overlook in the rush to adopt generative tools. From copyright exposure to the use of non-consented training data, she outlines why commercially safe AI matters, especially for enterprises that trade on trust. We discuss how Getty Images approaches AI differently, with consented datasets, creator compensation, and strict controls designed to protect both brands and the creative community. The conversation goes beyond risk and into opportunity. Rebecca makes a strong case for why authenticity, real people, and human-made imagery are becoming more valuable, not less, in an AI-saturated world. We explore why video, photography, and behind-the-scenes storytelling are regaining importance, and why audiences are drawn to evidence of craft, effort, and intent. As generative AI becomes impossible to ignore, this episode asks a harder question. Are brands using AI as a thoughtful tool to support creativity, or are they trading long-term trust for short-term convenience, and will audiences continue to forgive that choice?   Useful Links Connect with Dr. Rebecca Swift on LinkedIn VisualGSP Creative Trends Follow on Instagram and LinkedIn Thanks to our sponsors, Alcor, for supporting the show.

What actually happens when a company loses control of its own voice in a world full of channels, platforms, and constant noise? In this episode of Tech Talks Daily, I sat down with Joshua Altman, founder of beltway.media, to unpack what corporate communication really means in 2026 and why it has quietly become one of the most misunderstood leadership functions inside modern organizations. Joshua describes his work as a fractional chief communications officer, a role that sits above individual campaigns, tools, or channels and focuses instead on perception, trust, and consistency across everything a company says and does. Our conversation starts by challenging the assumption that communication is something you "turn on" when a product launches or a crisis hits. Joshua explains why corporate communication is not project-based and not owned by marketing alone. It touches internal updates, investor messaging, brand signals, packaging, email, social platforms, and even the tools teams choose to use every day. If it communicates with internal or external audiences and shapes how the company is perceived, it belongs in the communications function. When that function is missing or fragmented, confusion and noise tend to fill the gap. We also explored why communication has arguably become harder, not easier, despite the explosion of collaboration tools. Email was meant to simplify work, then Slack was meant to replace email, and now AI assistants are transcribing every meeting and surfacing more content than anyone can realistically process. Joshua makes a strong case for simplicity, clarity, and focus, arguing that organizations need to pick channels intentionally and use them well rather than spreading messages everywhere and hoping something lands. Technology naturally plays a big role in the discussion. From the shift away from tape-based media and physical workflows to the accessibility of live global collaboration and affordable computing power, Joshua reflects on how dramatically the workplace has changed since he started his career in video news production. He also shares a grounded view on AI, where it adds real value in speeding up research and reducing busywork, and where human judgment and storytelling still matter most. Toward the end of the conversation, we get into ROI, a question every leader eventually asks. Joshua offers a practical way to think about it, starting with the simple fact that founders, operators, and technical leaders get time back when they no longer have to manage communications themselves. From there, alignment, clarity, and consistency compound over time, even if the impact is not always visible in a single metric. As organizations look ahead and try to make sense of AI, platform shifts, and ever-shorter attention spans, are we investing enough thought into how our companies actually communicate, or are we still mistaking volume for clarity? Useful Links Connect with Joshua Altman Learn more about beltway.media Thanks to our sponsors, Alcor, for supporting the show.

What if your AI systems could explain why something will happen before it does, rather than simply reacting after the damage is done? In this episode of Tech Talks Daily, I sat down with Zubair Magrey, co-founder and CEO of Ergodic AI, to unpack a different way of thinking about artificial intelligence, one that focuses on understanding how complex systems actually behave. Zubair's journey begins in aerospace engineering at Rolls-Royce, moves through a decade of large-scale enterprise AI programs at Accenture, and ultimately leads to building Ergodic, a company developing what he describes as world models for enterprise decision making. World models are often mentioned in research circles, but rarely explained in a way that business leaders can connect to real operational decisions. In our conversation, Zubair breaks that gap down clearly. Instead of training AI to spot patterns in past data and assume the future will look the same, world-model AI focuses on cause and effect. It builds a structured representation of how an organization works, how different parts interact, and how actions ripple through the system over time. The result is an AI approach that can simulate outcomes, test scenarios, and help teams understand the consequences of decisions before they commit to them. We explored why this matters so much as organizations move toward agentic AI, where systems are expected to recommend or even execute actions autonomously. Without an understanding of constraints, dependencies, and system dynamics, those agents can easily produce confident but unrealistic recommendations. Zubair explains how Ergodic uses ideas from physics and system theory to respect real-world limits like capacity, time, inventory, and causality, and why ignoring those principles leads to fragile AI deployments that struggle under pressure. The conversation also gets practical. Zubair shares how world-model simulations are being used in supply chain, manufacturing, automotive, and CPG environments to detect early risks, anticipate disruptions, and evaluate trade-offs before problems cascade across customers and regions. We discuss why waiting for perfect data often stalls AI adoption, how Ergodic's data-agnostic approach works alongside existing systems, and what it takes to deliver ROI that teams actually trust and use. Finally, we step back and look at the organizational side of AI adoption. As AI becomes embedded into daily workflows, cultural change, experimentation, and trust become just as important as models and metrics. Zubair offers a grounded view on how leaders can prepare their teams for faster cycles of change without losing confidence or control. As enterprises look ahead to a future shaped by autonomous systems and real-time decision making, are we building AI that truly understands how our organizations work, or are we still guessing based on the past, and what would it take to change that? Useful Links Connect with Zubair Magrey Learn more about Ergodic AI Thanks to our sponsors, Alcor, for supporting the show.

What does it actually take to build trust with developers when your product sits quietly inside thousands of other products, often invisible to the people using it every day? In this episode of Tech Talks Daily, I sat down with Ondřej Chrastina, Developer Relations at CKEditor, to unpack a career shaped by hands-on experience, curiosity, and a deep respect for developer time. Ondřej's story starts in QA and software testing, moves through development and platform work, and eventually lands in developer relations. What makes his perspective compelling is that none of these roles felt disconnected. Each one sharpened his understanding of real developer friction, the kind you only notice when you have lived with a product day in and day out. We talked about what changes when you move from monolithic platforms to API-first services, and why developer relations looks very different depending on whether your audience is an application developer, a data engineer, or an integrator working under tight delivery pressure. Ondřej shared how his time at Kentico, Kontent.ai, and Ataccama shaped his approach to tooling, documentation, and examples. For him, theory rarely lands. Showing something that works, even in a small or imperfect way, tends to earn attention and respect far faster. At CKEditor, that thinking becomes even more interesting. The editor is everywhere, yet rarely recognized. It lives inside SaaS platforms, internal tools, CRMs, and content systems, quietly doing its job. We explored how developer experience matters even more when the product itself fades into the background, and why long-term maintenance, support, and predictability often outweigh short-term feature excitement. Ondřej also explained why building instead of buying an editor is rarely as simple as teams expect, especially when standards, security, and future updates enter the picture. We also got into the human side of developer relations. Balancing credibility with business goals, staying useful rather than loud, and acting as a bridge between engineering, product, marketing, and the outside world. Ondřej was refreshingly honest about the role ego can play, and why staying close to real usage is the fastest way to keep yourself grounded. If you care about developer experience, internal tooling, or how invisible infrastructure shapes modern software, this conversation offers plenty to reflect on. What have you seen work, or fail, when it comes to earning developer trust, and where do you think developer relations still get misunderstood? Useful Links Connect with Ondrej Chrastina Learn more about CK Editor Thanks to our sponsors, Alcor, for supporting the show.

If artificial intelligence is meant to earn trust anywhere, should banking be the place where it proves itself first? In this episode of Tech Talks Daily, I'm joined by Ravi Nemalikanti, Chief Product and Technology Officer at Abrigo, for a grounded conversation about what responsible AI actually looks like when the consequences are real. Abrigo works with more than 2,500 banks and credit unions across the United States, many of them community institutions where every decision affects local businesses, families, and entire regional economies. That reality makes this discussion feel refreshingly practical rather than theoretical. We talk about why financial services has become one of the toughest proving grounds for AI, and why that is a good thing. Ravi explains why concepts like transparency, explainability, and auditability are not optional add-ons in banking, but table stakes. From fraud detection and lending decisions to compliance and portfolio risk, every model has to stand up to regulatory, ethical, and operational scrutiny. A false positive or an opaque decision is not just a technical issue, it can damage trust, disrupt livelihoods, and undermine confidence in an institution. A big focus of the conversation is how AI assistants are already changing day-to-day banking work, largely behind the scenes. Rather than flashy chatbots, Ravi describes assistants embedded directly into lending, anti-money laundering, and compliance workflows. These systems summarize complex documents, surface anomalies, and create consistent narratives that free human experts to focus on judgment, context, and relationships. What surprised me most was how often customers value consistency and clarity over raw speed or automation. We also explore what other industries can learn from community banks, particularly their modular, measured approach to adoption. With limited budgets and decades-old core systems, these institutions innovate cautiously, prioritizing low-risk, high-return use cases and strong governance from day one. Ravi shares why explainable AI must speak the language of bankers and regulators, not data scientists, and why showing the "why" behind a decision is essential to keeping humans firmly in control. As we look toward 2026 and beyond, the conversation turns to where AI can genuinely support better outcomes in lending and credit risk without sidelining human judgment. Ravi is clear that fully autonomous decisioning still has a long way to go in high-stakes environments, and that the future is far more about partnership than replacement. AI can surface patterns, speed up insight, and flag risks early, but people remain essential for context, empathy, and final accountability. If you're trying to cut through the AI noise and understand how trust, governance, and real-world impact intersect, this episode offers a rare look at how responsible AI is actually being built and deployed today. And once you've listened, I'd love to hear your perspective. Where do you see AI earning trust, and where does it still have something to prove? Useful Links Connect with Ravi Nemalikanti Learn more about Abrigo Thanks to our sponsors, Alcor, for supporting the show.

What really happens after the startup advice runs out and founders are left facing decisions no pitch deck ever prepared them for? In this episode of Tech Talks Daily, I sit down with Vijay Rajendran, a founder, venture capitalist, UC Berkeley instructor, and author of The Funding Framework, to discuss the realities of company building that rarely appear on social feeds or investor blogs. Vijay has spent years working alongside founders at the sharpest end of growth, from early fundraising conversations through to the personal and leadership shifts that scaling demands. That experience shapes a conversation that feels refreshingly honest, thoughtful, and grounded in lived reality. We explore why building something people actually want sounds simple in theory yet proves brutally difficult in practice. Vijay explains how timing, learning velocity, and the willingness to adapt often matter more than stubborn vision, and why many founders misunderstand what momentum really looks like. From there, the discussion moves into investor relationships, not as transactional events, but as long-term partnerships that require founders to shift their mindset from defense to evaluation. The emotional and psychological dynamics of fundraising come into focus, especially the moments when founders underestimate how much power they actually have in shaping those relationships. A big part of this conversation centers on leadership identity. Vijay breaks down the messy transition from being the "chief everything officer" to becoming a true chief executive, and why the most overlooked stage in that journey is learning how to enable others. We talk about the point where founders become the bottleneck, often without realizing it, and why this tends to surface as teams grow and decisions start happening outside the founder's direct line of sight. The plateau many companies hit around scale becomes less mysterious when viewed through this lens. We also challenge some of the most popular startup advice circulating online today, particularly around fundraising volume, pitching styles, and the idea that persistence alone guarantees outcomes. Vijay shares why treating fundraising like enterprise sales, focusing on alignment over volume, and listening more than pitching often leads to better results. The conversation closes with practical reflections on personal growth, co-founder dynamics, and how leaders can regain clarity during periods of pressure without stepping away from responsibility. If you are building a company, leading a team, or questioning whether you are evolving as fast as your business demands, this episode will likely hit closer to home than you expect. And once you've listened, I'd love to hear what resonated most with you and the leadership questions you're still sitting with after the conversation. Useful Links Connect with Vijay Rajendran The Funding Framework Startup Pitch Deck Thanks to our sponsors, Alcor, for supporting the show.