Tanya Janca on AI Slop, Vibe Coding, & the Future of AppSec

JSON Schema might be the most important technology you've never thought about. In this MonkCast, Rachel Stephens sits down with Juan Cruz Viotti, founder of SourceMeta and member of the JSON Schema Technical Steering Committee. They discuss how JSON Schema is the backbone of OpenAPI specs and just might be the language of AI.Show notes: https://redmonk.com/videos/juan-cruz-viotti-json-schema/Chapters00:40 - What is JSON Schema?03:00 - JSON Schema in OpenAPI and AI05:30 - Challenges in API Ecosystem Management07:00 - Siloed API Specs and Governance Issues08:00 - Benefits of Schema Layer Governance09:30 - JSON Schema as a Data Dictionary11:00 - JSON Schema in AI and Code Generation13:30 - SourceMeta's Ecosystem and Tools16:00 - Small Teams and Infrastructure Innovation16:50 - AI, Documentation, and Data Semantics17:30 - Vision of the Future

Kate Holterhoff sits down with Tanya Janca, Secure Coding and AI Trainer at SheHacksPurple, to talk about what AI is doing to application security. Tanya's take: we're driving a car at three times the speed limit after 25 beers. AI writes huge portions of production code, most developers were never taught to review code for security in the first place, and release velocity keeps climbing. The conversation gets into the difference between using AI to help you code and full-on vibe coding, why context collapse trips up LLMs on security decisions, and what's wrong with bolting AI onto legacy AppSec tools instead of building new ones. Tanya also weighs in on Anthropic's Mythos vulnerability-finding model, argues that the bug bounty economy is heading for collapse, discusses supply chain security and the future of the SDLC, and wraps by explaining Canada's Petition E-7115, which Janca helped draft to require secure coding standards across the Canadian federal government.Show notes: https://redmonk.com/videos/tanya-janca/Chapters00:00 Introduction to AI and Security02:58 The Current Security Landscape05:49 Understanding Context Collapse in AI09:51 The Role of Vibe Coding13:50 Teaching Security in the Age of AI16:45 The Need for New Security Tools25:02 The Evolving Role of Bug Bounties27:50 The Future of Pen Testing in an AI World30:01 The Evolving Role of Application Security31:46 Reimagining the Software Development Lifecycle40:54 Rethinking Supply Chain Security48:37 Advocating for Secure Coding Legislation

In this conversation, Seth Webster, executive director of the newly launched React Foundation and Chief Developer Evangelist at Expo, chats with RedMonk's Kate Holterhoff. Seth explains why React has outgrown its origins at Meta and needs an independent foundation to ensure its durability for the next decade. On the Expo side, Seth makes the case that Expo's end-to-end pipeline, from idea through cloud builds to App Store submission, is uniquely positioned for the agentic development era. The conversation concludes with Webster reflecting on the rapidly evolving role of the developer and offering guidance for navigating its shifting terrain.This RedMonk video is sponsored by Expo.Show notes: https://redmonk.com/videos/seth-webster-expo-react-foundation/Chapters00:00 Introduction to Seth Webster and His Roles05:54 History and Evolution of the React Foundation16:51 Exploring Expo and Its Relationship with React Native25:39 Creating a Space for Engineers34:41 Navigating Framework Wars42:27 Introducing Expo Agent48:22 Adapting to Change in the Developer Landscape

Rachel Stephens sits down with Audrey Bian, Principal Product Marketing Manager at Broadcom, to explore how vSphere Kubernetes Service (VKS) is helping enterprises modernize their applications without rebuilding their infrastructure from scratch.Audrey breaks down how VKS bridges the gap between traditional VM workloads and modern containerized applications on a single unified platform. For additional information please visit: - https://vmware.com/vksThis RedMonk conversation is sponsored by VMware by Broadcom.Show notes: https://redmonk.com/videos/vks-audrey-bian/Topics covered:- What is VKS and how does it the VMware stack?- Cloud admins vs. platform engineers- VKS and TCO- What's new in VKS 3.6?

In this episode of the MonkCast, RedMonk Senior Analyst Kate Holterhoff sits down with Chris Williams, Global Developer Relations Manager at HashiCorp, for a wide-ranging conversation that covers everything from tech certifications to corporate espionage (sort of). Chris traces his career from data center crawler and hands-on infrastructure engineer to podcaster, community builder, and accidental DevRel professional. They dig into the enduring value of certifications in the age of AI, the origin story of the vBrownBag podcast ("nerd show and tell"), and how wearing 18 hats across competing vendor communities is actually a feature, not a bug. Equal parts therapy, smoke jumping, and a game of Clue, Chris's career arc is a testament to curiosity, community, and the surprising power of asking dumb questions in a room full of experts.IBM is a RedMonk client, but this episode is independent and unsponsored.Show notes: https://redmonk.com/videos/from-data-center-crawler-to-devrel-with-chris-williamsChapters00:00 Introduction and Background04:12 The Value of Certifications in Tech10:23 The Evolution of Learning and Upskilling12:46 DevRel Journey and Community Engagement15:53 AWS Hero Program and Community Impact21:44 Navigating Multiple Roles in Tech23:38 Navigating Career Transitions28:20 The Role of a Cloud Therapist32:56 Consulting: The Thrill of New Challenges

Infrastructure gets written off as table stakes, but if you've actually shipped software, you know how much pain comes from the friction between layers of the stack. In this RedMonk Conversation, Rachel Stephens sits down with Jay Thontakudi, Principal Product Marketing Manager at Broadcom, to dig into why the partnership between VMware Cloud Foundation (VCF) and Canonical is more than "Linux runs on VMware."The conversation gets at a problem most enterprises quietly live with: developers build on Ubuntu, then watch their code land on a different Linux distribution in staging and production. Jay and Rachel talk through what it means to close that gap, and why treating the hypervisor and the OS as one supported thing rather than two vendors pointing fingers is as much a security story as it is a developer experience one.For additional information please visit: - https://vmware.com/products/cloud-infrastructure/vmware-cloud-foundation- https://canonical.comThis RedMonk conversation is sponsored by VMware by Broadcom.Show notes: https://redmonk.com/videos/ubuntu-on-vcf/Chapters: 00:00 - Introduction02:06 - What is VCF?03:55 - The Broadcom & Canonical Partnership 05:58 - Why Ubuntu? Bridging the Dev-to-Production Disconnect 08:18 - Security & Stability: A Unified Stack and Support Model 10:12 - Why Developer Experience is Security 11:21 - VMware's Open Source Strategy15:24 - Conclusion & Upcoming Technical Deep Dive

Stephen O'Grady sits down with Adam Jacob, CEO and Co-Founder of System Initiative, for a candid conversation about what it actually feels like to build software in the age of AI agents. Adam describes his team's decision to go "absolute AI maximalist," letting a five-person crew produce 150,000 lines of TypeScript that no human has fully read, and why that experience broke every assumption he had about estimation, trust, risk, and team dynamics. The two trace the emergence of three distinct camps in the developer world: skeptics, cautious adopters still treating AI as fancy autocomplete, and a growing third group who are no longer writing the software they ship but instead building the systems that build it. Adam argues the shift is less about cost reduction than raw velocity—an orders-of-magnitude increase in pressure that will burst every existing process, compliance framework, and social norm in software development. Along the way, they explore why the old practice of user acceptance testing is suddenly relevant again, why domain-driven design matters more than ever when you can't read every line of code, and why the magnitude of this transition may rival the transistor. Adam closes with practical career advice for engineers: learn software architecture, study systems design, and start building agents at home, because the people who understand how to construct the machine that constructs the software will define the next era.Show notes: https://redmonk.com/videos/adam-jacob-ai-maximalistChapters00:00 Introduction to AI and Reality01:42 Adam's Journey with AI05:19 The Shift to AI Maximalism09:49 The Three Camps of AI Users12:41 Building Software with AI19:23 Implications of AI on Software Development23:52 Navigating the Evolving Landscape of Software Development29:38 The Impact of AI on Software Engineering35:15 The Infinite Demand for Software43:41 Career Advice for Aspiring Engineers

At KubeCon EU 2026 in Amsterdam, James Governor sits down with VMware by Broadcom's Timmy Carr and Himanshu Singh to unpack how VMware is tackling two of the biggest challenges facing European enterprises today: complexity and sovereignty. The conversation explores how VCF and VKS are designed to simplify Kubernetes adoption for IT and platform teams, offering a fully declarative API that unifies the management of VMs, containers, and AI workloads under one consistent operational model. The discussion then turns to digital sovereignty, where Timmy and Himanshu explain how VCF's flexible deployment options—from on-prem data centers to sovereign cloud providers—help organizations keep data and workloads within regulatory boundaries. They also dig into VMware's ecosystem strategy, emphasizing CNCF-certified compatibility and recent validations with partners aimed at ensuring VKS can serve as a drop-in replacement for any Kubernetes runtime.This RedMonk conversation is sponsored by VMware by Broadcom.Show notes: https://redmonk.com/videos/sovereignty-meets-simplicity-for-vmware-by-broadcom-at-kubecon-eu-2026Chapters:00:00 Introductions from KubeCon EU Amsterdam 00:47 Cloud-Native Complexity Needs Simplification 01:44 VCF and VKS Simplify Kubernetes 04:04 Declarative APIs for Platform Teams 05:21 Digital Sovereignty in Europe Today 05:55 Deploying VCF for Sovereign Clouds 07:47 Private AI, Security, and Compliance 09:36 Building the Partner Ecosystem 10:05 Bring Your Own CNI 12:09 Validations with F5, Tigera, Kong 14:16 Drop-In Kubernetes Runtime Replacement 14:45 Wrap-Up and Final Thoughts

James Governor of RedMonk sits down with VMware by Broadcom's Dilpreet Bindra and Zach Shepherd at KubeCon Europe 2026 in Amsterdam to unpack what they call "the best kept secret in the industry": VMware by Broadcom's deep, sustained contributions to the CNCF and Kubernetes ecosystem. The conversation covers VMware's shift to exposing Cluster API directly as a product commitment, the etcd diagnostic tooling they've open-sourced for the whole community, and the journey of Velero from an internal project to a CNCF sandbox project with maintainers from Red Hat, Microsoft, and beyond. The trio also digs into the significance of CNCF's new AI platform conformance program, VKS's certification as a Kubernetes AI platform, and why workload portability matters more than ever as the AI tooling landscape explodes. Dilpreet and Zach close with what's got them buzzing at the biggest KubeCon Europe yet — from llm-d's CNCF sandbox acceptance to the quality of customer conversations happening on the show floor.This RedMonk conversation is sponsored by VMware by Broadcom.Show notes: https://redmonk.com/videos/vmware-by-broadcoms-open-source-story-at-kubecon-eu-2026/Chapters:00:00 Introductions: Meet Dilpreet Bindra and Zach Shepherd from VMware by Broadcom01:07 The Best Kept Secret: VMware's History as a Top CNCF Contributor01:50 Betting on Cluster API: Moving from Proprietary to Open Source02:24 Chopping Wood, Carrying Water: Earning Community Trust03:04 The Chop Wood Carry Water Award and VMware's Track Record03:45 The etcd Story: Open-Sourcing Support Tools for the Whole Ecosystem04:52 Leading Projects vs. Sharing Ownership05:46 Velero's Evolution: From VMware Project to CNCF Sandbox06:24 What Is Velero? Kubernetes-Native Backup and Restore07:13 Diverse Maintainership: Red Hat, Microsoft, and Beyond07:57 Why Contributing Velero to the CNCF Is a Strategic Investment, Not a Giveaway08:34 AI, Kubernetes, and the Infrastructure Boom09:06 VKS as a Certified Kubernetes AI Platform and Why Portability Matters10:17 CNCF AI Compliance and the Promise of Workload Portability10:46 KubeCon EU 2026: The Biggest One Yet11:11 What's Most Exciting: llm-d Joins the CNCF Sandbox11:34 Booth Energy and the Depth of Customer Conversations12:07 Wrap-Up

In this RedMonk Conversation, Rachel Stephens sits down with Boris Bialek, VP of Industries and Global Field CTO at MongoDB, to explore why data remains the unshakable foundation beneath the fast-moving world of AI. Boris paints a vivid picture of an industry where every sector—from banking to automotive to insurance—is racing to adopt AI simultaneously, often betting on the "whole racetrack" at once. The conversation traces the rapid evolution from chatbots to RAG architectures to MCP servers and agentic systems, all within roughly 18 months, and asks: what should enterprises actually anchor to when the layers above keep shifting? Boris makes the case that while LLMs, frameworks, and protocols will come and go, your data is the one asset you truly own and control. Along the way, they dig into real-world use cases like predictive maintenance on factory floors and intelligent airline customer service, the role of real-time vectorization and embedded models (including MongoDB's acquisition of Voyage AI), and the critical importance of encryption and governance when machines start talking to machines. The takeaway: building a strong, unified data platform isn't just a database decision — it's the strategic foundation for enterprise AI transformation.This RedMonk conversation is sponsored by MongoDBShow notes: https://redmonk.com/videos/ai-data-boris-bialek/Chapters:00:00 Introduction to the Conversation01:23 Navigating the Rapidly Evolving Tech Landscape04:38 The Importance of Data Ownership11:22 Unified Data Platforms and AI Integration17:34 The Evolution of AI and Agentic Systems23:15 Compliance, Governance, and Data Security25:27 Conclusion: The Central Role of Data