The AppSec Insiders
Welcome to The AppSec Insiders Podcast. This is a show where we discuss the hottest topics and latest trends in application and cloud security, and tell you what you need to know
For those who don’t know who we are, we are all software developers, white-hat hackers, and code security experts. When we’re not recording the podcast, we help organizations of all sizes with their cybersecurity needs.
If you’re an AppSec professional looking for an opportunity to work with some of the best in the industry, or a developer with an interest in cybersecurity, be sure to check out our careers page at ForwardSecurity.com/careers
We would greatly appreciate it if you subscribed to the podcast wherever you listen to the show, and be sure to follow us on LinkedIn and Twitter at Forward Security. Links are in the show notes.
• https://www.ForwardSecurity.com
• https://www.linkedin.com/company/fwdsec/mycompany/verification/
• https://twitter.com/fwd_sec
The AppSec Insiders
Latest Episodes
The Leakiest Year Ever: A Deep Dive into the 2026 State of Secret | The AppSec Insiders Podcast Ep.20
In this episode, we sit down with Dwayne McDaniel, Principal Developer Advocate at GitGuardian, to discuss the alarming rise of secret sprawl in 2025. With over 28 million hard-coded secrets leaked on public GitHub last year alone — a 34% incre...
LLM Vulnerabilities and Prompt Injection: AppSec News Deep Dive | The AppSec Insiders Podcast Ep.19
In this episode, we explore the emerging security risks of AI and LLMs in modern applications. Iman shares real-world experiences bypassing AI guardrails like LlamaGuard and OpenAI Shield, while the team discusses prompt injection attacks, syst...
Fake Extensions to AI Bug Hunters: AppSec News Deep Dive | The AppSec Insiders Podcast Ep.18
In this episode of The AppSec Insiders Podcast, we dive into two major security stories making headlines: a fake Solidity extension that drained a developer’s crypto wallets, and Google’s AI-powered tool “Big Sleep” uncovering a critic...
SQL Injection to RCE: Fortinet's Critical Vulnerability Exposed | The AppSec Insiders Podcast Ep. 17
On this episode of The AppSec Insiders Podcast, we dive into CVE-2025-25257, a Fortinet FortiWeb Fabric Connector SQL injection vulnerability that escalates to RCE. We break down how this exploit works, why it’s so impactful, and what le...
Prompt Injection to RCE: When AI Gets Compromised | The AppSec Insiders Ep.16
In this episode, we unpack CVE-2025-49596, where prompt injection, CSRF, and localhost access were chained to achieve RCE in the MCP Inspector AI tool. Learn how the exploit worked, what it reveals about LLM security risks, and how to de...