Crying Out Cloud

Hosted by Wiz

TechnologyInterviews guests

Website RSS feed

Episodes

Latest episode

May 2026

Language

EN-US

About the show

Welcome to "Crying Out Cloud," the monthly podcast that keeps you up to date with the latest cloud security news. Hosted by experts Eden Naftali and Amitai Cohen, each episode provides in-depth coverage of the most important vulnerabilities and incidents from the previous month. Tune in for insightful analysis and expert recommendations to help you safeguard your cloud infrastructure.

Listen to episodes

60 recent

May 20, 2026Episode 350 min

The Linux CopyFail Vulnerability & AI Bug Hunting with Xint

The AI bug hunting revolution is here, and it just broke Linux.On this episode of Crying Out Cloud, Eden Koby Naftali & Amitai Cohen sit down with Tim Becker and Jacob Newman from Xint to unpack CopyFail, a powerful vulnerability found using autonomous AI agents.1. How Xint's custom LLM harness uncovered CopyFail, a privilege escalation bug affecting almost every Linux machine since 2017.2. The harsh reality of vulnerability disclosure in the AI era and why 90 days is too long when models can weaponize exploits instantly by patch-diffing.3. The evolution of AI agents in security, from the DARPA AI Cyber Challenge to Claude 3.5 Sonnet to Mythos.4. The importance of benchmarking in agentic workflows.

May 1, 2026Episode 213 min

Hacking GitHub with a Semicolon & Claude with Sagi Tzadik

Wiz researcher Sagi Tzadik joins us to break down how a single semicolon led to a critical Remote Code Execution (RCE) vulnerability in GitHub.For two years, Sagi sat on a lead. Reverse engineering GitHub's microservices manually was too tedious to justify the time. Then, AI agents arrived. By hooking Claude directly into his reverse engineering software, he condensed months of grueling binary analysis into 48 hours. The result? A critical bug in how GitHub handles git push options that exposed both SaaS and Enterprise environments. We get into the weeds on how different microservices interpreting the same input differently creates massive attack surfaces, and why security by obscurity is officially dead in the age of AI.What's Inside:- How combining Claude with the IDA MCP server dramatically sped up the reverse engineering process- The technical anatomy of the GitHub semicolon vulnerability.- Why microservice communication breakdowns lead to critical RCEs.- The massive difference in impact between GitHub.com and GitHub Enterprise Server.- Why Enterprise users need to patch their instances immediately.Resources:- Learn more about the findings at: https://www.wiz.io/blog/github-rce-vulnerability-cve-2026-3854

February 24, 2026Episode 139 min

Protecting Vibe Coded Apps and the Shift to "Soft Guardrails" with Igor Andriushchenko

Igor Andriushchenko joins Crying Out Cloud to explain how vibe coding changes the role of security engineers. The shift from typing lines of code to shaping entire systems means security teams need new strategies. Developers expect their shipping velocity to increase tenfold with AI assistance. Relying on traditional hard deployment blocks will only cause friction. If you want to understand how to build secure guardrails for AI development without destroying developer momentum, this conversation covers the exact mechanics.What's Inside:The evolution of the Stockholm tech scene and human ambition driven by AI.How Lovable empowers non-developers to build disposable and deeply specific software.The concept of "soft guardrails" and why hard blocks fail in AI-assisted workflows.Future capabilities of AI pen testing using hundreds of autonomous agents.The shared responsibility model when business users build internal applications.

February 12, 2026Episode 1924 min

Neuroscience, AI Research & Hiring Swifties with Alon Schindel

Agentic AI is coming. Are defenders ready?Alon Schindel, Director of Data & Threat Research at Wiz, joins Eden and Amitai for the Season 3 Finale. This isn't just a recap. It is a look at how top-tier research teams operate at speed. Alon explains why Wiz treats research as a "product" rather than a support function. He details the "DeepLeak" discovery where his team found thousands of exposed API keys mere hours after a platform's popularity spiked.What's Inside:Agentic AI: Why 2026 will be the year AI starts taking action, not just chatting.Speed as a Weapon: How to shorten the time between a zero-day and a detection.Culture: The power of the "Table" and collaborative chaos.Retrospective: Lessons from IngressNightmare and the year in vulnerabilities.Resources:Read the DeepLeak Research: https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leakWiz Threat Research Hub: https://www.wiz.io/research

February 3, 2026Episode 1812 min

Hacking Moltbook with Gal Nagli

🚨 Vibe coding meets critical data exposure: The Moltbook Hack.On this episode of Crying Out Cloud, Eden Koby Naftali & Amitai Cohen sit down with Wiz researcher Gal Nagli to unpack how he compromised the "Facebook for AI Agents" in under an hour ↓How a simple boolean manipulation (valid: false to true) bypassed authenticationCloud Database misconfigurations and the failure of Row Level Security (RLS)How Claude Code was used to identify and exploit the vulnerabilityThe security reality of "Vibe Coding" and zero-manual-code applications

January 15, 2026Episode 1717 min

CodeBreach: Hijacking the AWS Console with Yuval Avrahami

🚨 Everything you need to know about CodeBreach with Yuval AvrahamiOn this episode of Crying Out Cloud, Eden Koby Naftali & Amitai Cohen sit down with Wiz researcher Yuval Avrahami to unpack a major supply-chain flaw that put cloud environments at risk ↓Misconfigured CodeBuild instances used by AWS themselvesOne small regex mistake, huge consequencesHow an SDK used by the AWS Console could have been hijacked (!)The CI/CD controls that can mitigate this risk

January 1, 2026Episode 1819 min

React2Shell, Shai-Hulud 2.0, Gogs Zero-Day & Tika RCE

🎙️ Shai-Hulud, Shai-Hulud 2.0, are you keeping up?In this episode of Crying Out Cloud, Eden Koby Naftali & Amitai Cohen go deep into real-world cloud security incidents ↓How Shai-Hulud evolved into Shai-Hulud 2.0A vulnerability affecting Apache TikaReact2Shell and its implicationsGogs zero-day explainedYou DONT want to miss this!This is a technical, concrete conversation focused on how attacks actually happen, how they evolve, and what defenders need to understand to keep up.

December 8, 2025Episode 1722 min

Live Talk: Security Minds from Google Cloud, AWS & Wiz

🎙️ AI is changing the rules of cyber, are you keeping up?Eden Naftali goes live with leading voices in cloud security:Ryan Nolette (AWS), @John Miller (Google Cloud), and Alon Schindel (Wiz). This episode is essential listening for anyone defending at cloud scale. 👇🔍 Inside ↓1) How AI is supercharging attacker tactics — from hyper-variable phishing to rapid exploit generation2) The rise of "AI slop" and why it's burning analysts' time3) Emerging AI bug-hunters — what they can (and can't) do

November 14, 2025Episode 1625 min

Cloud Detection Engineering, AI in the SOC and Parallel Parking with Alex Hurtado

Detection engineering just got real!Eden Naftali and Amitai sit down with detection engineering powerhouse Alex Hurtado - and it's a must-listen for anyone in cloud security. 👇🔍 What's inside:The evolution of detection engineering in the cloud — and why traditional rules no longer applyWhy DIY detections > vendor defaultsHow AI is reshaping detection and threat hunting (and why the human in the loop still wins)

November 7, 2025Episode 1529 min

VSCode Extension Secrets, RediShell, & Living-off-the-LLM

🔍 From discovering VS Code supply chain risks → to uncovering Redis Shell vulnerabilities.Eden Naftali and Amitai sat down to unpack: 👇How VS Code extensions became a critical supply chain risk (w/ Rami McCarthy)What RediShell reveals about attacker innovationWhere AI is being weaponized in modern malware🎙️ Listen now to our NEW Crying Out Cloud episode