Host Commentary

Show Notes

This is a guest conversation episode of Ship It Weekly, separate from the weekly news recaps.

In this Ship It: Conversations episode, I talk with Kat Traxler of Vectra AI about AI security, the zero-day clock, IAM, cloud risk, AI-assisted bug hunting, and why the scariest future security problems may still start with the boring fundamentals teams already struggle with today.

Kat is a Principal Security Researcher at Vectra AI focused on abuse techniques and vulnerabilities in the public cloud, especially around the intersection of cloud security, AppSec, IAM, managed identities, and insecure-by-design flaws.

We talk about the current AI security mood, from the excitement around faster research and bug hunting to the fear that AI could shrink the window between vulnerability disclosure and exploitation. Kat explains the “San Francisco Consensus,” why the zero-day clock is getting so much attention, and why she thinks the facts may be real while some of the conclusions are overextended.

The bigger theme here is that AI is absolutely changing security work, but it does not erase the fundamentals. Attackers still take the lowest-friction path that works. For most teams, that still means credentials, IAM, misconfigurations, known vulnerabilities, and systems that were never threat-modeled as deeply as people assume.

Highlights

• Why AI security feels exciting and unsettling at the same time

• What the “San Francisco Consensus” means and why people are talking about the zero-day clock

• How AI may shrink the time between vulnerability disclosure and exploitation

• Why Kat is skeptical of the full “zero-day apocalypse” narrative

• Why credentials, IAM, misconfigurations, and known vulnerabilities still matter most for many teams

• How AI helps narrow the search space in bug hunting and security research

• Where AI is useful for code-level bugs, and where it still struggles with context and threat modeling

• Why human expertise still matters when using AI for writing, research, and cloud security analysis

• Why IAM remains hard because it sits at the intersection of people, access, and technology

• What insecure-by-design flaws are, and why AI may not solve those anytime soon

Kat / Vectra AI links

• Kat Traxler at Vectra AI: https://www.vectra.ai/about/author/kat-traxler

• Kat’s site: https://kattraxler.cloud/

• The San Francisco Consensus: https://kattraxler.cloud/the-san-francisco-consensus/

• Kat on X: https://x.com/NightmareJS

• Vectra AI: https://www.vectra.ai/

Our links

More episodes + show notes + links: https://shipitweekly.fm

On Call Brief: https://oncallbrief.com

👤 Guest

Kat Traxler of Vectra AI
Brian Teller
Hosted by
Brian Teller

25 years in production: DevOps, SRE, platform, and cloud. DevOps Institute & ITIL Ambassador.

More about Brian Teller →