Join hosts Joel Moses, Oscar Spencer, and Matt Yacobucci as they dive deep into the world of formal verification with special guest Chris Fallin. In this episode of WebAssembly Unleashed, the team discusses the importance of formal verification in software development, particularly for WebAssembly. Chris, a co-author of the Cranelift compiler and Mozilla alum, explains the concept of formal verification, its significance, and how it can be applied to ensure software correctness and security. The conversation covers a range of topics including type safety, the use of SMT solvers, the challenges in formally verifying compilers, and the potential role of AI in generating formally verified code. Don't miss this insightful discussion if you're keen to learn about cutting-edge techniques to make software more reliable and secure. 00:00 Welcome to WebAssembly Unleashed 00:57 Community Updates 01:41 Guest Introduction: Chris Fallin 02:18 What is formal verification and why is it important? 03:10 Formal Verification in WebAssembly 06:28 Challenges and Real-World Applications 07:52 Tools and Techniques for Verification 20:22 Future Directions and Broader Implications 28:21 AI and Formal Verification 30:44 Lack of Formal Verification Consequences Did you miss the WebAssembly Unleashed episode 16 with Bruce Gain? Check it out here: https://youtu.be/Gjd8l1Sz9qY?si=QGixwObXJgvex9DS For more from F5's Office of the CTO visit the following sites: Blogs - https://www.f5.com/company/octo Reports - https://www.f5.com/services/resources/reports Meet Your Hosts: Joel Moses | https://www.linkedin.com/in/joelmoses/ | https://community.f5.com/users/joel_moses/398372 Oscar Spencer | https://twitter.com/oscar_spen | https://www.linkedin.com/in/oscarspen/ Matthew Yacobucci | https://www.linkedin.com/in/matthew-yacobucci-323b4b2/

Joins hosts Joel Moses and Oscar Spencer as they delve into the world of WebAssembly with special guest Andreas Rossberg, co-designer of the WebAssembly specification. Andreas shares insights on SpecTec, a domain-specific language designed to streamline and verify the WebAssembly specification. The discussion covers the evolution of SpecTec, its impact on WebAssembly proposals, and future possibilities for its application. Additionally, Andreas discusses his background in functional programming, challenges in compiler development, and the surprising uses of WebAssembly in the tech ecosystem. Whether you're a novice or a seasoned developer, this episode offers a comprehensive look into the future of WebAssembly and its growing influence in technology. Chapters: 00:00 Welcome to WebAssembly Unleashed 01:20 Exciting WebAssembly Developments 02:34 Special Guest: Andreas Rossberg 04:35 Functional Programming Insights 11:37 WebAssembly Specification and SpecTec 22:02 Test Matrix Generation for WebAssembly 23:49 Will SpecTec make WebAssembly proposals move any faster? 24:57 Reference Interpreter and Meta Interpreter 27:56 SpecTec's Potential Applications 30:54 Comparing SpecTec with Other Tools 32:34 Motivation and Commitment to WebAssembly and SpecTec 36:10 Surprising Uses and Future of WebAssembly 39:38 What area should the WebAssembly community work on next? For more from F5's Office of the CTO visit the following sites: Blogs - https://www.f5.com/company/octo Reports - https://www.f5.com/services/resources/reports Meet Your Hosts: Joel Moses | https://www.linkedin.com/in/joelmoses/ | https://community.f5.com/users/joel_moses/398372 Oscar Spencer | https://twitter.com/oscar_spen | https://www.linkedin.com/in/oscarspen/ Matthew Yacobucci | https://www.linkedin.com/in/matthew-yacobucci-323b4b2/

Join Aubrey and Byron at RSA Conference 2025 as they dive into transformative topics like artificial intelligence, red teaming strategies, and post-quantum cryptography. From exploring groundbreaking OWASP sessions to analyzing emerging AI threats, this episode highlights key insights that shape the future of cybersecurity. Discover the challenges in red team AI testing, the implications of APIs in multi-cloud environments, and how quantum-resistant cryptography is rising to meet AI-driven threats. Don't miss this exciting recap of RSA 2025! 00:00 Introduction 00:47 Personal Conference Highlights 03:07 PQC Meanderings 05:44 AI Red Teaming 11:21 OWASP Compass / CISO Checklist 13:03 A Prompt Injection Tale 14:03 Protect Your System Prompts 15:00 Beyond The Hype Cycle? 17:17 From The Show Floor 19:03 Dreadnode Dyana Sandbox 21:35 More From The Floor 22:53 Deepfakes 25:38 The Allure Of Using Obvious AI 26:22 Gonna Take Crucible For A Spin 27:12 Final Conference Thoughts 30:45 Outro

🔒 Welcome to this week’s episode of AppSecNow, the DevCentral podcast dedicated to all things application security! 🚨 This week, we unpack critical updates including: 💥 A zero-day SAP CVE with a CVSS score of 10—what it means, how it's being exploited, and what you can do to defend against it. 🛠️ A groundbreaking Parquet tool from F5 Labs that simplifies vulnerability testing for critical supply chain security issues. Link: https://github.com/F5-Labs/parquet-canary-exploit-rce-poc-CVE-2025-30065 🌍 The EU Cyber Resilience Act—what it means for manufacturers, open-source stewards, and secure-by-design initiatives. Learn how AppSec professionals leverage cutting-edge tools and protocols to tackle some of the biggest challenges in software security today. Whether you're prepping for RSA or managing zero trust architectures, this episode is packed with actionable insights! ✅ Like, subscribe, and follow to keep up with the latest in application security. 00:00 Introduction 02:20 Parquet Tool 06:30 VulnCon 2025 09:09 EU Cyber Resilience Act 16:45 CVE Program Chaos 20:29 Pay Your Tolls! 27:17 SAP Critical Vulnerability 29:18 Outro

It's AI Friday and we're diving into the world of artificial intelligence like never before! 🎩 On this Hat Day edition (featuring NFL draft banter), we discuss fascinating topics like LLMs (Large Language Models) and their trust—or lack thereof—in humanity, Google's innovative Agent-to-Agent (A2A) protocol, and how politeness towards AI incurs millions in operational costs. We also touch on pivotal AI conversations around zero trust, agentic AI, and the dynamic collapse of traditional control and data planes. Join us as we dissect how AI shapes the future of human interaction, enterprise-level security, and even animal communication. Don't miss out on this engaging, informative, and slightly chaotic conversation about cutting-edge advancements in AI. Remember to like, subscribe, and share with your community to ensure you never miss an episode of AI Friday! 00:00 Introduction 02:23 What Do LLMs Think Of Us? 15:26 At What Cost, Politeness? 25:33 Google Agent2Agent Protocol 35:57 Outro

Join Merlyn Chase, MegaZone, and Aubrey on this week’s AppSec Now podcast as they dive into the latest topics in application security! 🚀 From the recent B-Sides Seattle conference to critical discussions on EV car hacking, cybersecurity quandaries, AI-generated passports bypassing KYC, and Japan’s groundbreaking Active Cyber Defense Bill—you don’t want to miss this one. Plus, learn how AppSecNow is keeping you ahead with insights by F5 Labs and the F5 Security Incident Response Team. Stay informed, stay secure—like, subscribe, and follow for all things AppSec! 00:00 Introduction 03:10 EV Car Hacking 12:25 AI Generated Passports 21:35 LLMs Do Not Trust Humans 28:31 Japan's Active Cyber Defense Bill 34:19 Outro

It's AI Friday! This week, we unpack the latest AI news and trends, including the top AI use cases for 2025, intriguing new developments from OpenAI, AI in nuclear safety with PG&E (what could possibly go wrong?), novel defenses against prompt injection attacks with CaMeL, and even LLM-powered conversations with dolphins. Join Aubrey, Joel, Ken, and Byron as they blend in-depth insights with good-natured humor. Don't miss out—like and subscribe for your weekly infusion of AI amazement! 00:00 Introduction 01:37 2025 Top AI Use Cases 09:55 Models Thinking With Images 10:47 Break Glass In Case Of SkyNet 15:14 PG&E - AI In Nuclear Reactor 21:48 Can A CaMeL Fix Prompt Injection? 29:16 DolphinGemma LLM?? 35:39 Outro

Join our AppSec experts—Merlyn, Malcolm, MegaZone, and host Chase Abbott—as they dig into some of the latest stories shaking up the cybersecurity world. This week's AppSec Now explores an active campaign targeting Amazon EC2 instance metadata via SSRF vulnerabilities, and why that's a wider-reaching problem than you might think. We discuss Oracle's controversial handling of their cloud breach and the impact of trust in the disclosure process. Also in the mix: malicious NPM packages deployed by North Korean hackers, a sneaky Golang malware employing "click-fix" tactics for crypto theft, and a critical Apache Parquet remote code execution bug rated CVSS 10.0—but how worried should we really be? 🔗 Relevant Links Here: https://community.f5.com/kb/security-insights/oracle-hack-north-korean-hackers-critical-flaw-in-apache/340708 00:00 Introduction 04:01 F5 Labs: AWS EC2 SSRF 10:44 Oracle Cloud Breach 16:44 Verizon iOS App Exposure 20:23 BeaverTail Malware via NPM 24:43 Golang Ghost Malware 28:34 Apache Parquet RCE - CVSS 10 !!! 34:12 Outro

Gear up for another deep dive! In this episode of AI Friday, we've got the crew—Aubrey, Joel, Byron, and Pete—ready to unpack the latest in AI technology and hardware. Join us as we break down Google's groundbreaking Ironwood TPU, exploring its impressive potential and the math behind AI acceleration. We'll also examine OpenAI's brand-new Agent, Operator, discussing how effectively it can handle real-world tasks and possible security implications. As we look ahead, we dissect the cybersecurity threats anticipated for 2025, from ransomware to AI-powered attacks, and explore how defenders might keep pace with rapidly evolving threats. Grab your thinking caps and coffee—it's time for another deep dive into the world of AI. 00:00 Introduction 02:15 AI hardware fundamentals explained 13:28 Ironwood TPU 21:29 NVIDIA's Dynamo 31:05 OpenAI Operator 40:37 CyberSec challenges for 2025 53:02 Outro

Join Joel Moses, Oscar Spencer, and Matt Yacobucci as they discuss the latest news and recent developments in WebAssembly, such as Zig 0.140 and projects like running Linux inside a PDF file. This episode features special guest Nick Fitzgerald, a notable contributor to WasmTime and CraneLift, who explains the concept of garbage collection in programming. The discussion covers garbage collection in the context of WebAssembly, diving into algorithms, their implications, and challenges in implementation. They also touch upon the future of WebAssembly in embedded systems and the broader applications of these technologies in various programming languages like Java and Python. Don't miss this engaging and informative episode! Chapters: 00:00 Welcome to WebAssembly Unleashed 00:57 What's interesting this week in WebAssembly? 02:12 Linux PDF: A WebAssembly Feat 03:29 Understanding Garbage Collection with guest Nick Fitzgerald 05:20 Reference Counting vs Tracing Garbage Collection A Unified Theory of Garbage Collection paper: https://courses.cs.washington.edu/courses/cse590p/05au/p50-bacon.pdf 7:22 What's driving the push to get GC into WebAssembly right now? 10:25 What makes Garbage Collection implementation so difficult? 12:09 Challenges in Garbage Collection Implementation 15:19 Are you bound by the language runtime GC or by the Wasm runtime? 19:32 Challenges in Type Systems Implementation 22:59 Object-Oriented Hierarchies and Python 24:34 Garbage Collection Proposal Insights 31:35 Will the end users have extra work? 32:50 Can GC help with Ahead of time Compiling? 35:11 Fuzz Testing and Bug Fixing 36:05 Custom Page Size Proposal 38:03 Future of Garbage Collection Algorithms Did you miss the WebAssembly Unleashed episode with Gilad Bracha? Check it out here: What WebAssembly can learn from JAVA’s history | Ep5 | WebAssembly Unleashed https://youtu.be/BQjTShpa8VM?si=S4sHWZeRqVIbCdn_ For more from F5's Office of the CTO visit the following sites: Blogs - https://www.f5.com/company/octo Reports - https://www.f5.com/services/resources/reports Meet Your Hosts: Joel Moses | https://www.linkedin.com/in/joelmoses/ | https://community.f5.com/users/joel_moses/398372 Oscar Spencer | https://twitter.com/oscar_spen | https://www.linkedin.com/in/oscarspen/ Matthew Yacobucci | https://www.linkedin.com/in/matthew-yacobucci-323b4b2/

At AppWorld 2025, Buu Lam sits down with Haiyan Song, Executive Vice President of CloudOps at NetApp as well as Shawn Wormke, Vice President and General Manager, F5 NGINX. Haiyan and Shawn just wrapped up a keynote on stage and swing by the podcast booth to expand on the insights that they shared on stage. With NetApp being the whole of so much of the world's enterprise data, it makes sense for F5 to partner with them to provide fast and secure connectivity as customers seek to get data out to their AI applications for Retrieval Augmented Generation (RAG) architectures.

Dive into the latest episode of AppSecNow, where we break down the Ingress Nightmare vulnerability impacting NGINX and Kubernetes environments, plus the implications of a critical CVE in Next.js, one of the most widely-used JavaScript frameworks with 9 million weekly downloads. Join Aubrey, Chase, and Merlyn for expert analysis on the security landscape, from Chromium Zero Day concerns to ransomware gangs getting pwned. Stay informed on the front lines of application security with actionable advice from DevCentral's experts. 00:00 Introduction 01:45 IngressNightmare 08:39 Next.js Critical CVE 12:07 Chrome Zero Day 16:22 New Agents For Security Copilot 24:57 HaveIBeenPwned Mail List Leak 27:10 BlackLock RaaS Gang Pwned 30:28 Outro

Join the DevCentral crew as we dive into groundbreaking AI research, explore how OpenAI's GPT models mimic humans, and discuss critical advancements in AI security and ethics. From Turing tests to deepfake controversies, this episode of AI Friday is packed with thought-provoking insights and practical takeaways for the AI-powered future. Whether you're an enthusiast or in the IT trenches, don’t forget to subscribe to keep up with the conversation. Secure your AI journey. Stay informed. Stay connected. It's time to redefine intelligence—welcome to AI Friday! 00:00 Introduction 02:45 AI PASSES TURING TEST! 12:13 Tracing LLM Reasoning 22:41 AI Image Ethics 31:51 Model Context Protocol 44:27 Outro

Welcome to the 31st episode of AppSec Now! This week, our hosts Aubrey, David Warburton, Chase Abbott, and MegaZone get into some hot topics in the world of application security. Our focus is on the latest F5 Labs Advanced Persistent Bots report, highlighting the ever-evolving landscape of bot attacks and the importance of robust mitigation strategies. We analyze Google's hefty $32 million acquisition of Wiz, exploring what this move means for the tech giant's security posture and its potential impact on the cloud security market. We also tackle the sensitive topic of personal data with a focus on 23andMe's bankruptcy and the critical steps you should take to safeguard your genetic information. Finally, we explore the emerging trend of "vibe coding" and its implications for both seasoned developers and novices. Join us for these engaging discussions and more, and don't forget to like, subscribe, and leave a comment with your thoughts! 00:00 Introduction 01:08 Google / Wiz Deal 04:57 Electrical Fire Closes Heathrow 12:39 23andMe Bankrupt! Delete data. 19:10 Advance Persistent Bots Report 32:06 Vibe Coding Roundtable 42:37 Outro

Welcome to AI Friday! In this episode, we dive into the latest developments in Generative AI Security, discussing the implications and challenges of this emerging technology. Join Aubrey from DevCentral and the OWASP GenAI Security Project, along with an expert panel including Byron, Ken, Lori, and special guest Steve Wilson, as they explore the complexities of AI in the news and the evolving landscape of AI security. We also take a closer look at the fascinating topic of vibe coding, its impact on software development, and the transformative potential of AI-assisted coding practices. Whether you're a developer, security professional, or an AI enthusiast, this episode is packed with insights and expert opinions that you won't want to miss. Don't forget to like, subscribe, and join the conversation! 00:00 Introduction 02:16 Agentic Risks vs. Rewards 04:19 Steve Wilson & OWASP GenAI Security Project 18:25 DeepSeek & Inference Performance 28:41 Vibe Coding 51:01 Outro

Join us for the thirtieth episode of AppSecNow, a DevCentral podcast dedicated to the latest trends and threats in the application security (AppSec) world. In this episode, host Aubrey King is joined by Malcolm Heath, Chase Abbott, and MegaZone to dive into recent security incidents and developments, including a detailed analysis of the Coinbase phishing scam, the resurgence of user-mode rootkits with OBSCURE#BAT, the BRUTED brute force campaign and KoSpy, a sophisticated Android spyware campaign linked to North Korean threat actors. Stay informed with custom-curated content from F5's Security Incident Response Team and relevant data from F5 Labs. Discover how attackers are evolving their methods and learn practical tips to protect your applications from these emerging threats. Whether you’re a security professional or just interested in the latest in cybersecurity, this episode has something for you. 00:00 Introduction 01:52 Coinbase Phishing Scam 12:24 BRUTED Brute Force 18:26 OBSCURE#BAT Malware 21:14 KoSpy Android Spyware 33:15 CISA KEV Updates 34:19 Outro

Join us for our first live episode of AI Friday, where we delve into the latest and most exciting developments in the world of artificial intelligence. This week, we discuss the major announcements from NVIDIA's GTC conference, including insights on their new Blackwell chips and the fascinating advancements in autonomous vehicles. Our very own Buu Lam from DevCentral shares his firsthand experience and key takeaways from the event. In addition, we explore the groundbreaking world of robotics, highlighting how Disney's cute robots, powered by NVIDIA and Google DeepMind, are set to revolutionize the industry. We also tease our upcoming episode featuring Steve Wilson, where we will discuss the OWASP Gen AI Security Project and its implications for large language model applications. Don't miss out on this engaging and informative discussion! 00:00 Introduction 02:10 Buu Lam Event Summary 11:33 Want Fish With All Those New Chips? 17:23 DGX Spark & Station 21:20 Robotics: Groot & Newton 28:42 Nemotron Model Family 36:14 Outro

Join us as we dive into the exciting world of quantum computing and AI at App World 2025, held at the fabulous Fontainebleau in Las Vegas. Aubrey from DevCentral hosts a fascinating discussion with Daniela Pontes and Brett Wolmarans from F5. They explore the latest advancements in AI, the impact of quantum computing on cybersecurity, and what the future holds for post-quantum cryptography. Discover how F5 is leveraging AI to optimize and secure applications, and learn about the recent release of the AI gateway. Daniela delves into the looming threat of quantum computing on current cryptography standards, explaining the importance of transitioning to quantum-resistant algorithms and even a little on quantum networking. Stay tuned for insights on how industries like finance and healthcare are preparing for a quantum future. Don't miss this episode full of expert knowledge and cutting-edge technology! Discover how F5 is leveraging AI to optimize and secure applications, and learn about the recent release of the AI gateway. Daniela delves into the looming threat of quantum computing on current cryptographic systems, explaining the importance of transitioning to quantum-resistant algorithms. Stay tuned for insights on how industries like finance and healthcare are preparing for a quantum future. Don't miss this episode full of expert knowledge and cutting-edge technology!

Welcome to the latest episode of AppSec Now, a DevCentral podcast dedicated to the ever-evolving world of application security. In this episode, Chase takes the reins while Aubrey is away, joined by Malcolm Heath, a principal researcher at F5 Labs, and the illustrious MegaZone, a principal security engineer on the SIRT team. We dive deep into the recent Apache Camel remote code execution vulnerability, discussing the initial panic and the eventual revelation that it was a medium-severity CVE with narrow impact. We also explore the ongoing debate on government backdoors in end-to-end encryption, with insights on the recent stances of Signal and Apple. Finally, we shed light on the recent DDoS attack on X (formerly Twitter), attributed to Dark Storm, and discuss the complexities of attributing such attacks. Stay informed and up-to-date with the latest trends and threats in the AppSec world! References: https://community.f5.com/kb/security-insights/appsec-camels-typhoons-and-backdoors/340217 00:00 Introduction 00:59 Apache Camel RCE 10:09 Silk Typhoon 16:11 Government Encryption Backdoors 25:51 X (Twitter) DDoS 30:25 VulnCon Comin' Up! 32:16 Outro

Join hosts Joel Moses, Oscar Spencer, and Matthew Yacobucci as they discuss recent WebAssembly advancements, such as data science in browsers with WebR, LibreOffice now running as ZetaOffice, and a unique case study from Dagger.IO on replacing a React front end with Go and WebAssembly. The team is joined by special guest, journalist and analyst Bruce Gain, who shares his insights on the impact of WebAssembly in gaming and its applications in various industries. Topics include performance benchmarking, the evolution of WebAssembly, and its potential tipping points for mainstream media attention. Tune in for an engaging conversation about the future of WebAssembly and its broader implications. Chapters: 00:00 Welcome to WebAssembly Unleashed 00:57 Exciting WebAssembly Developments 02:38 Oscar's Insights from the Wasm Community 04:28 Special Guest: Analyst and Journalist Bruce Gain 05:22 WebAssembly in Gaming 09:16 Future of Gaming with WebAssembly 13:03 Media Perspective on WebAssembly 15:08 WebAssembly Garners Media Attention 19:06 What can WebAssembly do to create a media tipping point? 21:36 Security Implications of WebAssembly 24:04 AI and WebAssembly: A Synergistic Future 28:40 ReveCom Project and Benchmarking Efforts 34:16 Future of WebAssembly in Media and Technology Read more on recent developments discussed by the hosts: Replacing React with Go: https://dagger.io/blog/replaced-react-with-go R in the Browser: https://blog.jupyter.org/r-in-the-browser-announcing-our-webassembly-distribution-9450e9539ed5 LibreOffice built for the Wasm runtime: https://www.theregister.com/2025/02/13/libreoffice_wasm_zetaoffice/ ; https://zetaoffice.net/ For more from F5's Office of the CTO visit the following sites: Blogs - https://www.f5.com/company/octo Reports - https://www.f5.com/services/resources/reports Meet Your Hosts: Joel Moses | www.linkedin.com/in/joelmoses/ | community.f5.com/t5/user/viewprof…e/user-id/398372 Oscar Spencer | twitter.com/oscar_spen | www.linkedin.com/in/oscarspen/ Matthew Yacobucci | www.linkedin.com/in/matthew-yacobucci-323b4b2/