SHOW NOTES

In this AMA (Ask Me Anything) edition of SecOps Weekly, Keith McCammon and Brian Donohue explore how AI agents are being used in security operations, focusing on Red Canary’s implementation of agentic AI for threat detection and investigation.

Keith and Brian discuss how AI agents handle both data enrichment tasks and analytical problems, with detailed examples of identity event investigations and the practical challenges of scaling security operations.

The conversation also covers DLL hijacking detection techniques, including how to spot relocated system binaries and create detection logic for masquerading attacks. Additionally, they chat about critical security issues like social engineering in the age of deepfakes, emphasizing the need for robust identity verification processes for help desk interactions.

Finally, they explore supply chain security challenges, particularly around malicious packages in open source repositories and the difficulty of implementing security controls in fast-paced development environments.

TIMESTAMPS

• 00:00 – Intro
• 01:02 – Welcome to SecOps Weekly
• 02:31 – Agentic AI in SecOps
• 13:59 – DLL hijacking
• 18:31 – Today’s most pressing security issues