RA

Random but Memorable

1Password

Future of AI and Risk Analysis

From How to start vibe coding without compromising security with Jeff MalnickJun 9, 2026

Excerpt from Random but Memorable

How to start vibe coding without compromising security with Jeff MalnickJun 9, 2026 — starts at 0:00

Welcome to Random Up Memorable, a podcast from One Password. I'm Matt Davy, One Password's Chief Eperience Officer. I'm Sarah, one of the founders at One Password. I'm Ru, Head of Password Manager Dvelopment. I'm Anna, the producer behind the show. and we're the host behind Random Up Memmorable. Together, we offer up biwekly security advice, interview special guests from the cybersecurity community and round up the latest security news in Watchtower Weekly Plus, we may play a silly security game or two So sit back and enjoy the show Oh now there's stuff to do in Philadelphia. There's definitely stuff to do. Yeah. All right. There's there's like good historic sites and stuff. There's some good walking tos you can do some fun things to see Historic sites. This is from the sixties All right, stop Just stop Just stop so full of yourself I don't have to be here. Like I can boom so happy you are. We're so happy. you are. That may not coming through, but we're very happy that you're here. I believe that you're happy I'm here, Alie. I am getting the usual amount of engagement from. Oh I'm very happy you're here I couldn't have made that joke otherwise Sorry we're being told sorry this heailed already. Oh Sorry, this just didn't we have to start the show. We can't We can't dillily doy anymore There No dillily dying Okay, Hello and welcome back to Random but Memorable. I'm Matt, and I'm here today with Rue and Alie. It has been An absolute age I feel like our calendars only get more busy, so We have lots of hosts now and we rarely get to see each other It's nice to see you, Matt. I don't think I've seen you since the beginning. when I joined the podcast team I had to blow the dust off the microphone, like literally like Dust stuff. So it was ant inhaling dust Look at that. We should also take a moment to to shout out MVP Sarah 's been on every episode so far this season That's pretty incredible. I actually was thinking about that that I think her and I Yeah, every single main show. we've played a lot of games together too on the podcast where she has won a lot of them, I think. So where to go, Sarah I love that. This is also our last episode of the current season. And for those keeping count, it's also our hundred and sevventieth episode. Can you believe that You and I started this just the two of us just being like, shouldould we just like record ourselves talking Uh, and then that first episode was binned and then And the second one was okay. Yeah, it's weird that we're this thing is still going that we are we are still here. That's amazing one hundred and seventy episodes and I feel like I started it probably a decade into being at One Passw Yes, same Okay Oh my goodness So after this episode, we will be taking a short break while we plan the next season. We're also cooking up some bonus episodes. so keep an eye on our podcast feed and our YouTube channel. But anyway, let's focus on the fully loaded episode that we have for you today. We're going be talking about one of my favorite things All things vibe coding. which I hate that term So every time I say that, I think I'm going to apologize. I prefer agentic development. No Can I j? Yeah, yeah. eentic engineering Aic development? Yeah. Okay. Okay. Oh there it was fifty fifty there. Allie was a no, Rue was a yes I don't do much with vibes, if I'm honest, so I feel like a a gentic development I'm happier with. But like vibe coding. First Ru is going to walk through what vibe coding actually means in Crush courseourse, why it's suddenly everywhere and how people are using AI tools to kind of build apps, websites, games and workflows. My two senses on him Uh, you know pushing his own app during that time. It's going to beome one big advertising space then in Watchtower Weekly, we'll look at the security side of that trend because research has shown A lot of people are leaking sensitive stuff through their vibe coded apps And then after that, Wade will be sitting down with Jeff Munik, onene passwords VP of Engineering for Dveloper and AI for a conversation about coding securely with AI, best practices for developers and how one password is thinking about the future of AI assisted software development And of course, we'll end with one final round of identity theft. So lots to get into today at Rue, did you want to kick off the vibe coding talk with Yados Yeah, let's do Crash course. Let's let's get in here. So I think it's helpful for us to start off with a definition of what vibe coating actually is before we unpack it a little bit more in Watchtower Weekly. And I know that Jeff is going to go into it greater detail in his interview later on. At this point, you've probably heard the term vibe coating. It's been out in the air for a while now It was named Wd of the Year by the Collins Dictionary in twenty twenty five It's the process of leveraging an AI assistant to write software based on natural language prompts. and piece of it that is the vibe comes from the fact that like You get to communicate in whatever way is most comfortable to you. You can talk to the to the chat bot, you can talk to the large language model in sort of like your natural language and it will then turn that into software code that a computer can compile and run and understand So let's say that you want to build a new personal website. With vibe coding, you can describe that ideal website to an AI powered tool and it'll then generate that code for you. And afterwards, you can edit the code if you need to, or you can go back and tell it, Hey, I want to change this. I want this to look different. Tool decides what code to write by drawing on open source code bases that were used to train its large language model. And then behind the scenes LLM matches your prompt request to the code that it's been trained on and then uses that to generate new code for your project. You'll typically do all of this in an app like Codex or Clawed code. These provide built in AI functionality Before we get deeper into this, I know I've been vibe coding my own projects. If any of you have ever wanted to have an app that shows you Fahrenheit and Celsius at the same time. This great app that's on the app store now called forortty Below. You should go check it out. fantastic. I don't know that Anne is going allow that to stay in, but we're going to do it anyway Um, That's been something I worked on for a little bit between like December and March April time frrame What about you? Have you either of you built anything and have you shipped anything You know, I think I'm realizing why I stuck my nose up on agentic engineering. I think between the three of us, I'm probably in my day to day work, the least technical. So while I represent and communicate technical concepts into plain language. So when you say agentic engineering, it feels too technical or off putting for product marketing manager who has vibe coded. And I relate more with that because as you said, Bru, just being able to prompt and plug stuff in is very accessible and easy for me There's been a couple yeah, a couple of vve quoded projects that I've done at work for our sales team, which has been fun. So return on investment calculators U And yeah, using tools where I can literally just use whisper flow build a whole app is pretty incredible I think we probably have the three levels of like being being technical here. Like I'm somewhere in the middle Because I have built an app and put it the on the store, which I ridiculously proud of. It's not that great. It doesn't do that much But like My goodness, when you hit buttons, does it have a flamboyant animation And I've also U you know, and we were speaking about like being here a long time in my entire time here. I have now put up three PRs. One of them was a very long time ago and then two of them recently. and like That's down to you know, kind of an aentic development as well U I think there is like a scale in a spectrum from kind of like vibe coding on one side and like not looking at the output or understanding it and then On the other end kind of like, basasically like infrastructure stuff and things that you wouldn't kind of allow an LLM to touch. And then like kind of somewhere in the middle is agentic development, maybe But like I think I never would have been able to contribute some of the you know small front end design changes and that type of thing that I've been able to push to the kind of one password project without these tools So I think it's given it's certainly given the the design profession, a massive shake upp Absolutely. And and I think it's certainly given us a bit of a superpower, but you have to kind of like change your thinking of what it all is in order to kind of take a hold of it. Yeah Ally, have you in the stuff that you have built, have you found a way to leverage your expertise, the things that you know and you know really well to then create tools around that. Is that something that you've been able to like connect those dots through the use of of an LOM You know what? I'm sure every job function in some capacity has been shaken up by this. but I think product marketing certainly is being transformed by the AI movement, but in a really positive way, I think, right off accelerating our ability to get stuff out out in the world and connect the dots maybe a little bit quicker. Yeah I do agree, by the way, that there is like a difference between vibe coding and agentic engineering. like something I think that Agentic engineering is what you are going to find more classically trained software developers doing. Like that's the type of thing. whereas When you get folks who have not had the same sort of technical exposure to the of software development, that to me is vibegoating. . And then there's there's, you know, levels in between Vibe coding was a term that was invented by Andre Carpathi, and who's an AI researcher who worked at openpen AI. There's the folks that make Chat GPT, Just joined Anthropic, the people who make Claud. In a social media post, Carpathi described it as the moment you fully give into the vibes, embrace exponentials, and forget that the code even exists Is that sort of been like your experience coming in as someone who draws pretty rectangles and wanted to turn them into clickable pretty rectangles Now I know why Matt hates vibe coding I've never been drawn into vibes in my entire life Yeah I mean, generally that was my experience. the ability to go from this is a This is a static mock up of intent uh, and and like we want to build something like this and kind of like working out the details and really like A really good design was still a plan And and like There wasn't anything that you could kind of do from that to the peace where we are today where like you can kind of give it a design system, some good hints and then kind of like You know, nudge it from from there. Gally, It has opened up reasonable software a lot more. The other end of software has become a lot more attractive I can I can vibe code all I like. Man, if someone who's done it who has like really good taste, really good understanding of the problem I will download that in a heartbeat over buildilding it myself And that is I think the thing that has changed in last few months. I really thought that kind of like independent software was going to really struggle And actually I'm looking for it more than more So ye. ye, I think Sound describes it perfect So like there's there's still expertise that you need to you need to bring into this and and I think that This is very much a still a garbage in garbage out system. It maybe like makes it pututs a little bit more of a filter on it, but The level of instruction that you can give to this thing and the details you can provide it and the context that you can load it up with All of those things drive the outcome in a way that you can't just be like, buildu me an app that does this and and it's just going to like nail it and you be like great, that's on the store now. L for the app I was building, I had a version of it in like less than an hour, right? I literally was like, hey, go build this thing that does that shows Fahrenheit and Celsi at the same time It was like, hereere you go, your grap is done And then it took me like four months to get its store ready to get it to the point where I actually wanted other people to see it. Um, And so like there's a lot of countountless prompts that went into that. And even if like you don't look at the underlying code and you're only looking at the output, you still have to understand how to bring this vision that you have to life That's the critical thinking piece though, right? So there are many people that would have stopped at your first stage. And that I think is one of the interestnting things I'm seeing is AI is making everyone's idea seem great and easy. and the iteration that I think Ru, you probably go through because of your background in knowing what good looks like, what customer facing looks like. If you don't have that, AI makes it really easy for you to prompt it with your idea and for AI to say, phenomenal idea, I love it and here's the version of it, right? So that critical thinking piece, I think is the human part that's so important that changes from garbage and garbage out to iteration and refine. Yeah. Yeah. It's Homer Simpsons's car That's what AI creates. And you kind of have to like iterate on it from there I could put more cup holders in this app that I You're right You're right. That's a takeaway, right? that we should figure out ways to put more into everything that we're building A'bsolutely So Okay, so we've had this massive explosion. More people are shipping software these days, more people are building things even if they're not shipping it externally And it's a lot of fun. Like there there's a that's a whole separate conversation we can have just around like the dopamine hits that you get from from building in this way. Um There wass also like a lot of risk involved. L deevelopers, security professionals, they've warned about the dangers. We have warned about the dangers and limitations of vibe coding, you don't have to have technical knowledge, the experience, the skills to review the final code. And so it's really easy for things like security vulnerabilities to slip through the cracks or for secrets to be exposed through like through the tools, either to the tools or because the tools have just built something in a certain way it's really easy to make mistakes that can be pretty pretty catastrophic. So it doesn't mean that you shouldn't take advantage of these tools by any means, but There are ways that you can use them safely and intentionally and then use your prompts and review the final code or ask a developer you trust to review on your behalf This is something that we. as all of this was ramping up and exploding We thought about this immediately. of course, it's the first thing that we reached for, which is like, how can we help solve this problem? Secrets are being leaked down to the world we're starting to see more of this, more people are contributing. Allie as you've been getting more involved with the deeveloper tools side of the house Can you talk a little bit about some of the stuff we've been building and what folks should expect to see from us here Yeah. I mean, I think similar to what we have just talked about, the reality is like AI is making software creation so much more accessible to a wider group of people, right? Matt, you've just said it's transforming those designers from hereere's my idea to let me fully execute it. And Ru, as you said, it's super exciting. But I think the critical thing is if you are building something useful or impactful, you're probably connecting apps or services or API keys one tool to another tool. And they all need credentials. And as you said, Rue, that's what's happening, right is the sprawl of these machine secrets And you know, I think one of the risky parts of AI tools is that if you're prompting and you're kind of working in a silo and for the folks like me maybe who aren't super familiar with how important it is to store those secrets and those API keys somewhere safely, AI will probably just tell you to store it in an environment file or paste it in a config file or just store it on your local machine, which I think works in the moment, but as you're kind of alluding to, like this is what starts to create that hidden risk. So yeah, I mean at One passassword, we're doing what we always do, which is making the secure way, the easy way. And our developer tools rwin Matt, you know, this isn't anything net new. We've had these for several years now. But I think just kind of doubling down on how we're surfacing these up to folks so that they know that You know, we're really trying to help builders. So even if you're not a developer, but how can we help you keep your secrets in one password and then use them directly in the tools and workflows where you're already working, right? So A couple of things that we've done recently is we've updated all our developer support documentation. So this is a big one for folks. We've got quick startart guides. So if you are someone like me to is maybe just playing around with a vibe coding tool and you're not a deep software engineer, we've got some accessible documentation, which I think will really help folks kind of understand if I'm building with AI How can I do it safely? And what is the best option for me to store these secrets And I think one of the things that we do is point folks to one password environments. So this is where it makes really easy to manage your environment variables that your app will probably need without leaving those secrets stored on your device. And then the other thing just to shout out is because it's becoming more accessible, I think the case for leveraging one passassword deeveloper tools is bigger. So Folks are going to start to see developer in the sidebar of their One passassword desktop app. And I would encourage you if you're building with AI to check out what we have to offer because I think certainly, if you're already using One passassword, it makes sense for you to store these machine secrets alongside the human password and logins that you already have Very exciting and I can't emphasize enough how much this is us taking something that already existed and being like, oh, like this applies perfectly to this new this new world that that's out there. And yeah, this is all included. Like this is no there's no add on. there's no by the developer tools. This is something that y'all before my time at One passassword saw the importance of and it's in the app, right? So I feel like you're right. That's important to mention one hundred percent Matt I think thiss probably a pretty good segue into Watchtower Weekly, where we're going to talk about some of our stuff that's in the news around some of this stuff. Do you you want to kick it off? Yeah, absolutely So WatchTower Weekly is our segment where we unpack the latest news in cybersecurity and privacy. This week, we're keeping on the topic of vibe coding. and specifically a recent wired story that really caught our attention. Researchers looked at thousands of AI built apps been published on the open web and found that more than five thousand had little to no meaningful security or authentication Around forty percent of those reportedly exposed sensitive data, things like medical information, financial data presentations, strategy documents and customer chat logs And I think that's a useful way into the conversation because this is one of those topics where it is very easy to either overly get excited or overly alarmed And that's the thing. the promise of vibe coding is genuinely, it is really exciting peopleople describe the app or the workflow that they want in plain English and have AI help build it This opens up software creation to a much wider group as we've been've been we've been talking. But like markarketers, operators, founders, students, all of them One article I read actually cited that roughly sixty three percent of vibecoding users are now non developers. So the question is, you know, isn't is this happening? Be it clearly is. The question is like what happens when it becomes really easy to build and publish software the security checks aren't moving at the same speed What do you both think about this? Like have you seen examples of where vibe coding genuinely feels useful, especially for prototypes or internal tools And where do you think the risk element starts to kind of creep in The risk Really is one of culture If a company has built a culture around secure coding practices and security in general as we have. and I realize I bring an enormous bias to this conversation because we're like, oh, like we this is how we operate. L we just know this stuff. This is like in our it's so in our DNA and in our in our in the in the culture and the zeitgeist of everything at one password Um, if you are a company that already operates in that way you're going to be in a much better position overall. I think that it's where where companies don't have a security first posture or don't have sort of like baseline rules of what's acceptable and what's not, that they can just get themselves in trouble very, very quickly without even realizing it. There's nothing malicious here. L it is just It's happening because there's there's no checks or balances or no even no knowledge that it shouldn't be happening this way. and I think it's going to we're going to find a real rash of like exposures in the next couple of years as people like, oh, dang like that shouldn't That's that was wrong. Oops, we made a big mistake here I think too Ru, you know, yes, culturally broadly at a company that like one password to security first, but I also think of it as Like the culture and expertise of engineering, right? So software engineers understand that you go through usually, there's a development process, right? that includes Q and A and review and where you're storing your environment files and is this for a development and test environment or is this for the production environonment? Am I using the right API keys for that is very much a part of how you work and how your teams work and how they've learned to do their job. But someone like me is coming in and I'm just prompting and relying heavily on AI to tell me one, what is an API key? to, okay, I guess I'll just put this on my desktop. It's you know, AI tools and these vib codated tools are not trained to be security first. And I think that's when these vulnerabilities start to happen. And I think that's the risk is that It's awesome that people are vibe coding and it's wonderful that more and more people have a chance to be builders and to do potentially really impactful work by solving these problems. But without that kind of fundamental knowledge of what the process looks like or what that kind of ideal state looks like that you all have worked hard to cultivate because yeah, it needs to be secure. I think that's risky, you know, I think the other thing is the shadow IT angle. So if somebody like myself in a non technical team is building a useful app that's solving a real problem probably going to think of it as software that needs review or access controls or monitoring, right? Hey, look at this cool thing I built and shipped on to the next But I think you would argue like that's that's maybe not the best path forward, right? So how do you think security teams should be approaching this without of course saying, no, you can't do it because I think we're past that. The train is outside of the station I think the thing that kind of stood out to me in this wide story wasn't the fact that these apps had bugs or the fact that like Bu said, know it was not malicious Like it was people working on normal things in normal environments A lot of these projects were clearly kind of meant to be used internally at work like dashboards, customer logs, business planning documents, records,, admin style tools But they ended up publicly reachable And I think that public versus private distinction is huge And it's one that like requires infrastructure and people to think about how you publish these things and There's a real nuance in those types of things that that hat like needs a whole team to to try and deliver And u you know, the difference can be Let me let me spin this up. This is a helpful internal tool and This is exposed to anybody who finds the URL And this isn't just an isolated case. There was another study that looked at more than five thousand six hundred publicly available vibe quoted apps and said that it found more than two thousand vulnerabilities, over four hundred exposed secrets, like API keys that we were talking about in tokens, and one hundred seventy five cases of exposed personally identifiable information So again, I think the message here is not that every vibe coded app is dangerous. But what we're seeing is that this is becoming a real category of risk, especially when apps are created quickly and outside of that normal development process, that engineering teams have been I was going to say brought up, but kind of conditioned and trained to do All of this and we haven't even really mentioned the code itself yet because there is a code quality angle here. One report compomparing AI assisted and human written pull requests found that AI authored requests contained about one point seven x more issues overall, with security issues reported up to two point seven four times higher, which feels like an important stat, but I don't think the takeaway should be that AI writes bad code because Humans also write bad code. I think that AI can amplify the same kinds of mistakes and it can do it at just greater speed and scale. And I think that that's That to me is the bigger thing here is that when you are moving ten times as fast. you need to also have the systematic protections to be able to move that much faster The code is not the thing. It is it is everything around the code. like does your continontuous integration system support it. Do your security team have good review protocols in place to support this volume and things like that? So there's so much more beyond just the code. Yeah, that's a really good point I think there was also a phishing element in the wired piece that we've been talking about where researchers found that AI built phishing web pages impersonating major companies were starting to become really apparent. And I think what we're seeing is that this AI powered phishing is really concrete. It's not just these better written scam emails now it can be convincing forms, fake login pages or full looking sites that are quick to create and easy to publish So again, the theme is speed and scale here, and these tools can help well intended people to build faster but they can also help attackers move faster or help regular employees make security mistakes faster And I know we already he AI fishing quite a lot, but this makes it feel a bit more tangible, not just in emails, but with these full pages and forms that are being spun up really, really quickly that look very legitimate. This might actually be a good place to talk about kind of practical steps what would we want a team to do before coded apps became a common thing across the business. I think that a lot of the rules or a lot of the guidance here is very simil much to the guidance that we would we would share in general, which is Understanding your risk profile, right? Like what is it you're building? What is what are the risks that exist around it? And then once you understand that risk profile understanding the types of protections that you want to put in place to protect against those risks. So It might not be might not be just as simple as like, oh, hire a security team that's going to do an audit of your code or make sure that you outsource to do these these audits or something like that. But like The advice is generic because everyone's everyone's one' set up and needs are unique here. So I think that it really is Understand risk. Understand what you can't have go wrong based on that risk. and then from there figure out what protections you can reasonably set up to mitigate that risk I think one of the things that really helps. if you're not in a company that is kind of set up to have someone else provide this kind of infrastructure and these kind of policy is, taking another agent, informing that it's your new security team and getting it to provide kind of the what we would historically call like the red team blue team. like Get it to kind of assess your app and see where the weaknesses are I think that's a great kind of start to finding some of these things And I don't think the takeaway from this is don't vibe code. I think the takeaway is like don't let vibe coding tools become invisible and like don't take them for kind of granted. these things are generating software The more useful that they they get, the more people are going to use them. and honestly, like that can be a good thing. But organizations also need to treat AI built apps and workflows as real software with access to real data And that means visibility, sensible guardrails you know, reviews where they matter and proper controls around credentials and secrets and because the risk just the AI might write imperfect code I think the bigger risk is that imperfect code sensitive data and exposed credentials all end up on the kind of the public internet before Anybody really realizes the app exists This feels like a good time to bring in our guest And to keep us on the vibe coding theme we've brought in Jeff Melnik Wade couldn't join us on the main call today, but he did recently sit down with Jeff to talk about how vibe coding is changing the developer landscape. They dive in everything from securely coding with AI to recommending tools and industry best practices. And with all that being said, think we can probably just Drop it in here Today on Random Memorable, we're joined by Jeff Malnik, One passasswords VP of Engineering for Developer and AI Jeff has extensive experience scaling security products At onene password, he plays a key role in binding deev tools that help developers work more efficiently and securely, whether they're coding by hand or with AI. Previously, as VP of Egineering at HashiCorp, Jeff helped grow and launch vault, boundary, and radar All focus on safely sharing and managing sensive data. If there's one person we can trust on coding with AI while maintaining online security, it's Jeff. Jeff, thanks for coming and showing up. Hopefully you're having a good day so far. Hey Swade, really glad to be here So Jeff, for the listeners who aren't familiar with the term, What exactly is vibe coding So by coding is the process of asking a large language model to write the software for you. And it's a completely automated process. You don't have to know how to write software. You don't have to understand actually much of anything other than how to use a chat interface. and you can pretty much build any software to your heart's content Okay, so it's similar to writing code. We'll say like in curursor and just like having AI do everything for you, right? Everything that falls under the same umbrella Okay, cool I do honestly, I do a lot of vibe coding. It's definitely fun. You learn a lot of key terms that you didn't know beforehand, especially with coding, to get it to do the proper things, right? Yeah. But generating code through written prompts seems like usually it would remove like technical barriers or any other software barriers that usually people have. So who's out there actually vibecoding best suited for? Is it just like non technical folks that are trying to build software or developers? What do you think allows people to be most proactive? You know, honestly, I don't think that there's really a boundary between who vibecoding is and isn't for I think that Vibe coding know democratizes the process of writing code and allows people to bring things to life that they wouldn't otherwise be able to givei in a period of time. you know, for a seasoned software engineer, I think vibe coding is great for doing quick POCs or just an example of something. Case in point. I had an engineer on the team just the other week We were working with an open source project and we wanted to showcase an integration with them And it was great just playing cursor at their open source monor repo and we were able to, you know, in a matter of twenty minutes, get something pretty much put together You know, we didn't review it. We didn't really, you know, we just like saw the end result of what was built That was a vibe coding session in my opinion in a real world situation where you're actually writing production grade software, you definitely want to put that through a process with the team and have it reviewed and all that good stuff. but you know, for something quick and dirty for software engineer like you know, seasoned professionals, I think find it very, very useful for that sort of thing. You know, then on the other side of the non technical spectrum, you've got know people who are doing revenue operations or are maybe HR professionals And they need to put together some way to maybe bring multiple sources of information together in a single database And they needed a way to interact with that data And typically, you know, you'd rely on some kind of internal tools team or an internal applications team to go and support tying multiple systems together, whether it's salesfce and a number of other tools or whatever it might be You don't need to do that anymore. You can do that on your own now. So that you know HR professional, that revenue operations person They all are empowered now to go and build these things. And I think that that's why you see such a push in the industry right now to get people to adopt these tools and start using them. That awareness that you are now empowered to go and build these things is just starting to hit the workforce. And over time, I think it's just going to be you know, similar to how Other tools get adopted within the industry, right? I'm really interested to see when it makes that adoption into the public and the personal life, right? Like what they start doing with it once they realize how I feel like there's a lot of people out there using it, but when it becomes like the internet for people when I feel like it's going to get real crazy. Yeah I mean, you can ask Siri through car playay now to do Chat GPT lookups, you know. And I've definitely been cruising down the highway and, you know, asked Siri to As Ch GPT about this thing that I'm seeing as I'm driving down the highway, you know, like tell me a little bit more about that and It's not like a multi page essay that it's going to write, but definitely get you a detailed answer and it's basically right inside the car there. It's pretty nice. I'm going to have to try that. That's pretty great What do you think the main benefit of vbe coding is over, say old the old fashioned way, right? for hobbyist projects or for professional dev teams? Yeah. so I think for For the experienced technical crowd, it's the ability to quickly POC Um, It's also the ability to quickly stub out something. you know, I think there's a lot of I certainly spent a lot of my career, you know trying to get the structure of a project in place U just that scaffolding takes quite a bit of time There's a lot of copy paste, maybe from previous projects and stuff On top of that, there's also the you know, unit testing is a really great example of something that is very, very easy for you to go and review ickly And it's very easy for AI to go and write. And I used to spend quite a bit of time you hand writing a lot of unit tests. Different types of test infrastructure, like more complex integration tests, for example, you still want to be like very close to that and making sure that you're hitting all the edge cases What's useful with AI in that circumstance, though, is adding edge cases, right? Like you as a human, you're going to think of maybe a half dozen different edge cases do you want to get in there the first time around. you pump that through AI and you can ask it, hey, like, do you have any other recommendations here? What do you think of this approach? And You can use it to rubber duck. You know, we leaned heavily into pair coding before for those sorts of circumstances and review cycles, which have long fe feedback loops compared to Just having AI at the know tips of your fingers and being able to access that right away So I think that there's there's value there You know, I think what it doesn't replace is that it doesn't replace original thinking. I think that, you know, there's still very much a place for humans to practice good judgment and original thought there. and bring those ideas to life and maybe add a little extra spice to the you know, to what they're building. Yeah, the creativity. I've in a couple of my projects, I have to go out and do research on other stuff that I'm trying to build and then they give me ideas on like how to manipulate those ideas and go through. but It's fun times. It's so easy. What are some of the biggest security concerns you see as AI insisted coding becomes the norm in software development? I think the biggest concern for me, I've spent my entire career building systems to secure software development, right? At Hashi Corp when we built Vault, that was purely a system of machine to machine enchling capabilities that just didn't exist in the industry beforehand And you know, what it brought to life was the ability for developers to remove static secrets from the software that they were writing securely store that in involved And at the same time, you know, we we are able to dramatically reduce the number of you know instances or occurrences of plain text secrets ending up in a GitHub repo or some other place where it's should't exist Today, that whole process has been heavily commoditized, right? But at the same time, it's you still hear stories of clear tch credentials ending up in these different places What's interesting with AI is that, you know, where Vault and some of these other previous tools, we're really focused on the GitHub repo and these other public places where the software might reside And because of that, you don't want to have a clear text credential residing there I think what we've always sort of assumed is that the laptop Yeah, it's, you know, you put MDM on it to make sure that you're not going to get some, you know, some some bad malware installed on your machine But by and large, like it's a safe place to store a clear text credential, right? You see an environments configuration You'll see in AWS configuration. you'll see any number of private SSH keys, etcetera. They're all in the clear written to disk, right there on your laptop And suddenly, we basically allowed people to install the COI you know, AI tours. U whether it's, you know, clawed code or open claw or anything. And they have access to that file system. and all of a sudden you know your local laptops hard drive is basically public knowledge as far as that you know, AI bought is concerned that's helping you write code or, you know, automate a a workflow So I think that a lot of people don't necessarily recognize that. They just installed these tools on their machines assuming the you know, tried and true security principles that we've had in place all along and That doesn't stand up anymore, right? That model of your laptop being a safe place is just not valid in the era of AI when we have these chatbots running locally And so I think that that's where we run into the most friction. You see a lot of times cursor or other tools g access to clear text environment files and other things. those things end up in an LLM context. and You know, that's just not the right place for those credentials to end up at all. That downloads folder is like one of the first things that I think a lot of people give u, you know, local bots access to basically, you know, downownloads documents. you know, those primary MacOS, you know, those default folders It gets a snapshot of your file system, it sees where everything is, can read all those things, and you've basically given it the keys to your kingdom One of my colleagues described it as just walking out on the street and handing a perfect stranger or your laptop As a security professional it's just so scary. having to deal with that, right? And then the like modern day security too, while we're investigating that Hopefully the tool that the AI has logged into recognizes that it is an agent in some way, but sometimes it doesn't, right? And then it's hard to differentiate between the user and the AI. Um That' that's always the concern for me at least when hunting through these things. Yeah What are some of the potential red flags our listeners can look out for That AFAI tools are doing something potentially risky, like reading my Downloads folder. I mean, you'll get a notification, right? Like a lot of these tools like Csor, like Cloud Code, they all have guardrails in place that alert you to, you know that it's trying to get access to a different directory than it doesn't have access to now There are settings in all of those tools to just completely turn that off and give it complete access to your file system Outside of those guardrails that come within the products themselves,, you know tool is like one password for shameless plug here are really, really valuable because, you know, we have things like our environments feature in one password allows you to replace a clear text Environments file that's written to disk. with what is essentially a FIFO pipe. So it looks like a file for you know, all anything traversing the file system cares is that it sees this file descriptor there. happens to be a FIO pipe instead of an actual file that you wouldd be opening up And when it opens it, when password intermediates that FIFO pipe And does per process prompting for access, right So once it's storeding one password, if another process tries to open it, one password tells you the exact process that's trying to open it And you have to give it a biometric to approve gain access to that file And then it's only, you know, that It only lasts for the lifetime of your session with your with one password being open So there is a TTL attached to that. It is per process It's about as least privileg as we can get right now for, I think that type of local workflow. we're in the process of building out a lot of different capabilities for hard coded policies that we can put in place around those environment configurations. You can say this agent and this human with these agents can get access to this thing for this amount of time. there's a lot of work that we're doing there to simplify and create a higher security bar for those local workflows Besides one password, what do you think the most important thing a beginner should do when they start vibe coding? Don't turn off the guardrails in the in the tool you're using, right? You don't want to go into Yolo mode right outs. Eespecially if you're a non technical user, it's super convenient. and look, I get it. prrompting. Every time AI needs to do something is annoying. on Claude has a great feature called Dispatch. It will work in the background and notify you on the phone if it needs, you know, if it needs to do something additional I think that you're going to see more and more capabilities like that to bring the human back into the loop. Maybe it's reauthentication, maybe it's reauthorization, maybe it's both to another system that it discovered it needs access to Either way, I think, human in the loop is you shouldn't remove yourself from the loop. inststead, push these companies, push one password, push claud, push open AI to go out and build the necessary guardrails that bring the humans back into the loop when they need to in a way that's not disruptive to the productivity gains that we want to achieve with these tools. I think one of the bigger things that I've been more worried about too is me being a security professional, I have an elevated level of access to a lot of tools, right? Yeah. So then if I'm authing with Outh, I have to be very careful because now If Cloud uses that or open AI, they have elevated access Recently, we've been on the kick of making read only keys. and making sure that it can access that and that only going through one password, of course. but Some fun things. SSHQs are another thing that one password can secure. Yeah.. Ands you know that's also super valuable. It's very similar workflows to the environments U So the phrase vibe coding, like we talked about earlier was coin last year, but how do you think AI assisted tooling has changed over time since then? Is it still just vibbeing? or are like even deeper now I think it's becoming way more productive than it was previously I think general productivity capabilities are better. When I say general productivity, I'm talking about you know, slideware, right? Just like I think the original slides that You know, we were building with AI last year were just terrible. Well, I wouldn't even say last year, I would say my workflow four months ago. uh building out slides with AI was, you know My chat session in one window in the split pane with Google Slides open in the next and You know, I'd feed it back into chat and I would ask it about like what it thinks and you know, give me some examples of this and that. like just kind of like rubber ducking with it a little bit to like really tune the message that I wanted to get across in each individual slide. making sure the general flow made sense Now I'm seeing it generate the graphics and the slide simplicity and everything else, the style you know, that I want For lack of a better description, the taste has gotten a lot better in terms of what it generates. And so that's really nice to see. I think that that's valuable goes way beyond, you know, just writing code I think the applications that it is writing is I'm getting a lot more out of it with fewer tokens Let's say that much. you know, like I can generate you know, I remember generating thirty thousand lines of code in an afternoon Um and not really feeling like I made a ton of progress on on stuff, you know, there's a lot of churn that went into it And now I am achieving a lot more in one shot scenarios So in like terms of code quality, then, you're really seeing AI do way better in both efficiency as well as just like overall code than say handwriting code now. Absolutely. Yeah. Yeah. I mean, I don't think I'll ever handwrite software ever again And I'm okay with that. With the increase of speed of coding then, there must be a lot more code for developers to review before deploying it. Is code review still important or can we trust the output of vibe coding sessions? Oh man, this is controversial. Yeah ye, this is what. There's a lot of schools of thought on this. I'll give you my personal school of thought on it I think there's a spectrum of risk that we take and sufficiently talented software engineer is going to know how to assess that risk in the best way possible. I think for seventy, seventy five percent of the code that we generate probably doesn't need to have a human review it. And in fact, you wouldn't want to, right? Like case in point, you're able to generate tens of thousands of lines of code a day, right? Back in the day, like a good day for me writing code was you know, one, maybe two thousand lines of code a day. Right? Like when I was hand writing it And that was like tested, you know, like I'm getting the PRA and I feel pretty good about this And you never wanted to submit a you know, a PR that was more than two hundred lines, right? Yeah. And that kind of tells you what the human context window is two hundred lines, right? Go divide thirty thousand lines of code that you generated today by two hundred lines And how many people hours that's going to take in review cycle is to, you have it reviewed it's not going to be productive for us to do that. So I think for the strong, strong majority of cases We want AI to be the reviewer and we need to make it so that that AI review actually pose the human in for, you know, really sensitive topics if it finds something, right and then for like the tencent, twenty percent of code that needs to have a real human review. We need to be intentional about how we pull those humans in and how the time is used You know, I think that a lot of people There's definitely a camp out there that believes the software engineering is going to die and AI is going to take everybody's software jobs I don't believe that. I actually think it's creating a world where really good software engineers are more valuable than ever becausecause those are the folks that are going to be able to say, This is what's important for me to review This is important for AI to review. This is the stuff I'm going to spend my time on. and the time that a human gets pulled into the loop there is actually going to be someome of the most valuable time that that engineer spends in their career in software, right? Like that is That is actually increasing the value of those software engineers because there are the minority of use cases where the risk is so high that we can't rely on an automated workflow to go and just be okay with it. We're going to pull a human in the loop and have them do that That to me says that that human is more valuable than ever because they are responsible for reviewing the most valuable and risky parts of the code base I floated the idea of doing a prompt injection to everyone's cursor, adding to the end of any prompt, makeake sure the code is secure So I don't have to worry about it. But yeah, Dan, it's it's great. I couldn't imagine Even reviewing two hundred lines of code for me, like I don't want to do that ever again. I don't want to look at code. like that's a lot L many productive hacks, it seems like vbe coding can be a useful tool or potential risk. What are some of the best practices developers can follow to balance speed versus security, you think You know, I mentioned this before Don't yellow with AI First and foremost, it doesn't matter what tool you're using, just don't yellowllow with AI. Be intentional about what you're building If you're a non technical person, you're picking up these tools, that's awesome. Keep digging in but also work on educating yourself. It's a different world. You don't need to be a, principal software engineer with thirty years in the industry to to understand the basics of security Um, you know, check out the OA top ten. Um you know, understand what the lethal trifecta is, understand how to, you know, how to mitigate that in the stuff that you're building Your security team will thank you for it. We. These are really basics. It's going to take you about ten minutes to read through these things and kind of understand the workflows and going into it with that more educated mindset is you know, give you leverage in terms of what you can do with AI in the future For developers moving from an AI assisted IDE to more of the CLI tools, will say like Cloudcode or Codex. What should they be most aware of or concerned in terms of level of access they're providing or the device itself? Yeah, don't give any of these tools full access to your file system if you can avoid it greatest extent possible if you need to operate on sensitive data or anything that might be confidential or sensitive uh, you know, leverage a sandbox environment if you can Your laptop's a great environment to be on, but your laptop also has browsers that are logged into various, you know, third party tools and for your company. It also contains a file system that just has troves, like I dare anybody to go through their filewile system today and Tell me about every single piece of confidential information, all their dot directories, downlads folders. These things are stored all over the place on your machine. It's just unavoidable So You know, to the greatest extent possible these tools at sandbox environments where you can run securely you know, especially if you need to give it access to a file system you just don't want to be sitting there having to it willll save you time too, right? Like it's you're going to get notification fatigue if it's trying to access a file system on your laptop and it's like, hey, downloads directory doocuments directory MNT, like, what are the places that I need to get to to do something It's a lot easier for you to say, you know, it's in a sandbox, and just give get access to everything here And I'm feeling pretty safe about that, right? A lot of the sandbox tools out there today, whether it's Vercell Sandboxes or Daytona, a lot of these tools have some really great built in security capabilities We're really proud to be partnering with a lot of those companies so we can bring one password into those environments in a very secure way. You know, imagine a world where you can just provide an opP colen slash slash URI to the vault item that you need to get access to. There's no clear text credentials on the file system at all in your in complete control And so I think that that's Those are really important. If you don't have access to a sandbox though, just tread lightly Don't have don't give it full file system access. Yeah. D't donon't allow it to access that for the whole coding duration, right? Like I always do the one time access each time And when it's very tempting to say, yeah, you can access that for the rest of the session. but A little scary spepeaking of one password CLI a lot, we recently announced a hook in the cursor, which is an AI assisted IDE. We've been talking about the benefits of how that works at least in a bunch of other stuff. Is there anything in particular that you think it would benefit more within curursor than our normal coding sessions Yeah, so we're actually partnering with Cursor right now to develop a set of skills for One Password. Hoping to use those skills and obviously other tools as well. We have a really great set of benchmarks that we published recently. Jason Mueller, VP of product here at One Password, put that together And it basically benchmarks a LLM's you know, ability to avoid being scammed And so I think that there's there's a lot of work that we're doing there. some of the some of those benchmarks and stuff were drastically improved with you know applying skills based mechanisms to increase awareness about problem statement and stuff for the LLM. And I think that that's something that we can lean into more You know, we're also doing integrations. We've got a hook for GitHub actions And you know, we've got the S code integrations and stuff. So one of the great things about one password is that One of our mottos is that we build security into the places where work gets done And today, that work is increasingly done in ID's and terminals. and You know, I'm super proud to be working for a company that's just very, very bullish on building security directly into those tools because Honestly, as a security professional, I've built many security tools throughout my career the minute The user's workflow requires them to leave the tool they're in to secure it You're done. You're not going to get the traffion you need U So I think that You know, a lot of these integrations are super, super valuable for the community, especially non technical users Um so definitely check them out. ne thing I always suggest people who are using one password and learning out how to code, I just tell them just ask whatever AI systemist in UR, how to set it up And it will help you set it up and then youll be safe, hopefully. What are some of the ways One passassword developer and AI teams manage this internally while building one passassword identity management software? So like using our own product, right and dog fooding it Yeah, I mean, I use all of our tools. so I use our SSH tools, our environments tools pretty religiously. We also have a series of shell extensions. And We've been, I know a lot of team members leverage those environments and SSH capabilities more than anything. Yeah. Yeah Having it be able to go grab those keys and then at least alert you to it The other part is due to device manager Right? ourur device manager on here I have been yelled at several times for having a key somewhere that I didn't realize it was there And it's like, you better go put this in one password and I'm like, okay, fine. orr you're going to be locked out. like it was great Yeah. ye, we've got some really great. The device Tust product is phenomenal. It's where our core AI discovery capabilities reside to. So you can do quite a bit in terms of seting up a policy that says, hey you know, I don't want to have a developer expose any clear text environment configuration. If you find a clear text environment configuration on this developer's laptop, we're going to restrict their access to cloud and into open AI. So these are company mandated tools And I think that that's a very powerful I think, one of the best things about that capability by the way, is that in one click a developer when they actually get blocked in the browser. onene click. takes you right to the know, password manager product. to a fresh environments install says, wouldould you like us to import it? You import it, You go back to the browser, you refresh, and you're done It's awesome So for anyone who wants to try vibe coding, what tools would you actually recommend first You know, I really like Coud code Um, I think that, you know, Fud in particular between Code and co workork are really amazing for non technical users, coworks that does some really sophisticated stuff. It's way easier, I think to rock and handle than than just traditional quad code in terms for those non technical users Um For experienced developers, Cloud Code is obviously like a go to for me. I also like cursor It's kind of funny I spoke a lot about how AI democratizes software engineering. it also democratizes wirefaming and a lot of other stuff that you might need other parts of your R and D organization to go work on that might not necessarily be an engineering task And so I oftentimes find myself wire framing stuff with curursor with Cloudcode I find this part of like my career with AI. it feels like when I first started in cybersecurity, there's just so many things to learn that I'm like looking all over the place, especially with Clouwd code, right? Like trying to learn memory, skills, agents, hooks and just going through. it's just It's really it's really fun time to start vibe coding. The other thing too is, you know, like as an organization, I think folks should be investing in, you know, we talked a little bit about PR reviews. There's tools out there like Code Rabbit. and I know that you know, GitHub's building stuff in now as well. that'll allows you automated code reviews I think more and more that is going to be necessary and that we need to become more comfortable with having AI be a primary reviewer for, you know, large majority of the code that we produce. and you know tools in that workflow that allows us to surface the high risk code that does need human approval With that needing approval, let's talk about like how has planning and implementing new features changed for dev teams as they AI assisted coding tools become more integrated into the workflows. You know, I talked about this a little bit earlier, but a lot of that review cycle is a big piece of it And I think that like the whole software development life cycle is sort of turned up on its head You know, traditionally you'd go through like a design phase that might last weeks or even a month, you know, like or months. depending on how big the project was And then you might protype something and get a little bit more review on that feedback you know, use that to feedb back into your design What I'm seeing now is and this is probably controversial, but I think it's pretty cool on People are skipping the design phase and just jumping into prototypes because they can because You know, I mean, tokens aren't necessarily cheap. by it U The fact that we're producing so many of them tells us that they're cheaper than time So you know, the trade off is pay for the token to get your time back. and That allows people to go and prototype something rapidly without a firm design in place, just to get a feel for a workflow or an integration or something like that. And so I see the software development life cycle. changed probablyroably for the better in that way, you know, that reducing time to value in a way that's This really healthy, I think, for us as R and D organizations and as engineering teams. I'm seeing a lot more people come into the fold with those prototypes that aren't necessarily engineers. on andgery managers, product managers all sorts of know designers are coming in It's really, really cool to see u that sort of blending of those capabilities You know, I think over time, like if you look at R and D today, it's like an engineering product design organization. Over time, I think we're going to collapse that into like a single engineer design product person, right? And I think the best The folks who are really going to excel in these areas are folks who can have a really good feel for good design, right and what it means. How to bring the customer perspective and customer voice into what they're building and blend that with the design of what they're building and bring design first principles into those projects And then a really great understanding of systems, right? I think that as software engineers, a lot of people are kind of bunned that we're becoming you know, engineers are becoming software reviewers, but I think it's actually more way more expansive than that. If you think that the future of software engineering is just reviewing code, you're taking a pretty myopic view of what's actually happening here. You're becoming a product manager, you're becoming a designer You have to yes, you have to review some code occasionally, but you should definitely understand the systems of that code and understand what it's interacting with and how to design a good system because there's a thousand ways to skin a cat and AI is going to give you one of them, and you need to be able to have an opinion about that That was good. That was a really good answer Personally, has vibe coding taught you anything valuable in the coding process or allowed you to accomplish anything you previously thought was impossible I think just a rapid iteration. of things, you know, like I work a lot with external partners. I work a lot with different communities and stuff. and a demo says thousands of words, right? And so I think the ability for me to just like sit down and do that without having to, you know interrupt a team that has a bunch of planned work and is trying to execute on milestones is really valuable for the organization I think is, you know, an engineering team, what I'm seeing is more and more of these like demos and, hey, like this is a possible path for us. Here's what possible integration looks like. I think people feel more empowered to explore. and that's that's really, really important for innovation All right. Okay, so this this next question is going to be a little bit harder. I want you to put your fortune teller hat on Where do you think the future of vibe coding and AI systemisted coded is heading? and what role does security play in it? I think security is going to play an ever increasing Rle If you're building this stuff and you don't understand where the security how to actually apply really good security controls It's more likely than not that you're going to end up shipping something that's poorly designed Security is just one of those underlying threads of whatever you're building, right? You've got like a business case to go build something. You've got the security controllers around it to make sure that You know, you're doing right by your customer and their privacy and you're doing right by your company's IP. Because we are building through a process that relies on a probability distribution, U I think a concept of risk is going to be coming into is going to be more and more present. And when I say risk, like it's already present today in every security model, a threat model that you look at, right? There's like a risk analysis there think that we're going to be able to quantify that in a way that is more potent for what it is that we're building. I think it we'll be seeing AI you know, driving a lot of those those risk models themselves Um Ideally, there'll be, you know very small, I think, focused models for just that risk analysis I was looking at the other day, open AI shipped a new, you know, privacy redaction filtering capability And they basically built a small model focused on just that redaction capability, right? technically as a classifier And I think you'll see more and more of that sort of thing kind of pop out, right? Like when we're looking at how do we use AI to do just in time policy evaluation? Well, Kind of looks like that redaction architecture that OpenAI just launched for making sure that you don't have sensitive information inside of your prompts and stuff So I think that we'll see more and more of that more targeted approach and application of AI in large language models or small language models I think that that's going to be probablybably the future of our industry too. like security is going to be more focused on how do we get a really accurate risk analysis in place here? Because we essentially have these actors that You know, Humans are the long time nondeterministic actor in the system that we've been trying to build for It's not that the protocol is to go secure a non deterministic actor in these systems doesn't exist. We've been building these for forty, fifty years, right? Like multi party systems have always had in their design the concept of a noon deterministic human actor that can't be trusted. What's different is that the machine workloads that we've secured and the protocols around those machine workloads did not have that concept of in the same at the same level, right? Like We built those workflows for humans. Approve those workflows are like the classic version of this. We got to do this in a headless way for machine workloads. And so there's a lot of different protocols and standards getting evaluated and pushed out there right now to do these sorts of things U, but the industry is kind of playing catch up in that way Definitely. I would say even like like security is still playing catch upp, right? Like we're moving so fast, but It's a lot it's a lot of fun. To wrap it up for one last question. If our listeners want to learn more about vibe coding, where is the best place to start You know, I had a shameless plug for one password I want to shamelessly plug it one last time because I'm I might be biased, but I think that what we're building is pretty cool. You know I know one password isn't traditionally known as a developer security company We've got a great set of capabilities in the space right now. I'm really excited about some of the stuff we're going to be launching later this year around Agentic security in particular know we're super focused on providing new capabilities to secure machine workloads It could be traditional workloads like a CICD workflow, or it could be an AI agent. And U yeah, I'm really proud of the stuff that we're building. and u you know, if you're struggling with securing these sorts of systems, choose a tool and learn as much as you can about that tool. I think rule of thumb Educate yourself on the security protocols that are out there, right? OFs top ten B lethal trifecta Kn those two things Then study the tool that you're gonna use you don't need to be po software engineer You just need to know the basics of what it's doing. And I think that that's going to get you a lot of leverage in terms of what you can do and stay secure while you do it Jeff, thank you very much for joining us today on the show. It's been a lot of fun. I've learned a lot even with stuff that we're working on. super enjoyed it Re really appreciate the time wade. Thank you Thank you Thank you, Wade and Jeff for that really insightful conversation. If you've been thinking about giving vbe coding a try or maybe you've already dipped your toes in the water and want to put in some security best practices, hopefully that was a really good motivation conversation for you We've run out of time for ask O passassword today, but if you have a question for us, please get in touch at podcast at onepassword. com and we'll make sure to answer them in our new season. O if we get a load, we'll do a mailbug bonus episode All questions welcome, even if it's asking Sarah how her trip to Pokemon Gofest was. All right, with that, I think it's time to wrap up this season and our one hundred and seventieth episode Ientity theft. It's ity theft. laiming a be Fire yes or no questions for security and catch T fake! No idea what the last few words there were Welcome to Ididentity Theft, our identity guessing game. This might be the last time we ever play this as we usually like to bring in a new game for each season. So So for one last time, here's a quick recap of the rules. I, the host, have stolen the identity of a well known person celebrity or fictional character Alli and Rue are going ask me yes or no questions to narrow down who I am at any point When they think they know who I am, they can buzz in now. buzz, they will either shout single factor or multif factor If they shout out single factor They can name who I am, get it correct, and learn one point. If they show out multifactor They have to name me who I am and give two correct facts about me. If they can do this, they earn two points That's the rules out of the way. So it's time to give you my clue on whose identity I've stolen today which is Changing identities was part of my art. single factor Are you Superman No. I was really hoping I was going to get that just right out the gate. Wow, I got really nervous that that was going to be that was going to be That was in for in for a penny in for a pound. Okay, I have a question. A you a cartoon character I am not Are you a fictional character I think at some point I have been in cartoons. I will just add that on top Okay wait I want you to answer Rue's question Are you a fictional character I was just going to say, can you reread the thing changing identities is part of the Changing identities was part of my art you are you somebody that creates paintings Although I think it some way they did cre painters. Star. they are not a painter Are you an actor They did act in some things But they would not be what you describe as an actor. They're not known for acting goodness. So you're not a person are you a person Yes A nonfictional person that maybe has done paintings, but is't a pain don't have to anything Would it help if I did an impression of the person? Yes, yes. Yes Hello. I thought that was pretty good Richard Atttenburgh. Oh. Dumbledore No I have no idea I star in films as well as making music, but I'm known for music Oh All right I was inlamous in the nineteen seventies. Yeah, go for it Are you David Bowie Aam. good one I'm going to say that you absolutely got that from my impression there No, I had luckily forgotten that impression. It's got ejected from my brain Oh my gosh. David Bowie was one of the most influential musicians and performers of all time Known not just for his music, but for constantly reinventing his identity Across his career, David Bowie created famous alter egos like Ziggy Stard Dust and the thin white Duke. never heard of that one. Using different personas to explore new sounds, styles and ideas, he treated identity almost like a performance art, deliberately blurring the line between the real person and the character audiences saw on stage constant reinvention made him a perfect fit For the final round of Iidentity theft Incredible. Well, that's the end of the season. If you've been sticking with us this far and tuning into every episode, thanks so much for choosing to spend your time with us. We really appreciate your support and all your questions and comments over the years we've been doing this. We'll be taking a brief break now while we plan the next season, but not before we drop a couple of special bonus episodes. And I'm sure Anna will give you all outtakes and things that have never been heard before, things that weren't supposed to make it to the air will now show up somewhere I love committing to things that Anna hasn't committed to herself So keep listening out for those soon. And don't worry because we'll be back to kick off a brand new season over the summer. Remember, if you want to show your support for the show, you can review us on your favorite podcast app or subscribe to our random but memorable YouTube channel, like comomment, smash that bell, whatever YouTube wants you to do these days. And if you're a developer Be sure to go to developer. onepassword. com sign up for our developer newsletter. We'll put the sign upp link in the show notes and the YouTube video description. think we can close out the one hundred and sevieth episode Thank you both for a fun one Thank you Be Boodbye. Thank you so much for tuning in this week. If you are enjoying the show, we'd love it if you could subscribe on Apple Podcasts, YouTube, Spotify, or wherever you listen to your podcasts. You can also leave us a rating or review. It's one of the best ways to support the random but memorable podcast, and we always love hearing your feedback We're also a community led podcast. So if you have any questions for us, topic, requests, or even guests that you want to hear from Please send us a message to podcast at onenepassword dot com or leave a comment on onenepassword. community. We read all of your comments and look forward to hearing from you We hope you join us next episode for plenty more random moments in the world of cybersecurity

This excerpt was generated by Smart Features

Listen to Random but Memorable in Podtastic

For listeners, not advertisers

All podcast names and trademarks are the property of their respective owners. Podcasts listed on Podtastic are publicly available shows distributed via RSS. Podtastic does not endorse nor is endorsed by any podcast or podcast creator listed in this directory.