Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

What CISOs Are Up Against in AI Security

Varonis
05/31/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


Yeah, thanks. But that's not what we're gonna talk about. Well, probably adjacent to. So let's start big picture. Matt, I know you meet with hundreds of CISOs each year. What are you hearing in the field? And maybe more importantly, what's top of your mind for this RSAC? I think one, first and foremost, like AI is here. A year ago when I sat at RSA or talked with clients, it was, we're thinking about adopting it. We wanna move forward with some of our AI initiatives. It's here, it's upon us. We're hearing that we're using it. Our users can do whatever they want with it. Our CEO has a mandate or our CTO has a mandate that every employee needs to use AI in some way, shape or form, or have at least 10 agents that's running on their behalf. And that we're getting material benefit from it. Whether I'm talking with a banking customer that's optimized a form intake process or a healthcare company that's using AI to take more efficient notes than the physicians can take themselves. Like we as humanity are getting the material benefits from AI. But I'm also hearing, but I'm still afraid of giving it everything. And so we find that there's this paradox of an organization on average is giving about 3% of their organizational knowledge to AI. Because they wanna adopt AI fast, they don't wanna lose. If you don't use AI, you're gonna lose. But if you use it too fast and you put your data at risk, you're gonna lose too because you're gonna get breached or you're gonna face a compliance fine. And so we're in that paradox right now between that security as an enabler of the business or as a prohibitor of the business. And I think that's what most people in the audience are probably facing. Let's talk about something that you just said, afraid of AI. Varonis earlier this year uncovered a new attack flow re-prompt that shows how an AI assistant can become a data exfiltration weapon with a single click. That's frightening. As companies are increasingly relying on AI like you just said, what guidance are you providing to your customers and to this audience? Yeah, a little bit of background on re-prompt. So first and foremost, Microsoft, where we found the issue in co-pilot, they were a great partner to work with. We do the responsible disclosure process with them. What re-prompt was is there were security guardrails that were put in place on the first prompts made between a user and a co-pilot, but not on the subsequent prompts. And so by sending a user a particularly crafted message, they were able to assume control and make prompts and requests just like a really long URL in simple terms after the user thought that the conversation was over, even if they had exited the window. And that gave you access to all of the history of the conversation between the user and the co-pilot. And so, our research team at ThreatLabs is hard at work. We used to be focused a lot on SaaS applications, zero-day vulnerabilities and ransomware groups, and now trying to do good for the world and discovering vulnerabilities in AI. And I think we're all faced with the same thing. We need to do security testing of the AI projects we have, whether it's models that we're building or agents that we're using, both on the side of our business and getting the value, the improved margin or profitability or efficiency, but also on the side of defenders. We don't want our AI agents to have too much agency and become the very thing that's used to attack us. I remember working with a customer in an incident where the agent had access to all their network topology and the attacker just used that rather than trying to access the network information. So you have to be really careful that the tools that you build don't become an encyclopedia for an attacker. Okay, so we're talking about how AI can be exploited, but there's always another side of the story. So on the flip side, how is AI improving detection and response? Yeah, I'll draw back to a very personal story with Verona. So our Threat Labs team has built this AI phishing sandbox because the phishing threats have changed as well. We see a lot of conversational AI where the hook and the roost comes a lot later than the initial phishing message. And we also see attackers registering new domains or even where the goal is to extract information and not necessarily credentials. And so we as defenders need to adapt as well. So we built this AI phishing sandbox that crawls new domains and uses AI to determine whether or not something is malicious or potentially fraudulent or even trying to extract information from your organization. It's accessing millions and millions of URLs every single hour, which is just not something that your human team could do. Imagine the old way of trying to find an email threat. A user hit report phish, a security analyst somewhere sandboxed that or put the link into VirusTotal and maybe visited it from like a secure island type of a browser. But we need that to happen a lot faster. We need it to happen at scale and we need to not trust any email anymore because you also have to think about that your agents are responding to emails on your behalf. They are reading your emails. So they are now vulnerable to attack or injection as well. And in order to stay ahead of that, like it's gotta be robots versus robots. You need to enable your security team with AI the same as how you're enabling your business with AI. That's why we're talking about robots versus robots tonight. Love it. Way to pull the event theme into it. Well done. And I'm sure everyone in this audience would agree there's enormous pressure on all of us and companies to use AI faster, quicker, more. But the reality is, is security keeping up and can AI help actually maybe even close that gap if used in the right way? No. So first and foremost, I think that the outlook for a lot of companies right now is grim, which is why they're here. They're faced with, my business is adopting AI faster than I know about it. I don't know what they're using. I don't have a complete inventory. I don't know whether or not the models and the agents I'm deploying have too much agency or are vulnerable to prompt injection or there's bias that's been introduced in the model or if we fed it good data. But we're all here to hear pitches from vendors or to sit down and hear about solutions and approaches to this problem. And this industry has never moved any faster. So, and I'll challenge you guys to think about this. I've been coming to RSA for like 15-ish years now, eight as a practitioner and about five or six before that as like on the customer side. I remember the cloud transformation. I remember the collaboration transformation. I remember when we stopped talking about APTs and started talking a lot more about phishing. But these things took years. And AI is moving in like minutes and hours and days. Like you're gonna, you being away from your office this week there will be new agents and new projects, they're AI projects that are deployed that no one knows how to secure, that your company built themselves. And so we now have to move just as fast. And in order to do that, you need to adopt your own AI toolkits, whether that's in phishing sandbox, automation, in classification, in your ability to discover and handle new threats. Lots to think about. But at Axios, we like to, this is some doom, some gloom, some excitement, but. Yeah, there's a lot of good stuff here too. Let's end on one final thing. Yeah. What are you, 15 years here, wow. What are you most excited about when it comes to this week, even though you're not at home working on AI? And maybe some tips for the group. I don't know who else has been here for 15 years in a row, that's pretty impressive. Or something fun that you're looking forward to? A couple questions in there, but let's end on a couple of fun things. Let me start by just like a couple of tips for the conference. I think if you didn't come with a shopping list, even for just what you're gonna browse, you should really think about that. There are hundreds of vendors on the floor that have products in every space of whatever it is that you're trying to think about. And a big part of this conference is exposing you to their methodologies and their ideas. But like, have a shopping list. Know who you wanna talk to, because you can get access to product professionals, you know, architects, you can get access to like a lot of people from that company to get really deep or wide in your particular use case. But don't just go blind. Like if you just kind of walk from booth to booth, you won't get the same out of your time because your time is really precious. I also feel the same way about dividing and conquering. So I've had to send teams here. And everyone might get really excited to go to one briefing, but you need to spread yourselves out because there's so many sessions other than the main keynotes that you can't go to all of them. One more on top of that, I would say more on the nightlife side. You don't have to say yes to everything. That's no fun. You can eventually kind of put it down in the evening. I don't see enough people in the gym at the hotel in the morning, so it would be good to catch a few of you there. And in addition to that, what am I most looking forward to? So in my role, I get to see customers both in the moments of crisis, but also the ones that are ahead of the game and they're preparing for that. So whether they're talking to us about that they want to secure their AI, they want more advanced detection on their email, or they want to secure their data or their cloud from insider threats and cyber attacks, I get to hear about their problem and talk to them about how Varonis helps. But then I also get to shamelessly plug my podcast, which is called State of Cybercrime. So for those of you that have never tuned in, we tend to air episode every month or twice a month. It's called State of Cybercrime. We talk about all the latest happenings, both what the good guys are doing in stopping cyber threat actors, as well as some dangerous vulnerabilities. We even have a new segment called AI Vey that will surely leave you saying AI Vey, you know, hint in the title. And so I would say that just getting to meet the people is the real benefit of being here. We as a community spend so much time at home in front of the screen, and we lose that personal side of the business that we're all in, because at the end of the day, even though I work at Varonis, we make an amazing data security and AI security solution, and I want all of you to use it, I also want to know how your business works and how securing it can help you achieve your mission. Because if I can protect the world's data and help you protect patients, or help you improve your company's bottom line, if you're a for-profit company, or manufacture better, or safer, or without other nation states getting access to your designs, like, I win too. And so get to know the people that are behind everyone that you're talking to, and remember that at the end of the day, like, that's what's stopping us from all getting replaced by AI, right? All right, you ended on one inspirational note. I appreciate that, and said one fun thing. Thank you. I learned a lot. I saw some folks taking notes. Thank you so much, Matt, for being here. Thank you to Varonis. And stick around, we have one more segment with Sam. Thank you so much.

TL;DR

  • AI adoption has shifted from consideration to mandate, with executives requiring employees to use AI and deploy agents, but organizations are limiting AI access to only 3% of their knowledge due to security and compliance concerns.
  • Varonis discovered the "re-prompt" vulnerability in Microsoft Copilot that allowed attackers to exfiltrate conversation history by exploiting gaps in security guardrails on subsequent prompts after the initial interaction.
  • Traditional security approaches cannot keep pace with AI deployment speed — while previous technology transformations took years, AI projects are being deployed in minutes and hours, requiring defenders to adopt AI-powered tools themselves.
  • The future of cybersecurity is "robots versus robots," with Varonis deploying AI phishing sandboxes that analyze millions of URLs hourly to detect threats that human teams and traditional tools cannot process at scale.
  • Security teams must balance enabling business innovation through AI while preventing data exposure, testing AI projects for vulnerabilities, and ensuring agents don't have excessive permissions that attackers can exploit.

The AI Adoption Paradox Facing Security Leaders

Matt Radolec, Varonis VP of Incident Response, describes a fundamental tension facing CISOs in 2025: organizations are no longer debating whether to adopt AI but are mandating its use across the enterprise. From banking institutions optimizing form intake processes to healthcare providers using AI for clinical documentation, companies are realizing material benefits from AI deployment. However, security teams face a dangerous paradox — organizations are currently giving only about 3% of their knowledge to AI systems because moving too fast risks data exposure and compliance violations, while moving too slowly means falling behind competitors. This creates pressure on security to be an enabler rather than a prohibitor of business innovation.

Re-Prompt Attack and AI Assistant Vulnerabilities

Varonis ThreatLabs uncovered a critical vulnerability called "re-prompt" in Microsoft Copilot that demonstrates how AI assistants can become data exfiltration weapons. The attack exploited a gap in security guardrails — while the first prompt between a user and Copilot had protections, subsequent prompts did not. By sending a specially crafted message (similar to a long URL), attackers could assume control and make requests even after the user believed the conversation had ended, gaining access to the entire conversation history. Microsoft partnered with Varonis through responsible disclosure to address the issue. This research highlights the need for rigorous security testing of AI projects, models, and agents to ensure defensive tools don't become attack vectors themselves.

AI-Powered Defense and the Speed Imperative

Radolec emphasizes that security must evolve at the same pace as AI adoption, requiring defenders to deploy their own AI capabilities. Varonis has built an AI phishing sandbox that crawls millions of URLs hourly to detect threats that traditional methods miss — including conversational phishing where the malicious hook comes later in the exchange, newly registered domains, and attacks designed to extract information rather than credentials. This represents a fundamental shift from manual analysis where users reported suspicious emails to security analysts who sandboxed them individually. With AI agents now reading and responding to emails on behalf of users, the attack surface has expanded dramatically, making it essential to adopt a "robots versus robots" approach where AI-powered defense matches the speed and scale of AI-enabled threats.

Chapters

0:00 - AI Adoption is No Longer Optional
1:05 - The AI Security Paradox
2:15 - AI Assistants as Data Exfiltration Weapons
3:40 - Inside the Re-Prompt Attack Flow
5:10 - AI-Powered Phishing Detection
6:55 - Security Must Move as Fast as AI
8:10 - Tips for Navigating RSA Conference
9:20 - Hope for the Future of AI Security

Key Quotes

0:17 "A year ago when I sat at RSA or talked with clients, it was, we're thinking about adopting it. We wanna move forward with some of our AI initiatives. It's here, it's upon us. We're hearing that we're using it."
0:36 "Our CEO has a mandate or our CTO has a mandate that every employee needs to use AI in some way, shape or form, or have at least 10 agents that's running on their behalf."
1:03 "We find that there's this paradox of an organization on average is giving about 3% of their organizational knowledge to AI."
1:11 "If you don't use AI, you're gonna lose. But if you use it too fast and you put your data at risk, you're gonna lose too because you're gonna get breached or you're gonna face a compliance fine."
4:40 "It's gotta be robots versus robots. You need to enable your security team with AI the same as how you're enabling your business with AI."
6:07 "AI is moving in like minutes and hours and days. Like you're gonna, you being away from your office this week there will be new agents and new projects, they're AI projects that are deployed that no one knows how to secure, that your company built themselves."

Categories:
  • » Webinar Library » Varonis
  • » Data Protection » Backup & Recovery
  • » AI & Machine Learning
  • » Data Protection
Channels:
News:
Events:
Tags:
  • AI & Machine Learning
  • Data Protection
  • Threat Intelligence
  • Security Operations
  • Executive Briefing
  • Interview
  • AI Security
  • Prompt Injection Attacks
  • Data Exfiltration
  • AI Phishing Detection
  • Microsoft Copilot Security
  • AI Agent Governance
  • CISO Challenges
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: What CISOs Are Up Against in AI Security

              XStreaminars (watch here)

              • Jul
                28

                Illumio + Netskope: Zero Trust in the Age of AI Autonomy

                07/28/202601:00 PM ET
                • Jul
                  29

                  Ask Your Cloud Anything: Unlocking Governance Silos in your Environments

                  07/29/202601:00 PM ET
                  More events

                  Industry Events (watch there)

                  • Jul
                    22

                    Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue

                    07/22/202601:00 PM ET
                    • Aug
                      19

                      Becoming Agent Ready: Insights from Cyera's Expertise

                      08/19/202612:00 PM ET
                      More events

                      Upcoming Webinar Calendar

                      • 07/21/2026
                        04:00 AM
                        07/21/2026
                        Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                        https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
                      • 07/22/2026
                        06:30 AM
                        07/22/2026
                        Insights and Strategies in Data Protection and Privacy Management
                        https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-in-data-protection-and-privacy-management/
                      • 07/22/2026
                        01:00 PM
                        07/22/2026
                        Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue
                        https://www.truthinit.com/index.php/channel/2029/insights-from-attackers-during-the-fifa-world-cup-a-human-dialogue/
                      • 07/28/2026
                        01:00 PM
                        07/28/2026
                        Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                        https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
                      • 07/29/2026
                        04:00 AM
                        07/29/2026
                        Real-Time Strategies for Safeguarding Against Prompt Injections
                        https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
                      • 07/29/2026
                        01:00 PM
                        07/29/2026
                        Ask Your Cloud Anything: Unlocking Governance Silos in your Environments
                        https://www.truthinit.com/index.php/channel/2048/ask-your-cloud-anything-unlocking-governance-silos-in-your-environments/
                      • 08/19/2026
                        12:00 PM
                        08/19/2026
                        Becoming Agent Ready: Insights from Cyera's Expertise
                        https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
                      • 09/02/2026
                        12:00 PM
                        09/02/2026
                        Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                        https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
                      • 09/30/2026
                        04:00 AM
                        09/30/2026
                        AI Command Center: Optimizing Visibility and Control in Your Operations
                        https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/
                      Truth in IT
                      • Sponsor
                      • About Us
                      • Terms of Service
                      • Privacy Policy
                      • Contact Us
                      • Preference Management
                      Desktop version
                      Standard version