Transcript
Hello, everyone, and welcome to our webcast about the risks and opportunities of AppSec in the age of AI. I'm Mike Shima, host of Application Security Weekly. Thank you to our sponsor, Wallarm, and thank you to everyone who joined us for today's expert discussion. AI, agents, acceleration, AppSec. It's as if this webcast was brought to you by the letter A, because a lot of the recent advances in AI have left teams with code that's awfully insecure and application security teams struggling to figure out their own identity. Identity is also critical to MCP servers and agents, presenting new challenges for their authentication and authorization. LLMs are clearly all the rage, and some teams are even discovering how to leverage them to a degree of success. And despite the speed in which code can be created, AppSec approaches don't have to start from scratch. There are lessons from the past in securing APIs that can inform this imminent future of AIs that we're facing today. Here to help us spell out a strategy from A to Z for AppSec in the age of AI is Craig Riddell. Craig is the global field CISO at Wallarm, helping enterprises navigate the intersection of API security, AI governance, and business risk. He's a former security and technology executive with hands-on experience across infrastructure, identity, and application security, who brings a practical operator-focused perspective to modern cyber defense. He regularly works with CISOs and engineering leaders to align security programs with innovation and growth. And today he's here to talk with us. Hello, Craig. Hey, Mike. That was fantastic. Thank you so much for having me. So happy to have you here because, as I alluded, we've got to go from alpha to omega, beginning to the end of all the strategies we can think of with AI and AppSec. But first, we should probably talk a little bit about why we're here. In other words, what are the risks? What are the threats? And I just wanted to, off the top, get a sense of what comes across your radar in either what is concerning you or what you've seen concerns raised by customers just asking for help. Yeah. I think, I mean, just to put it simply, it's not just this new technology that's coming out. It's also just how fast it's accelerating the attack surface. You mentioned it in the introduction, how much code's being put out. And of course, if it's that much code, the only way to review it is with an AI tool. And I think the more obfuscation that continues to happen, the more drift and gaps happen. And that's where we're starting to see all these new risks introduced. Yeah. And it's definitely that drift is a classic problem, because you already are calling out this is not necessarily, AI obviously is new, but a lot of the concerns and maybe the controls around those concerns aren't necessarily new. That doesn't mean they're easy to do. And we've heard cloud drift, for example. We've had things like Terraform. And how do we know that what was configured and what we intended was what we have today, the exact same thing, I think, is what you're alluding to with code. How do we know the code we wrote is the code that's actually, you know, hasn't introduced vulnerabilities? And I think that's one of those things that maybe doesn't matter in a way. Was it a bot or was it a human that was writing code? And I'm curious there, you know, is it a bot? Is it a human? Is that really an important distinction that, you know, that organizations are struggling with today? Yeah, it's an interesting question that comes up, of course. But I think kind of to your point, we're already starting to see those vulnerabilities happen where, you know, whether it's a rogue MCP server, rogue AI agents, this whole concept of shadow coming back around, and you alluded to it earlier, right? Yeah, new acronyms, but really the same pattern of security problems that we see with any big shift in technology, you know, whether it was cloud, like you pointed out, or going to container-based environments, and now this AI transformation that's happening. We're starting to see identity sprawl, permissions, over-permissioned things, and kind of bringing it back to basics. We're starting to see a lot of people adopting a lot of tools that they are trying to maybe execute one or two use cases out of, but don't understand how powerful or what they can actually do, because so much of it is kind of removed from configuration or deployed automatically now. Yeah, but one of the other reasons I was thinking about, you know, identity, is this a bot or a human, is on the one hand, I don't think it necessarily matters who wrote the code, but that code still needs to be inspected for security at some point, but, and I think you were touching on this a little bit too, is you can't exactly just scan code and be done. No AppSec program is based on that, because systems interact, and we have to go to those ideas of least privilege, is this, you know, what authorization does this bot have or does this service have? I'll be more generic, and I'll even say, you know, is this working on behalf of a human? Is it a service? You know, I'm trying to tee up some ideas here around stuff, it's not even just code. I'm curious what you've seen beyond just those code concerns from customers. Yeah, the way that we do things today, this static analysis of things, a snapshot in time versus how things are communicating now, I mean, just to speak on the speed of things, in CrowdStrike's Threat Stats report they put out, there was breakouts in as fast as 27 seconds, and I think the average time was 29 minutes. That is way too fast for a human-centric security model, where you're looking at logs and things like that, right? It's very important that we start to operate at runtime, again, with MCP servers being deployed and things being able to execute on our behalf, we lose the ability to do that risk-based step-off authentication with multi-factor and all of the other controls that we have today, that goes away because of speed. So you're starting to see a lot of things like tool chaining and massive identity hopping and all these trust fabrics that are being created inside of these environments, because at the end of the day, AI runs on APIs, so you're creating this mesh of connectivity, and it's only trying to do what we ask it to. So it's kind of an interesting problem that we're creating for ourselves. So that's interesting to me, because it does feel like there's history repeating itself, not to go down too far the path of cliches, but there's been a long time of unauthenticated APIs. I'm sure we could point to a bunch of bug bounty, pretty high bug bounty reports that made a good amount of money off of a basic failure like that, and the same aspect still applies to AI. So if we start to bring in what's that parallel between API and AI, what are some of the things that come to mind for you that are, here's security controls that an AppSec team or a CISO could already be thinking about or should already be thinking about? Well, that's a big question, right? So I think just before we dive into that, I think the problem is kind of interesting how it gets created, because if you look at it from the lens of somebody who understands APIs, the fact that AI runs on APIs is pretty obvious, right? But if you look at it from the opposite way, and you start at AI, because of the obfuscation layer, it may not be as obvious that what you're doing is creating all of these interconnectivity and API calls, right? So I think that that's in and of itself is pretty interesting. But outside of that, how many APIs are getting created? Like we talked about earlier, how much code is getting pumped out? So most leaders that I talk to today, inventory and shadow assets are the biggest problem because we can't secure what we can't see, right? And it's a very, very small percentage that have a good API inventory. Maybe the external API calls, but internal API calls are often tribal knowledge that are siloed information based on business units. And putting together that puzzle is relatively difficult, especially when, if you think about the rapid adoption of API usage, I mean, not too long ago, APIs were only used by a very small team, right? I mean, I remember when we were doing API security by kind of going and talking to the developers and saying, hey, you're doing this right, you know? And then now it's exploded. So it's beyond just being able to check in or have a starting with good inventory and asset management, I think is the key to any strategy for AI transformation, because then you can start to put the guardrails in place and start to look at how traffic is actually flowing in your environment and make decisions from there. Yeah, I think we'll come back to a little run by by the kitty. Always have to have some live entertainment. The aspect of that, what you listed off as solutions, I definitely want to come back to that in a second, but I think I don't want to skip over too much of the threats as well, because you made some good points about just shadow, fill in the blank, we're going to play Mad Libs here, shadow AI, shadow SaaS, shadow APIs, shadow cloud, et cetera. Those all fall in that category of, if you don't see it, how do you even know it's secure? And even to your point about some of aspects from the CrowdStrike report, the idea of identity, having credentials or having an unauthenticated endpoint is the easiest, simplest backdoor into a system. And it's not something that you're going to fix through patch management. It's not something you're going to fix necessarily through just, hey, everything, even code reviews necessarily for that matter, because it depends on how that configuration looks. And the reason I'm highlighting that is that I wonder how much of these aspects of build an asset inventory, understand where you are, have visibility, those seem pretty simple and I'll throw out the word boring. Is there anything exciting that CISOs can be doing? Because the attacks seem, that will get your blood pumping when you're worried about a compromise or a breach. Yeah. Sometimes the base layer is kind boring, but the interesting thing that happens once you have a good understanding of what is actually going on in your environment is that now all of a sudden it's very, very relevant on how our users interact with technology and how effective they are at doing that. So being able to see things from user interaction all the way through execution and the very results in between so that you can create risk profiles based on that, I think is very important, but also kind of like what you said, it's not enough to just have the big walls and all of that type of stuff. You also have to understand how things are intended to work in your environment because business logic abuse is also massively ramping up. I mean, you were talking about unauthenticated endpoints. I think in our API threat stats report, I hope I don't get this wrong. I think it was like 97% of attacks were executed in a single line, right? So we talked about it in the beginning. This is really just accelerating how fast things can go. So understanding blast radius and what could happen when things go wrong is very, very important, but everything is so interconnected now that without that full level of visibility, it's almost an impossible problem to solve. And something that I've been saying that has been resonating is like companies that had a really solid identity strategy, when COVID happened, they pivoted very well. And then companies that treated identity more like a checkbox, when COVID happened, had a rough time and had to go through some pretty radical transformation. I think it's going to be the thing with API security and understanding on how things actually work in your environment. If you have a really good understanding of your API inventory and assets and how traffic is actually flowing through your environment, this AI transformation will likely be a lot easier for you than companies that don't and have been treating API security as like a checkbox with their CDN or their WAF. It's a lot deeper than that. So that's interesting to me. And I know I those topics are boring, but to be clear, they're just kind of well understood. You're not boring about this. Doing the app sec, it's important stuff, but it feels like, oh, in a world of hallucinations, prompt injection, it's really interesting to me that if you had a really good identity story, you were actually prepared for AI without even anticipating that AI was coming. And I'm curious, what does that good identity story look like? So some of our listeners can start to think in the back of our head, wait, am I more prepared than I even thought I would be? Or obviously, should I be a bit more worried because I don't have my good identity story? Yeah, it's an interesting one, right? Agents aren't human, so they don't follow human identity patterns. We have to understand that they'll stack roles, they'll collect tokens, they're trying to act and give us what we ask them for. And then when you consider like what APIs are, they're data access, right? So this problem is just right for AI, right? Because we're talking to something that's designed to give us what we're asking for, and now we're trying to put guardrails around it and limitations. It's very similar to driving towards these privilege and data classification and governance and all of these things, right? We're just We're just calling them different things now. But I think when you start to look at traditional defenses and this is something that's incredibly hard as a CISO is my colleague, Tim Erland says it so eloquently and I'm definitely gonna mess it up, but he says security doesn't, it aggregates. And basically what he said that to me after we were talking about the job of a CISO is so hard because we have to protect the legacy tech stack and then we also have to protect all this future stuff. So when you think that 89% of growth in cybersecurity attacks according to CrowdStrike were AI enabled and malware free, that means traditional security-based security systems are no longer gonna work in the next era. So we have to start understanding context awareness, what a user is intending to do and putting runtime or real time, depending on what definition you wanna use in place. It becomes incredibly relevant but we can't forget all the other stuff either. So it's an impossible task, but I would say to put it simply, if the application security teams don't see agent identities in real time, they won't see the actions that matter. And it's those actions that matter that speaking of acronyms as an attacker, they're probably, I'm sure their favorite acronym is LOL as they're just seeing missing defenses or defenses don't work. And the poor APSEC team is on the WTF side about, oh, why didn't we think of this? 27 seconds in and out of an environment. It's insane. Like how do you respond to that other than, oh, wow, that's incredibly fast. Well, and it is incredibly fast. And let's break down that a little bit because there are aspects, I'm gonna at least cross my fingers and hope here that there are some of those traditional guardrails can security controls that can help or use the term blast radius that can even shrink what the impact might be from a compromise like that. Let me just start there. There's a couple of followups I wanna do, but maybe I'll just ask one question at a time. Are there, you've been focusing on identity, granular privilege, least privilege. Are these things still effective even in that 27 second type of window? Yeah, yes and no. I mean, yes, like I said, we still have to worry about the legacy stuff. The problem here is that most of these calls look like normal traffic. They're authentic, they're authenticated or there is no authentication required. They're following normal paths. They're not loud and noisy, right? So they're going in through the environment and finding ways to chain identities, chain tools, jump from area to area until eventually they've escalated privilege. It's the same story, but now it's at machine speed, right? And every little thing matters. And that's why I say like that drift is really where the risk is because we use like another analogy is like, right now our security story is like, you know that you remember those flip books where you draw a picture and you kind of flip through and they tell you a little movie, but there's scenes. Little animation, yep. Well, those scenes that are missing in a machine speed world is all it takes for you to be in a very compromised position. This AI transformed world requires that you're in like 8K high depth cinema, you've got everything, right? So that's really just the shifted mindset of, is it okay, yes or no at a static point in time to is it okay continuously? And like I said, that drift is becoming very, very important because to your point, our traditional security tools are seeing all of this traffic as it's okay. It's flowing naturally, it's not doing anything crazy, but it's causing a lot of problems. Totally, and I really appreciate the emphasis on like that business logic and here is legitimate looking traffic that is having non-legitimate consequences because of the types of flaws it's exploiting. Because if we were just talking about SQL and like an or one equals one, SQL injection cross-site scripting, those are common patterns, but those two hopefully, I mean, ideally they just fall into that legacy tech debt that you were talking about a little bit before that aggregation of technology that we still got the old stuff to clean up because those are kind of solved problems, but the business logic isn't necessarily a solved problem. And that business logic might also be written by that LLM code generator that hopefully somebody looked at. And so there I'm curious, if we look at this from an API security lens, knowing the AI exists out there, are there absolutely new controls that we need or are there a lot of existing API security that we just need to kind of bolster and just revisit and improve? Yes, and I think yes and no, right? Yes, I think it depends on where you're at with your API. API security is a lot more relevant in some industries than others, right? Like e-commerce, retail, FinTech, those types of industries where your business literally runs on those APIs versus if maybe you're a brick and mortar store, it's something that's still you can handle with your WAF or your CDM provider, whatever, you know? So I think it depends on where you're at in your journey, but the understanding of what's going on in your environment, not just in and out, but East and West too. And I think the East and West is more of the aspirational API security paradigm for most companies. I think a lot of companies have a really good understanding on ingress, egress, but the other traffic maybe is less known. Again, kind of going back to that tribal knowledge or side of knowledge from business unit to business unit on what their applications are doing and all of that type of stuff. But yeah, I think you absolutely need to have a much better understanding of how data is flowing. Like a question that anybody could ask themselves is regardless of what industry you're in, you know, do we have an accurate inventory of our APIs? Do we know what percent of our APIs are either revenue generating or transmit sensitive data? And if you can't answer those questions, then maybe that's a really good foundational place to start. And then you can build upon that as you start to work on connecting your AI agents and your MCP servers and all of that, because you'll see how that connectivity is very, very relevant and how it can explode over time. I absolutely love that because even if you have a good inventory, the next step is not just to say, well, we're going to go through this in alphabetical order and secure this one, then this one, then this one. No, is it revenue generating? What data is going through it? Those are wonderful ways to start asking, oh, which one of these APIs that now we know about are also risky? Meaning, where should we spend our budget? Our budget is money, it's time, it's attention from either our human side of our AppSec team or some tooling or AI. And I definitely want to dive into the data aspect in a moment, because I think that's kind of under discussed, especially if I just, even myself, just kind of posing this as application security, forgetting the importance of data. But before that, a lot of what we're talking about is inventory visibility, traditional tools, let's call them predictable tools that we know about. We haven't touched a little bit yet on AI for the AppSec team or CISOs using AI on the defensive side. And I'm curious, have you seen that as well? Have you seen that, or actually I should say probably, have you seen that be successful for those teams yet? Well, yeah, I mean, just look at some of the leaders that we all probably follow. I mean, I think Jensen Wang, hopefully I didn't butcher that last name from NVIDIA, said that none of his developers will touch a single line of code this year. They're all architects. There's been, unfortunately, layoffs kind of all over. You pick a company, right? And you can kind of go out and look at it. So I would say it's impossible to ignore the possibilities that AI gives us, right? The velocity is changing. LLMs and AI assistants, they accelerate push speeds. We've been talking about how much code is out there now. And then of course, like I said earlier, if there's that much AI-generated code, it's not like we can statically review it. We have to have AI now to do that for us as well. But the problems here is like these code and workflows, they're created by AI, they're monitored by AI. I mean, this is something that we've been talking about for years. You don't have dev and QA in the same function, right? We need to make sure that they have clear intent, providence, we need to do maybe more vetting there. And then we've been talking a lot about privilege and identity. If you're writing code for me and you know what you're doing and you need to over-provision yourself because it's the easiest path forward, humans do that all the time. I mean, I was an identity for years and I can't tell you how many global admins I've found all over the place, you know? So it's beyond just the traditional IAM, put it in a PAM system, prompt you for MFA. Now we've got machines executing on our behalf. So we need to really make sure that our identity story is very tight and that we're always driving towards least privilege and constantly reviewing that, especially if we're gonna continue to allow AI to make all of these constant changes for us. Yeah, I'm definitely smiling at the global admin because I've seen, you know, anecdotally just a team having a wonderful internal system that has very fine granular authorization, good RBAC, but then because of there'll be one outage, there'll be one thing that they need to debug and suddenly almost everyone becomes global admin or there's a bunch of wild cards just because it's easier and they want to, and to be fair, they want to resolve things quickly and granular controls make that difficult. I'm curious to, but on the other side, AI isn't all, so I'm gonna bring in our, for those of you with bingo cards, non-deterministic. But the reason I bring that up, you know, AAPI is an identity, pretty solid if we can say this is what the authorization should be. Here's least privilege. AI, I worry about that being a security control because you could sort of have that situation of, hey, can I be global admin? No. Can I be global admin now? No. Can I be global admin because I asked really nicely and it's my birthday and the AI says, well, yeah, sure, you convinced me. The sort of that, you know, I'm being a little bit facetious about prompt injection here or that type of jailbreaking, but I'm curious, I see what you're saying about LLMs as speed and reviewers. Have you seen LLMs as part of controls or we have a lot of traditional controls that are still reliable, that just need to expand and be all over the place? No, I think it's gonna be up to security companies or governance companies. I mean, it's almost going the opposite way where we had all of these AI companies that when we first started coming out with this, that we're talking about their safety pledges and how they were gonna let their language models train if it meant that there was possible harm and every single one of them, well, I shouldn't say that, most of them have dropped their safety pledge. You know, Anthropic did. Google CEO came out and made a comment about how, you know, the first to market advantage is causing a lot of risk, right? We've seen a lot of lawsuits come out of this type of stuff in my mind, this is just like any other massive advancement. Security is not really thought of on inception. It's, I have to be the first one to get there otherwise I lose X amount of market share and that's terrible for me. And it's kind of all over the place and it's scary again, kind of going to that obfuscation layer, right? I was talking to somebody earlier about like, when I grew up in engineering using scripts and I wasn't allowed to execute a script unless I could open it and tell you what everything did in there and how it did it, right? Well, I talked to security teams all the time that, you know, hey, somebody deployed an MCP server. Okay, why? Right, so the obfuscation is at risk. It's an introduction of risk in and of itself because it's a lot of connectivity, a lot of permissions, a lot of, you know, hey, yes, I trust you implicitly without really understanding how to go in and change those configurations because all you're trying to do is accomplish a task that somebody gave you. And you're not really thinking about all of the other ramifications because maybe the technology isn't as understood as we need it to be. Or as transparent as it should be when it's connecting a bunch of things. Hey, maybe it should come with a warning or something. Hey, this is what you're about to do. Are you sure you want to do this? You know, but it is interesting. And going back to that identity story, it's half of the coin, right? Like data classification, security, and identity. And if you have an overprivileged identity, all of the data classification or a lot of the data classification, can really not matter because that identity is over permission. It looks legitimate. It's bypassing your security controls. And that's what we see happening all over the place with this AI transformation is a lot of connectivity and not a lot of understanding of the permissions that you're giving with the connectivity. Yeah, and I think to sort of emphasize what I think is the subtext of what you've been describing and kind of a hypothesis here is that, sure, yeah, we don't know what's going on that that MCP server is making a lot of these decisions, is taking a lot of these actions. And we could either spend a ton of time figuring out line by line, what is this MCP server doing? Or at the very least, we can say, we're going to take this MCP server and put it in a restricted environment, just with saying like, okay, making this up a little bit, but here's an MCP server that's playing around with your calendar, but that doesn't mean it should have root access to your local system. It doesn't mean it should have access to your email. Maybe it just needs the calendar. Obviously, you shouldn't have access to other people's calendars unless it's been explicitly delegated. And at this point, I hear myself just rattling off kind of basic identity concerns. And I think that's hopefully, yeah, exactly. It's kind of, you know, I have a colleague who's on the infrastructure side. He's our CTO here at Wallarm. And we kind of talk about this back and forth because it's so interesting kind of the recirculation of trends, right? Like now we just had a whole discussion about least privilege, I would say, but we're going to call it like three other new acronyms because it's a new technology. And we've talked about this idea of like doing a webinar on just demystifying API and AI security. Like, hey, look, this is what this actually is. Yes, it's a new acronym, but this is how this works. These are how these new tools interact. Here are the concepts that you're already familiar with that you can kind of start to drive towards in this era. But I'm glad that that happened. It's interesting because we're breaking down on the identity side because it exploded so fast and the permissions are going back to not having a good understanding on how traffic flows and APIs are actually used in your environment. It's not shocking that these things are happening, but it's also not going to be too difficult to kind of get an understanding. You're not going to stop the AI transformation or slow it down. What you need to do is go partner with your business and get some good runtime or real-time visibility and start with discovery and just watch, just like any other security program, we don't just immediately put it in blocking mode. We just monitor, we observe for a minute and we see what's happening and then we go partner with the business and make a strategy, accept some risks certainly, and then continue to kind of tune in. So my advice is like, hey, go get curious about what the business is doing and partner with them. Get at that runtime and real-time level and then build from there. It's going to be okay. Yeah, hopefully it will feel that way for a lot of these CISOs out there, but what you are saying really does resonate with me because it's the idea of inventory. Just what APIs do I have? Visibility, what's going through them or what privileges have they been provisioned with or have access to? And then have that conversation from there. And I can easily think of some scenarios where, yeah, there's going to be some risk acceptance and that we're just, this is okay because of other mitigating controls. But I do want to come back to the idea of data because I made that, perhaps I feel a little bit bad for the idea of asset inventory or API inventory, calling it boring, but it's boring but important, but also not easy to do. And I think in that category of important and not easy to do is that data story. And I'm curious, have you ever seen anyone any organization with a good data story because that feels so hard in my experience? Oh yeah. I mean, yes, short answer, yes. I've been a part of a couple where I'm like, wow, this is really great. Good. But it's kind of, like I said, it's two halves of that coin and I feel like every organization is kind of trying to balance their priorities on either tightening up their identity strategy or their data strategy. It's a constant balancing act. But if you, again, kind of going back to demystifying AI is it's going to be all about data quality and what you have, how your LLMs are tuned to go out and interact with it. When you really think about it, that's what they do. They produce text and then based on data that you already have, and then you can choose what tools to filter it through and all of that stuff. But yeah, I think data quality is going to be massively, massively important. Yeah, and that's got to be just knowing, because you made that point too, is this revenue? What type of data here? Just having that kind of inventory just feels like it's going to help you fill in those pieces about what is the AI touching? What is the AI handling? What is it processing and working on? Yeah, I mean, I remember having this discussion when everybody was rushing to the cloud too, right? Like, is it a data breach or a data leak? Because there was just so many misconfigurations that data was left accessible. You didn't really have to exploit something to get access to it. Oh, those S3 buckets, yeah. Oh yeah, so you remember. I think it's going to be the same thing here. I mean, we've already seen a ton of data leaks, a ton of, you know, oh, we found a repository that has all your API keys. You know, all of these types of things, misconfiguration, it's going back to the basics, right? Asset inventory, making sure configuration's good, detecting drift, et cetera. So it's interesting seeing the cycle all over again. It's really cool to be a part of it from kind of the phase ground floor kind of thing. But yeah, yeah, it is. It's just going back to all of those basics and making sure that your baseline is really tight. Yeah, I'm still smiling because so much of this conversation has pointed back to, call it 10 years, maybe even 20 years of the cloud API security basics that are things that we can and should still be doing today. So that's a good thing. But if we're taking a trip down memory lane and, you know, there's that trap of rose-colored glasses to look, you know, at the nostalgia of like, oh, API and AIs is just a difference of a P. You mentioned at the top, like CrowdStrike and the 27-second window of attack. You know, 10 and 20 years ago, I heard a lot of AppSec approaches being like, oh, this is scary. How come you haven't done anything fear-based so far? You haven't tried to scare me into worrying about this problem. That seems like, you know, an old school way of approaching AppSec. Yeah, well, look, I think, well, number one is the shift of the office of the CISO. We're no longer the traffic cop who gets to say yes or no to provisioning, right? We lost that a long time ago. And so, and the, usually you would argue the pain of change or something like that, right? But the benefits that AI introduces, this isn't a question that business leaders are coming to us saying, hey, we think we want to explore this thing, help us figure it out. It's like, hey, by the way, we've already done this. Help, you know, please make sure that we're not too exposed. Yeah, and we're not stopping or slowing down. So I don't think it's worth coming at it from a fear-based lens. Like I said, and maybe I'm oversimplifying it. I hope that doesn't offend anybody who's deeply embedded in AI. I just truly believe that when you kind of take a step back from all of the explosion of acronyms that we're dealing with right now and all of the new threats and all of this other stuff and take a look at what we're driving towards, it's the same concepts at machine speed. And that's why I say, like, we shouldn't lead with fear. We should lead with curiosity and go partner with our business and figure out what they're doing and why they're doing it. Because we can help, if the earlier we get brought in as security professionals, the more efficient our security tools will be, the more effective they'll be, and the less frustrated everybody will be, right? Because we have had this privilege or maybe as cybersecurity practitioners of going to the business and saying, you need to care about what I do. Cybersecurity is everybody's job. But very few people in cybersecurity go to their business and say, hey, that's cool. Why are you doing that? What are you trying to get out of this? What tools are you deploying to make your life easier? I think with that little bit of kind of curiosity, a lot of these security gaps, again, the gaps are where the risk is nowadays. I think we can help tighten those up because it's not attackers doing, and of course this is happening too, but they're not doing a bunch of sophisticated things. It's the low-tech, high-velocity approaches that are working right now, because we have massive gaps. So when we fix those gaps, then we'll get to go back to defending against all the crazy, new, exciting stuff too. But right now, why go with a difficult route when the easy one's open? Yeah, and I appreciate the way you were framing all of that too, because one of the ways I like to react to that is there was the old, very unhelpful phrase from AppSec practitioners who would sort of say, devs don't care about security. And I would love to always invert that to say, well, AppSec doesn't care about development. That's, you've got to understand this is happening. This is how, this is what's going on. The code is being written. And I think- No, I was gonna say, it's totally true. And it's, that's funny. Yeah, it's 100% true, but you need to, right? It's the partnership and the DevSecOps community, I guess, is really kind of where we started to see security be a lot more effective. And companies, especially large ones that have started to adopt BISOs and business unit CISOs who are deeply curious and invested in what that business is doing and have kind of decentralized their security model, I think are seeing a lot more effectiveness in their policies and making sure that it's working for the business. Because if we just kind of command things from on a mountain, then it often gets bypassed. Yeah, and to your other point, one of the major themes you've been touching on is that these attacks are happening at a very, very fast pace. That's our acceleration, that's our speed, whatever other metaphor or synonym we want to throw in there. And I think there is, you were rattling off a lot of good ways that organizations have been changing people-wise. But here, I want to go back and touch on some of the suggestions you'd have around how do we get the tooling, AppSec tooling, security tooling, to match that speed? Because me as a human, even if I'm just the AppSec practitioner, like you've said, I can't read through all the code. Even if I'm a BISO, I can't keep track of all of the different API changes, all the features being rolled out. So I'm going to need tools. And you've talked about the inventory a little bit of visibility. Where else can CISOs look towards tools or tool-informed or beast approaches to really help themselves here? Yeah, again, I would say it depends on where you're at on your journey. If you can't answer the questions that we talked about earlier, maybe starting with that observability, visibility, inventory layers is a solid approach. But then building upon that, are we looking at traffic statically or are we seeing traffic in motion? Do we see drift in how things are actually moving through our environment versus how when we provisioned this application, we thought it was going to go and why? And then get back to asking that next question. Don't just get obsessed with a feature or, hey, we're going to deploy this tool, this AI agent, this MCP server, whatever it is. Okay, why are you doing that? What are you hoping to get from it? And do we know what happens if things go wrong? Like going back to kind of oversimplifying things, one of the other questions you had to be able to answer before you were able to execute a script is what identity does it run under and what happens if something goes wrong? What's your backup plan? I would ask those questions, just back to basics. Hey, okay, we're going to deploy this. How's it going to get deployed? What identity is it going to use? What happens if something goes wrong here? How do we back out? Basic, basic things like that will start to help. And I'm not trying to say anything. I think that would be shocking, but that's where you have to start to build a security policy on because then you can watch and see what happens and then you can start to tighten down the guardrails, right? Okay, that's kind of how I see it. Whether you're looking at deploying against prompt injection or that type of defense and understanding how your users are interacting with your AI agents or whether. or whether you're trying to defend on the backside of it, I think it all comes down to a deep level understanding of what's actually happening, and that runtime or real-time security, and that shift in mindset of, you know, building walls and kind of looking at things statically to constant reinforcement and checking. Yeah, and I think that, and that precursor to building those walls and protecting your environment absolutely is securing what you see, you know, having that visibility, and I actually wanted to bring back that idea of fear and scariness for a second, because a lot of times just, if you've gone from no visibility into lots of visibility, I'm gonna predict you're probably gonna see a lot of gaps, and suddenly you're gonna see a lot of problems, and a CISO, I think modern CISOs know that that's a good thing, that's exactly what you've been scribing, these are positive benefits, but maybe not everybody might appreciate that, so have you seen CISOs have to also then struggle to translate to say, hey, look, knowing we have gaps are good, regardless of how big they are, how does that become not a scary prospect to tell the org? Yeah, it's, well, there's a couple of different ways that I've seen this go positively, right? Of course, I've seen kind of the red flag waving, everything's on fire, you know, that panic button doesn't really go so well, because again, it's not like we're gonna stop going through the transformation, we have to provide a solution, right? One of the hardest things as security practitioners is finding that return on our investment, how do we get funding from the business for the security, and we know that not every project is funded, right? But observability and governance, going back to that, there's so many shadow assets out there, and the great thing is that the way these things work on this tokenized model, it's pretty easy to see a financial cost associated with a lot of these shadow assets. So that gives the CISO a pretty good lens to build a bridge into the CFO's office and say, hey, look, we need to get our hands around this, because look at how much money, we don't know if this is legitimate, we don't know what's going on here, we need to start building a policy around this, and also into the business side of things, right? You know, hey, we need to have a standard around this, whether it's the A to AS standard, if you haven't looked into that, you should, or whether it's just certified workloads, we're aware of the NHIs that are operating these things, and starting to build around that, because again, we're always gonna be playing catch up in the CISO's office to the business. The closer we can partner with them, the more we can understand what they're doing, the more we can be involved and not have to scan and say, hey, what's that, you know? So I think there's a lot of different levers that you can pull right now, because it's kind of going back, and all we wanna do right now is, to the best of our abilities, enable this AI transformation to occur for our business safely and responsibly. We don't wanna introduce too much risk, but we know with any massive technology transformation, there's gonna be a lot of undocumented or not understood risk that's being introduced. We're just trying to partner better so that we can go into this journey with our eyes kind of wide open on what's actually being introduced in the environment and how. Yeah, and I think that awareness, and just that suggestion is, go talk to the CFO, find out where the money is being spent to discover Shadow. Sounds like a wonderful shortcut to understanding your environment more. I wanted to, I'm gonna jump around here a little bit as we're getting closer to the end, because we have been talking about what can AppSec teams do, what kind of strategies can CISOs come up with. Also wanna have some counterexamples. For example, we've been talking about speed, I think importantly. So are there certain mistakes that AppSec teams make that slow down the pace of development or the pace of adoption or pace of AI for that matter that we're talking about here? Are there mistakes that they should be avoiding or is there a message that you would send to our listeners about, don't do this, this is just gonna be a trap, that's not gonna help anybody? Don't deploy a tool that you don't understand what it does. That would be my biggest thing. Like I said, AI has made everything so easy. I mean, you can get on chat GPT or Anthropic or Cloud, whatever you want, and get step-by-step instructions to do most things and you don't have to understand a lot of it, but you can get it to work. I think be curious about what's actually happening and to the best of your abilities, don't deploy something if you don't understand what it does. And that kind of ties back into the curiosity thing. Other than that, embrace it, dive in, get curious with these AI tools. I mean, this is crazy how fast things are going. I was on a call with our CEO earlier this morning and he made a comment that was like, hey, look, I've never seen the world move this fast. It was around when the internet came out, it didn't get adopted as fast, same with mobile telephones. He goes, I wasn't sure how fast fire got adopted or the wheel, but this has to be pretty close, right? I mean, so it's amazing how fast the world is changing. Dive in and get curious, get familiar with how these things are working. And if you're not sure how, ask your favorite provider and it will tell you, hey, how do I interface with you better? Build me a course on how to do this. And if you're from the security lens, ask how you can do it responsibly and securely and it will give you some good suggestions. It's just not gonna give you those out of the box because it's trying to help you complete a task. So yeah, I would say embrace it, but also to the best of your ability, don't deploy something that you're not comfortable with or that you don't understand. Yeah, I think part of that too, is I was thinking of when I used to have these kinds of conversations around package security or software composition analysis, my joke would be in the hour it would take to have such a conversation, there would be five new JavaScript frameworks created. This is 10 years ago or so. In this today's conversation, I don't necessarily know that we'll have five new point releases from Opus or chat GPT, but it may be three. It's still gonna be fast to your point. But what's interesting to me too, is that you haven't really emphasized this is an Opus 4.5 versus 4.6 or specific models. And I'm just curious, I suspect that's actually kind of deliberate because how much does a specific model matter if we're talking about securing what AIs are doing or that obfuscation layer that it's APIs underneath all of these, what these models are doing as well? Yeah, again, I think it's directionally understood if you're interfacing, if you're not from this background and you're interfacing with maybe AI for the first time, what it's doing behind the scenes is probably not as relevant because be honest, it spits out 50 pages of text and you probably went to the bottom screen and were like, yeah, that looks great next, right? I think that's pretty safe to say, but we were talking about this the other day too. All of the models used to be a lot different and used to kind of go to one for this and one for this and one for this. Now they're so close. It's really more like what your preference is or maybe what you started with, kind of going back to everybody dropping their security pledges and chasing that first to market advantage. Now all of a sudden, everything, it's a very, very tight race and it's scary in a lot of ways because when you're trying to be first to market, there's a lot of things that you can compromise on and security and your risk is usually one of the first things. And I think we could pull up a million different headlines that would verify that. A million at least. Now the other thing, so we're also gonna have tons of headlines at the end of this month because of RSA and there's gonna be new startups, a bunch of new acronyms. I think it's probably not hard to predict that will come up with those headlines too. So in about two weeks or so, you'll be at RSA. What could some people look forward to to either hanging out with you at RSA or seeing what you and Wallarm will be bringing there? Yeah. Well, obviously we come from the API background. So if you're not familiar, Wallarm has a free API certificate course, certification course. You can go out and learn how AIs actually communicate, how to detect and block certain types of attacks. It's completely free. Go out and register for that. Our booth number at RSA is 3125 and we're happy to talk about anything API and AI at RSA we're releasing our AI observability and governance tool. So there'll be a lot of information coming out about that but it's that runtime real-time kind of detection, observability and governance that we were talking about earlier. Happy to kind of go through that in any depth with anybody who's attending but we're doing API risk posture and WAF security testing there as well on site. Awesome. So an excellent list. So looking forward to that, have to stop by the booth for sure. Craig, I've had a wonderful time having this virtually. I also look forward to coming by the booth and actually seeing you in person and be able to continue this conversation then too. But I absolutely wanna say thank you for this conversation today. It's been enjoyable. Yeah, thank you so much, Mike. I had a great time. I wanna say thanks once again to Wallarm for sponsoring this webcast and thank you to everyone who joined us today and everyone in the future who's listening to this as a recording. Make sure to check out wallarm.com and as Craig said, go check them out at RSAC in booth 3125. And finally, keep an eye on securityweekly.com for more engaging webcasts just like this. Thank you.
