Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Netskope: AI's Biggest Security Problem: Data, Identity & Agents

Varonis
07/14/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


Like it involves potential impact we could be making. You know, I can't think of another technology in our lifetime outside of cell phones that has been everywhere, everything all at once. The more data you feed into an AI, clearly the more intelligent it gets. But then that obviously then breeds more risk. We've never come across a construct like this yet. Data is just like a casualty of that. This is where I think we really should start to, you know, probably lose a little bit of sleep. Hi, Mike, thanks for being here today. You and I were discussing the other day in our prep for this around talking about where organizations are on their journey of AI and where we are as a society with dealing with AI. So I just thought it would be useful, you know, interesting to sort of explore some of these topics and go into a bit more detail. I was, interestingly, to sort of kick things off, I guess, I was at a conference last week and I had the fortunate situation to be able to host a room of about 22 CISOs, all different organizations all over Europe. And we were talking about AI. We were in the room. And what was really interesting was to hear them all explain where they are on their journey. And I think it's everybody's at different stages of maturity now. I had an individual next to me who was telling me that, you know, we're full speed ahead and we've got agents everywhere and we've got RAC pipelines integrating with our databases and all this. And the guy next to me is like, yeah, we're using Copilot. So, you know, it's it really is. I guess you've seen this. I guess you're hearing this as well. Yeah, very much. I mean, the saying the future is already here. It's just not evenly distributed. It comes to mind when it comes to this AI workforce. I mean, honestly, it's it's really hard to wrap your head around just the speed of development in general and AI, let alone the security of AI. And so it's you see a lot of companies very risk tolerant and very or who expect to be risk tolerant. But then what's happening in practice at the org level is very different than what the policies may say, what they want to happen. And it's it is something I've seen quite a bit is I think we're still in terms of AI and then the security of it. I think we're very early on in the days of where, you know, how much you know about it and how much your willingness to tinker with it and explore and test and break things is directly related to your ability to have a good outcome with it. Yeah. And it's we're not at a point yet where it just works like magic. No, very much matters. What you put in is what you get out. Yeah. And I'm sure it sort of comes down to the skill situation inside your organization as well and where it's being driven from. I mean, we've heard examples. You know, Microsoft went, you know, really, really public a few couple of years ago with Copilot. And I think a lot of boards jumped on this and thought we need to be innovating and, you know, dealing with our competition because we're going to fall behind. And suddenly, you know, IT teams, security teams were being sort of somewhat, you know, forced into this route. Yeah. But it's interesting to see where some companies are really adopting it now and start to see some real use cases for it. We talk about this concept of the AI paradox and the AI paradox can be explained in a number of ways. It could be, you know, from a holistic perspective, the fear with humanity that AI is going to take over and are we ready to adopt it? But we look at it from the sense that organizations, I think, in the most part, know they want to adopt AI. But AI obviously relies on data. It relies on identity and it relies on the data that feeds it. And the paradox really comes in in that organizations have an immense amount of data. They've been gathering it for years. And really, there's a real sense of concern and caution about opening up data to AI. And so what we're hearing is that the paradox situation is that maybe sort of three percent of the data that an enterprise owns is actually being ingested and fed into models of AI. And so if you think about it, the more the more data you feed into an AI, clearly the more intelligent it gets. But then that obviously then breeds more risk. Right. So I think we're at this quandary at the moment about how we can get past this point. Yeah, I agree. And I think, you know, a lot of companies have kind of realized just how either insufficient their current data security strategy is or even their identity strategy when it comes to deploying something like a copilot. I've heard it referred to as an unexpected pen test when you go and deploy these features just because you give it a certain level of access to to go and see across things. And the great thing that it's the best at is that correlation and that, you know, connecting things that, you know, perhaps a human may not be able to derive from. But I agree with you. You know, it's one of those things where this has been the moment that a lot of businesses have been waiting for. OK, we have all this untold data. We have all this potential revenue. We have all the potential impact we could be making, which is why we're feeling such a push from, you know, every industry, every line of business, you know, it's it's top down and it's bottom up. You know, I can't think of another technology in our lifetime outside of cell phones, which had a slower adoption curve that has been everywhere, everything all at once. Like it's personal, it's business. There is no line between the that world anymore. And it's and it is improving outcomes in a lot of places. But it kind of goes back to, well, is the data I've even given get useful? Is the data, is it the right data? And that's you know, is it is it secure? That's a whole different set of conversations. And it's never it's never an easy thing to find out, because I think historically, companies haven't really had the ability to determine just how good or bad some of this stuff is because it's never been used in this manner. You know, it's there's a lot to uncover. Yeah, you said a great thing to me the other day. I think you said you said the A.I. has made us realize that we're just terrible at securing and managing data. Yeah, yeah, it's it's because immediately you see what A.I. is meant to be helpful, like the LLM's, especially they're they're meant to help you achieve the next task. They want to go do it. And so if they have the ability to, they will do it. And, you know, these model evaluations have shown time and time and again that they will reach the goal by any means necessary, effectively. And data is just like a casualty of that. Yes, absolutely. I mean, I mean, I've been talking to organizations that are sort of, you know, somewhat down that maturity curve. And starting to see now that they have agents that are sort of designed and segmented somewhat to do one particular task, perhaps talking to another agent to better fulfill a question or a prompt that it doesn't have the ability to answer. And suddenly they're realizing that they're actually starting to be completely autonomous now and and non-deterministic in a way of being able to find, like you say, find the answers from a data set that I don't have access to. But I know a colleague that does from an agent's perspective as well. So I think starting to make companies really realize that. We've really got to get our shit in order. No, I agree. I agree. And, you know, and it also brings up the concept of like, what is an agent? What is it really? What is it not? What's the blast radius of what it can access? And it's never you know, we've never come across a construct like this yet where other than perhaps like a super admin kind of level person having the ability to kind of go and do all these things really without any kind of consequences. Because it's something that's not deterministic or something that doesn't have the same level of repeatability on a given task. By the very nature of what it does, it's going to be hard to constrain without a ton of guardrails. And I think we realized very quickly that there still needs to be some guardrails. But it's it's this dual edged sword similar to a paradox situation is that you you have to give it enough to make it useful otherwise and get out of the way. Otherwise, you'll never see the value of some of these things or the purported value. Yes. And I suppose the flip side of that is that you got to make sure that the data that it's feeding or learning from is the right data. Right. You know, because inevitably, if it's learning from stuff that it shouldn't, that will lead further down the line to, you know, hallucinations and all sorts of things we don't want. A few years ago, this is a it was a fascinating conversation. I was talking to a very large car manufacturer and and they've been building vehicles, all sorts of vehicles for years and years and years. And they've got robots in the factories, welding and building these machines. And every time it does a task, it generates a piece of telemetry, goes into a log file somewhere. Yeah. And they've been storing this stuff for 20, 30 years, just loads of it, petabytes of this information. And I remember talking to them a few years ago and they were they were really of the mindset where they started to build up to that point where we need to get rid of it. We need to delete it. We just don't need it. It's costing us money. It has no value to us as a business. We've never looked at it, of course. And so they went through this exercise of thinking, how can we actually invoke this whole disposition conversation, which is terrifying for every company around the world? Of course, no one likes deleting anything. But here we are, full circle, a few years later, they're now building the next generation, the next evolution of the robots. And they're thinking to themselves, well, we've got we've got masses of data that we've learned from that perhaps we could use to train the next generation and use in a very intelligent way to rather than starting from scratch and just writing code, they could actually learn it from what's been successful and what's not worked before. Right. So suddenly all of that information becomes incredibly valuable. And I'm not telling companies, don't delete your data, delete your data. Please get rid of it. Data retention. Everybody, everybody has a policy. No one invokes it. But it's interesting that suddenly that information becomes valuable nowadays. Yeah. And honestly, you hear companies hear stories like that or they they they think it's possible in their business. That's probably not as like directly connected to physical manufacturing. Maybe it's just a regular SAS business. And they're like, oh, we can do the exact same thing if we just give it enough training signals and customer signals and UX signals and things like that. And I think it's it's all possible. But it kind of goes back to then the smart application of it. Yeah. And how are you feeding it the right way? And then how do you make sure that it's that it's even working on useful things let alone the security of it? And like what can what can then become true as a result of the kind of unfettered access to that at the agent level, but also at the human level, too, because now it's, you know, pretty much everybody's using agents or some coding LLM or some, you know, ID, ID platform that has AI built into it to do even the most basic tasks now, because, well, you can. So why not? And so it's been it's really quite a challenge. So how do you how do you govern something that's that big and changing all the time? Well, so how how answering this, then how do how do organizations get their shit together and make sure that they're in a good place to do this? Well, it's not easy. I would say just number one, except that it's a little bit more challenging than some probably other tech revolutions you've tried to work through. It doesn't mean you have to start from scratch. It doesn't mean you throw everything out that you've done in the past. OK, but I also at the same time believe that, you know, you can't just do the same old things. You can't just have a governance meeting once a month with a cross-functional team and you write a PDF and you take notes and everybody goes on. That won't work. Something that changes, you know, if you follow along on Twitter by the by the hour, sometimes it changes. Yeah. And what's possible also changes like it's never been. Technology has never evolved that quick. So, you know, I always say like, hey, you need to be leaning into more of like, you know, actually using the technology to govern the technology where you can in a smart way. Sure. But you also have to just lean into like, you know, how how are your business teams using it? So don't start it from like a tech standpoint or security standpoint. You'll get there. And but most most of the time, tech teams are brought in because they're the only ones who either deploy the thing or can see the thing that has been deployed. They have visibility. They have the access or they have the trust around the level, which. So it's great. You can see stuff. But that's just one part of it. Now you figure out, OK, why are we using it? What's the point of this? You know, what are the business cases for this? What what line of businesses are actually driving some of the like the biggest adoption, not just, you know, make more spreadsheets faster? There's there's got to be a reason you're you're pushing on some of these things. And that's the teams you go with and find out, like, you know, what are you doing? How do you speed it up? What's what do you need versus what's what do you don't need kind of things and kind of work backward from a like a use case standpoint? And it'll be slow. And, you know, it'll take some time, but you'll get into the rhythm of how it works and how you want to get people to be sharp enough to use this without needing to go check like a, you know, a 10 page document every time about, oh, can I do this every single time? Do I have to ping somebody on Slack to say, is this all right? There's got to be a smarter way to to enable people to use this newfound tool. Basically. Yeah. Yeah. You hear a lot of a lot of companies now have have their adoption committees. I think it's a really sensible approach, because from what I've seen, there are different individuals from different backgrounds within the business. All coming together. You've got, you know, the the risk people that are going to be going to turn up. You've got legal. You've got the finance people. You've got, like you say, the technical people, the security people, but people who can innovate as well and think about how they can. And I think that's been really helpful for a lot of companies to actually have a group of minds come together. Yeah. To start to think about, you know, how can we use this to make our life a bit easier? And then you've got hopefully the security and the risk people trying to implement some guardrails and practice around it. But I guess the caveat to that is, like you say, it's moving so quickly. And if I want to suddenly start building a new agent, because I've got an idea of how it can, you know, streamline a workflow, for example. Yeah. I don't want to go through hours and hours of getting approval. And I'm just going to do it. Commit is, yeah. And that's the thing. People can just do it now in ways that they couldn't before. It's the concept of like everything is permitted unless expressly prohibited. And that's like never been more true. You can just go build a prototype. You can just go commit your own code. You can you can do anything you want. There was an incredible time to be building anything, or even if you've never been a builder before, it's incredible time to be able to step in and put your ideas into something that you can actually touch and feel and see. Yeah. And so you kind of have to come back to like giving people concepts and approaches to doing these things and giving them a way to either highlight what they want to do and risk, but not in a way that slows them down. And some of the best companies I've seen do this kind of build ways to just more like the guardrail or like the paved road kind of idea. Like, yes, you can build as many agents as you want, but this way, like through here. OK. Start here, do that, and then go build whatever you like. Or, hey, we're going to use these tools. They have to go through this kind of CICD pipeline to get checked, no matter what you put. OK. This is give them give them ways to say like, yes, without you being in the middle of it and then catch it kind of on the back end. But still have technical controls in place. Yeah. Yeah. That's interesting. Exactly. Not AI controls, technical controls that check the AI. And not, well, governance controls as well, I suppose. One of the things that sort of came out of this big sort of, you know, conferencing that I went to last week was, yeah, we're very controlled in our delivery of AI. We have a committee. We're very concerned that we have to stay compliant. There's all sorts of frameworks. There's the EU AI and there's NIST, and they're popping up as they always do all around the world now. And a lot of it has been driven from that compliance perspective. If you want to develop an AI, fill in a form, come see us, you know, agree that you're not going to ingest information that you shouldn't, and it's not going to start exfiltrating information that it shouldn't, and we'll give you the tick and off you go and do it. Right. And I think that's sort of given some companies a warm fuzzy feeling that they're doing it from a compliance perspective. Yeah. When I say to them, OK, well, what about the stuff to build a building that they aren't going through this? Right. It is happening. It is happening. And I think a lot of them were like, would they do that? They're like, well, yeah, they would. They would. Every time. And they're going to want to train those agents. They're going to want to make them intelligent. How do you make them intelligent? It's going to be on data sets. They're not going to build a whole new data set. They're going to take it from somewhere that you as an organization. Yeah. So you need to think about what information is it learning from. And so technical controls, I think, are becoming mandatory now to try and deliver this stuff. Yeah, I agree. And I mean, compliance still matters, of course. You know, businesses, often when they think about security, they actually mean compliance, because compliance has teeth. Right. And there's a start and stop. Yeah. There's a framework you can get fined. They're like real end points, end states when it comes to compliance, where security is never done. It's always, it's ongoing. It's evolving. Same way like most of tech is. And so, OK, you know, maybe breaches happen. Maybe stock goes down. Maybe customer's angry. But next quarter, stock back up. Customer's happy. Everybody's forgiven. Next breach has already happened. And so there is this, and there's a direct correlation, too, of like the company gets breached, like their stock doesn't even drop that much anymore if they're a public company, unless it's like truly big. Yes. But even so, two quarters later. We're back. Back up. Yeah. So you have this, you know, yes, you still have to keep it in mind because there's certain, you know, regulatory things that each business has to do depending on what industry they're in. But there is always, you know, the top, the tip of the kind of iceberg on that front. So like, OK, you can still do a lot of things and security world under the name of compliance. But like, you can't just do just like the bare minimum of like, can we check the things like that won't fly eventually with auditors that will fly with customers? Yes. Yeah. Yes. Absolutely. The data is stolen. You can't say, well, we were EUIA, the worst of all. Yeah. Except for that, that part. Except for that little bit missing. OK. Interesting. So let's think about the audience that are potentially watching this. We're going to have people come from different backgrounds, different ages. We all age. I believe you mean it catches up with all of us. And there are people with different levels of understanding. Let's take it back. What is an agent? Let's try and decipher this one, because I know you've had conversations about it before and just trying to get to the nub of what actually is an agent. Yeah, I think this is really important, but a hard conversation to have. And it almost comes down to the fact of like, how can you define what an agent is not first? OK. And saying like, well, it's something that can't act on a set of instructions by itself or something that doesn't have access to perform a set of instructions or make outbound calls or make like web fetches or anything like that by itself. And you get a little bit more clear, OK, then I guess if anything can do that or any other thing can do that, well, then that's a form of an agent. So early on, they're saying like, well, an agent's only what you build, which large companies and tech companies build and that you use as opposed to, well, an agent could be just a set of an API call from a frontier model combined with much of other access and abilities to query internal data, query external data, make its own database, perform all these actions and have all this level of access. And that layout becomes very kind of heterogeneous across the world. So it's very hard to determine, like, what is one agent versus another? Like, there's some easy buckets you could say, like, oh, a coding agent, like cloud code or things like that. Like, OK, that's clearly a version of an agent. But what about the agent that's, you know, alongside your SaaS platform, like your Salesforce agent? Is that an agent? Well, yeah, it's a type of agent. And so there's like shades of agents that like 50 Shades of Agents is the book that somebody will write one day about the different types of agents and all the mischievous things they get up to. I dread to think what's in that book. Me too, actually. Nobody write that, please. Actually, they'll probably just have an agent write it. But I think, you know, helping organizations even understand that, like, hey, your exposure radius is probably way, way worse than you believe if you believe having unregistered agents or on agents you don't know about is a concern for you. Because it can potentially be, you know, a few things or very complex things together running constantly or running it on demand or running it when someone calls it to do something. So there's, I think we're still figuring out as an industry kind of what that is. And then where the technical guardrails go across that, because that's the only way we're going to be able to kind of wrap our heads around it. So, you know, most companies I've talked to now are still in that discovery phase. So, you know, what's out there? What's the known universe? And then how quickly is it changing? So do you think then that we have different levels of intelligent agents? I mean, I suppose the amount of autonomy you give them can sort of decipher how intelligent they can become or learn. But I guess you run the risk if you have an agent that isn't as intelligent as perhaps another one should, and you're giving it data that it shouldn't be learning on. I mean, how do you measure the level of intelligence that an agent can have? Well, I think it's hard to kind of measure that too. Just because, you know, ever since chat GPT and some of these earlier ones came out, they were already, you know, more intelligent than most humans, you know, combine. And so they're way past like, you know, having the world's knowledge and their availability. And this is just the publicly available LLM models, not to mention any of the more private models or like custom models people are making on their own or open source things. Um, and I think it really comes down to like, you know, what's, what's the kind of intended action or series of things you want this agent to be able to do? Um, is it meant to run by itself? Like meaning is in loops and achieve tasks. And is it meant to just monitor things and take action or is it meant to be kind of a kind of coding partner with you as well? Um, and yeah, I mean, data absolutely matters and always, and a lot of it comes down to cost. So I think early days of the people trying to figure out, you know, which agents, the right agents or which models, the right models comes down to cost. And that kind of backs into like, well, who's spending what, where, right. And how do we curb and, and control some of that as well, which is an important conversation to have. It's just like the early days of cloud where like, do you really need that, you know, 256 gig Ram server or what the eight one, eight gig Ram wouldn't work for your model. Then you can spin up and down when you want to set, you know, we're, we're having that moment for sure. When it comes to just AI in general, but especially agents, especially ones that can be left unconstrained and, and give you a very big bill at the end. Well, talking about constraints, I mean, we're very much talking at the moment from AI being built and developed within an enterprise with inside an organization. But obviously AI is available to everybody, including, you know, the various individuals and people who want to cause harm and havoc. Um, they have no guardrails, they have no compliance. They have to adhere to, um, and it's inevitable that there's, there's AI initiatives and agents out there now performing tasks that are desired to cause pain and destruction. Um, we are, um, I think a lot of organizations are starting to realize now I talk a lot about this, about, you know, we need to think about how we can use AI to defend ourselves really, because, you know, we've had many, many examples in the press recently, we're using Claude to hack into various things. I've read a guy who, uh, who used, I think, just, just, just the gen AI Claude prompting and managed to trick it to bypass guardrails to break into multiple Mexican government agencies. Did you see that? And then he tried to open up an account with open AI. And I think, um, Claude rung them and said, you need to block this guy. And they went, okay. And they stopped it. So guardrails can be bypassed if you want to. I mean, I think they all, they've all been bypassed now. Um, so this is, this is where I think we really should start to, you know, probably lose a little bit of sleep about how do we, how do we as a constrained part of society in terms of trying to deliver this in a safe way, deal with that part of the world that don't have the constraints. And then you talked about the cost associated with it. Well, if we're talking about, you know, rogue nations and ABTs, they're going to be potentially government backed. And there's endless amounts of, of, of, of money available to perform these tasks. If there's going to be a very successful end game. So, um, yeah, we talk about, it's been spoken about before, but we're in a situation now where it is robots versus robots. Yeah. That's how we should be looking at it, I guess. Yeah. I think, I think that's kind of like a good framing to think about it too. And I'm always reminded of, um, like someone made a meme a couple of years ago about how like the defenders are mad that the attackers didn't follow their framework and stay within their guidelines. Like, oh, you didn't, you didn't do this like we were supposed to. Like we have a whole framework around this. You didn't follow it. Um, and that's, this, this is just that now multiplied by, you know, 100 X. And so, no, I agree. I mean, it's an incredible time to be able to be using these tools to see what you can do and automate it. And just, there's always been a human kind of bottleneck constraint and security in general, just the ability to either understand process and just like make sense of these, uh, any of lock data and then try to answer that one question. Like, are we impacted? Uh, if so, how much and how bad, and, you know, how deep does it go? And so now we, there's, um, you know, a lot of companies and just a lot of people who are just putting an effort into figuring these things out and how to automate and use AI tools to either continuously look for things or continuously improve things. I mean, I think it's incredible. And, and yeah, if you're not thinking about that and you're in your IT or cyber program, like you're, you have a huge mess. And there's so much you can do with, with enterprise companies and like with the models directly yourselves. And I think you should be using both as much as possible. Well, that's interesting. I mean, I've, I've 30 years working cyber is all I've ever done. And we've always been playing catch up. I mean, that's, that's what's driven, you know, the world of security, not just cyber, but physical and all sorts of security. We're constantly there finding new ways to, you know, bypass whatever we put in place. And, and I guess recently I was sort of thinking that, that, that, that playing catch up is, is there's so far ahead now that we just don't stand a chance, but you're saying that, you know, perhaps we stand a possibility now of actually playing on a level playing field somewhat. If we can start to be, you know, adopt it in, in, in a way that, that, that they have in to be able to defend ourselves, then are you telling me that we stand a chance? Uh, I mean, I'm an optimist, so yeah, I think so. I think we're a long ways from that, uh, collectively. I think, uh, you know, it, it kind of goes back to the, the ability to use it early on and the ability of companies to support kind of the, the forward leaning concepts of using it to do things that humans, uh, did manually or that we just knew at all. Yeah. So it's going to require kind of a lot of things to go right for a lot of companies to really take advantage of it. And it goes back to some of these companies will be a lot better off than others, uh, just based on their business model or things like that. There will always, you know, mostly be, uh, you know, weak links, no matter, no matter where you are. And, um, you know, the, even the spree of breaches in the UK have been largely just humans compromising other humans and not, you know, not doing some untold, you know, 30 year old vulnerability. And so, and that's still the way a lot of cyber works. There are ways, um, you know, we can help on some of the technical side, but there's, you know, we still have to consider, you know, what, what will still be true, even, even with all the money we spend in tech and all and cyber and, uh, on both sides. And so, uh, so I'm still optimistic that many of the problems will go away, but I think we'll still have some core ones that become, you know, brighter as we, as we can preempt attacks. Then if we start to use AI. Yeah. I think you read, look, there are, there are some companies who are doing kind of like preemptive, uh, takedown defensive, like fishing, you know, uh, infrastructure and things like that, which I think it's great. You know, the ISPs and like the big companies are like cloud providers are doing a lot of that. And I think that'll only increase, um, you know, of course we're always dealing with, um, kind of irrational actors at this point who, and we don't know what they'll, they'll do next. And we're always playing catch up. And, um, so, um, there will have to be a lot of an adjustment, but hopefully the cycle time between the defender's adjustments and the attacker's adjustments, like shortcomes or shortcuts very, very quickly. Um, whereas it may take, you know, months or years for us to catch up on the defender side for some of these things. Um, but I think it's possible. Okay. But do you think that we'll always need the human in the loop? I think the human will change like where they sit, what they do and all that. And then I do think there'll be States of the world where there won't be, uh, needed in that more. And I don't think that's necessarily a bad thing. And I'm not even talking about job loss or destruction or anything like that, but just more things that are much more suited for, you know, you know, connectivity and around system to system or, uh, AI to AI are, you know, are going to be probably a lot more common on some things. Yeah. Yes. Okay. The elephant in the room situation is that, um, we are dealing with vulnerabilities. There's somewhat thrust upon us. You know, we, we adopt these operating systems. We adopt these cloud infrastructures, these SAS applications. And so we are reliant on these big organizations and these people that provide this, um, to patch and, you know, in, in, in this, in this world now of just how fast things are developing and being found out, should we be pressurizing them and expecting them to move that much faster? And let's not wait three, four months or the mid year patch cycle to come around to fix this stuff now. Yeah. I think this is a really interesting concept too, because it's, it's also the open source community as well. Okay. Tend to move a bit quicker though, don't they? They can, but it's funny. You see, you know, even, um, some of the more, like even open call before it was acquired by Anthropic was like, well, Hey, I didn't make it this way. So stop sending me bug reports. Yeah. And it was just a, I don't want to deal with this. This is not their thing. And then, you know, that is even aside from like large companies who have kind of a bigger responsibility and like financial incentive to do it too. But yeah, I think the, all the bottlenecks should be able to be shortened at least at this point. Uh, but it's, it's an interesting, you know, fact that, you know, since most of the code now is being written by AI assisted, uh, coding agents, they're the ones creating the vulnerabilities now because they've been trained on vulnerable code of them. Well, if they've been, if their entire corpus of training is based on vulnerable code that we've had for X amount of years, like it's hard to, it's hard to generate it. And I think, yes, we still need to be able to produce these patches and maybe to go quicker. And like, I would expect more, almost like a continuous release kind of cycle on some of these things. Um, I think we'll find a lot more like kind of devastating level, uh, Hey, you got to replace this entire device kind of thing. Um, um, or like, you know, Hey, I'm sorry, user, you have 20 reboots today from all the patches you have. Right. There's going to be a better way to kind of get around that, I think. So we need a very agile change control committee. I think so. Yeah. Super agile, but then also just like just much quicker to release to, to value this because it just can't sit there for so long because now once it's known, like it's, it's no longer zero day, like it's, it is now discovered and available. Yes. And we do have choices. You know, we have choices of hyperscalers. We have choices of data lakes. I suppose it's those are the ones that are going to come out on top that are showing that they are being agile and developing and fixing these batches now. And they don't have to sit on there on the, on, you know, and, and wait, but we've got to wait a month. We get it in a month. Exactly. Yeah. It's table stakes. I think more so now than, than it ever was. And I'm not just saying that as a security person, I think like it has to be that way now to do business at all. And it sort of moves on to this, this, this, this thing that happened recently with, with, with Mythos, obviously Mythos came out and, and Claude came out and said, you know, anthropic, I think, wasn't it? We have Mythos, it's a language model. It's, it's finding every risk and every vulnerability out there almost instantaneously. I know you had some comments about this where the weather is a little bit of a hype. I know some people have looked at it, but it's inevitable that, that, that, that we're going to have AI to be able to find these vulnerabilities in, in, in, in almost instantaneously. And then we have, we, you know, we talked about zero day. It's, I think that's, I think those days have gone up. Now it's zero hour, zero minute, instant, instant, you know, committing a vulnerability that's been found. But yeah, the Mythos stuff is really trying a bit of a cat amongst the pigeons, hasn't it? We're up against it now. Yeah. I think it was interesting the way it's been enrolled out. I mean, I think it's a little bit of marketing hype, a little bit of clever language. But I think it was, it is kind of the most responsible, they could have disclosed some of these things and working with Project Glasswing and getting some companies involved. I think it's a step, but it's also, if, if, you know, if anyone's been paying attention in the AI world, like the capabilities just get replicated by another lab within, you know, a week or so, and it's already happened. And, you know, the community's already rallied around, Hey, there's lots of open source models that can do the exact same thing. It's a matter about intention. It's a matter about time. It's a matter of focus. You could argue that nation States have all of the above for whatever target they want. Of course, not everybody's a nation state target, at least they weren't. So who knows how that calculus changes. But, you know, I think it's, it's, uh, it just showed, uh, shown a really big light on the fact that, um, a lot of people don't realize that the finding the vulnerabilities has never been like the top, the most challenging part. It's the, it's the concept of fixing it and people's and priorities and business, uh, value around whether or not they even engage in that activity at all, let alone, um, like discover it. So it's, um, yeah. Okay. Now the, so the backlog might be 10 million vulnerabilities today. It'll be a hundred million tomorrow. And I don't know how much that changes in actual businesses, day-to-day operations on some of these things. Um, especially when all businesses, then the, the, the tide kind of rises all of them up. And then we all have billions of vulnerabilities in our backlog that are untenable and on unfixable. Um, so I don't think it'll, you know, and you can see already in the public markets kind of responses, like stock market freaked out every time anthropic mentioned something about security. Uh, but then the bounce back time has gotten shorter each time. They release a new thing like, oh, well, yeah, everyone's kind of doing this. So this is not that big a deal. Um, or it's not, maybe it's not as hyped up as we thought it was. And this is kind of the first, I would say pushback from within the thoughts that the security community was kind of saying, this doesn't feel right exactly. And also this is a bit of a overhyped around how security works and how incentives work in companies. Um, but at least people are paying more attention now. And I think that's probably a good, a good, uh, overall picture is that people are paying more attention, but now it's still the same, the same bottleneck of like, yeah, but what do you do with it? And, uh, is it worth doing something with at all? I think as, as another big piece. Um, um, and then you remove kind of like, just like enterprise companies and like, maybe like large companies that don't have any ties into critical national infrastructure. Um, you know, okay. That's one group, one group, large group of companies, but what about the ones that can't do anything about these vulnerabilities for either because they have public funding from grants or they have limited people or the manufacturers who make the physical components can't do anything about it. Like that's, that's where they're going to target. Not, not like a, you know, a hundred, um, different, uh, Linux distributions or things like that. Like, so it's, it is, it does, it does kind of shine like, Hey, this is still, it's like well-intentioned, but just not the right focus for, um, probably the greater societal risk. Yeah. Well, maybe, I mean, is there a possibility we could start to close the gap on some of these vulnerabilities? Someone was talking to me recently about you compare the world of cyber with maybe the airline industry and, and, and the amount of vulnerabilities and risks and issues that they find within, you know, planes and, and, and is that they are fixed. They have to be fixed because obviously there's a knock on effect. And so the gap get closed very, very quickly, but in the cyber world, there's a lot of risk acceptance. There's a lot of like, you know, like you say, there's things that we can't do. And, but maybe we could start to close that gap a little bit, or maybe do we just say to the point that, well, we'll be constantly chasing our tails. So why, why even try and fix them? And that's just have a level of intelligence from an AI perspective, just constantly checking and making sure that no one is trying to abuse or, or, or, or, you know, try and compromise these vulnerabilities. Yeah. I think there'll be that. And I also think it'll, it'll actually make us make a lot more sense of what the backlog actually should be and what the priority should be. I think that's a great application of AI with security. It's like, okay, you maybe have 10 million, but only 20 of them actually matter because these are the ones that actually are customer facing or internet facing or things like that, that don't, they have remote code execution and can be exploited now. Like those are the ones to focus on now. The rest of them, they have other controls or too many other things have to be true, which means game over already if they get this far. Yes. So I think it's incredible. It'll be incredibly useful at doing things like that. And then it'll help us focus. Like it's, it's fun to say that like, oh, we need more data to focus. But that's, that's basically what AI will help. I think security community do at large. Yeah. Yeah. I'm looking for the next innovation of AI honeypots. That's what I was thinking about recently. We have honeypots and I think, you know, they probably serve a purpose. They're like, how effective they are nowadays. But that sounds like a great initiative, doesn't it? To have an AI honeypot that's just sitting there waiting for some, you know, agentic framework to come along and I can trick it into thinking that I'm a real. Yeah. A real system. And that would be a, you know, I think that's another level we should be thinking about. No, I agree. I think I've heard the term AI labyrinth as well. Send it down a bunch of different routes, make a bunch of tokens, a bunch of time, a bunch of think it's getting far and only to realize it's not. It's costing them money as well, of course. Yeah. Right. Because it's, you know, it comes down to financial incentives all around. Yeah. Defenders and attackers. So if you can make it financially untenable, then that's, I think, the goal for a lot of, and that's a lot of security leaders. I know, like, think about it in terms of that. Like, how do we make ourselves like more expensive to attack than the next person? Right. Or the next company? You know, I don't know that it always works, but like, it's an interesting kind of mental framework for saying, how do I, how do I apply, like, or exhaust their resources such that it's not worth it to that effect. So. Yes. We'll see how that, how that goes. So this has been interesting because we've sort of, we sort of talked about that enterprise side of it. And then we talked about, obviously, the, the, the, the threat side of it. And I was reading something recently that I think you wrote around, there's, there's, there's security for AI and there's AI for security. I think it touches on both of them, really. And I think I remember, if I recall, security for AI, it's just security. Yeah. It's just another thing that we have to secure. But AI for security is where we should be thinking about how we can start to expect big, big changes and start to really embrace that stuff as well. Yeah. And, and, you know, when I was looking at that, I kind of track a bunch of data with return on security and I look at where the money's being invested and who's being acquired and things like that. And, you know, I think when AI first came on the scene in the world, people were like, okay, we have to secure the chat agents. Like that's, that's all AI was to the, to the general public. And like, oh, we have to secure these things and make sure that they're, don't give up their secrets and don't give up their models and don't, they're like system prompts and things like that, that people can steal it. And then I think the industry quickly realized, well, there's only so many companies who will buy these things. And actually there's in a gigantic market of just using AI to accelerate existing security things. Right. And you can see the data kind of shifting towards that to the point where now, you know, it's hard to do anything in technology that you don't have some component of either using AI or like it's part of the product or part of some, some downstream process, um, such that it's not even a differentiator anymore. And that was kind of the intent of the piece to say like, Hey, it's like saying you're a cloud company today. Like, well, of course you are. If you're a tech company, of course you use water, all the clouds, right? That's not, it's no longer a novel selling point. Like you're just doing it perhaps in a more efficient way and delivering it. But that doesn't mean that alone is not a selling point, but it was, it was an early kind of investor like selling point and signal. Right. And I think they realized that, that, you know, people started realizing, Oh, that I kind of care less about how you deliver and I care more about what you deliver and like the outcome it gets me. Yes. AI or not, it doesn't really matter. It's the outcome I want. And it goes back to the fundamentals again, doesn't it really? I mean, we know security for AI is just security. I completely agree with you, but, but really we've, we've, we've got to address the fundamentals. We've got to try and get a grip on, on the data, the identity, and just bridging the data and the identity piece and having control of it and having that just in time access that you should be implementing. It would solve so many, so many problems, wouldn't it? But it is a, it is a mammoth job, particularly now in the world where we're expected to put data everywhere all the time and it'd be continuously available. And there's a new SaaS application and it's going to generate a whole set of revaluable information and a whole new set of configurations we've got to understand to make sure that that's protected. And we are somewhat chasing our tails on this, but I mean, I've been, I've been talking about this now for the last dozen years, just, you know, we, we, we've got to get grip on, on data and identity. And for over a decade talking about it, what's been interesting in the last couple of years is I go and see clients now and they sit there and they tell me how important it is to secure the data and the identity. And I'm like, yeah, I know. Yeah. Here we are, full circle again. Here's another tailwind to try and get that, that, that, that sorted out. I hope it gets addressed. I'm optimistic that it will. I mean, I think the ability, one of the coolest things I think I've seen, I've talked to a lot of early stage companies as well, is that we can do things that like just simply weren't possible, you know, a couple of years ago. Now companies are now have, can have real ideas that can solve real problems that were just technically impossible to stitch together, or like you couldn't hire enough humans to do this. Right. So that's really exciting because, you know, it's identity and data are, and the network are all an everything problem, right? It's hard to do anything without an identity. It's hard to do something without data. It's hard to do something not on the net, on a network of sorts, right? And so, but those are also many different shapes and sizes across, even within the same company of how that works. And so it's really hard to kind of tie all those desperate things together. And now it's super exciting to see how it's, what's possible now that even like a year ago was not impossible. So I'm just personally always optimistic about this stuff just because I see a lot of really like optimistic startups. Right. So I'm excited for it personally. And I think a lot of people are as well. Excellent. Great. Okay. Well, listen, thank you so much, Mike. This has been a fascinating conversation. I could talk about this stuff all day and my kids are sick of it, but you know, it's just nice to have a conversation, try and explore some of this stuff. So thank you very much for your time today. Thank you very much for having me. Brilliant. Thanks.

TL;DR

  • Only an estimated three percent of enterprise data is currently being fed into AI models, reflecting deep security caution — but this severely limits AI's potential value and creates a strategic paradox organizations must resolve.
  • Deploying AI tools like Copilot functions as an unplanned penetration test, immediately surfacing data access and identity governance failures that organizations did not know existed in their environments.
  • Autonomous AI agents are increasingly communicating with each other to fulfill tasks, producing non-deterministic, emergent behavior that expands the blast radius of data exposure far beyond what security teams have mapped or authorized.
  • Adversarial actors — including nation-states with unlimited budgets — face no guardrails and are already using AI offensively, making an AI-versus-AI defensive posture not optional but necessary for enterprise security programs.
  • The strategic distinction between 'security for AI' and 'AI for security' is critical: the former is simply standard security applied to a new asset class, while the latter represents a transformative opportunity to scale and accelerate defensive capabilities.
  • Data and identity governance remain the foundational unsolved problems; AI has not changed what needs to be fixed, but it has made the consequences of not fixing it dramatically more visible and urgent.

The AI Paradox: Power Versus Risk

This conversation between Mike Privette of Return on Security and Varonis's Matt Lock opens with a frank assessment of where enterprises actually stand on AI adoption. Drawing on a recent CISO roundtable spanning 22 European security leaders, Lock observes that maturity varies wildly — from organizations running fully autonomous agentic pipelines integrated with internal databases to teams that have simply enabled Microsoft Copilot. The central tension the two identify is what they call the AI paradox: the more data an organization feeds into AI systems, the more intelligent and valuable those systems become, yet the more risk is introduced. Estimates suggest only around three percent of enterprise data is currently being ingested into AI models, a figure that reflects not technical limitation but security caution. Privette frames AI deployment as an "unexpected pen test" — the moment organizations connect a copilot or LLM to their environment, they immediately surface data access problems and identity gaps that were previously invisible. The uncomfortable conclusion: AI has made it undeniably clear that most organizations are simply not good at securing or managing their data.

Autonomous Agents and the Expanding Blast Radius

The discussion moves into the nature of AI agents and why they represent a qualitatively different security challenge. Privette argues that defining an agent is easier by exclusion — anything that can act on instructions independently, make outbound calls, query internal or external data, and chain actions together qualifies. The problem is that this definition encompasses everything from a Salesforce embedded assistant to a custom-built multi-agent pipeline, creating enormous heterogeneity in what organizations must govern. Lock highlights a pattern emerging among more mature AI adopters: agents originally scoped to a single task are beginning to communicate with other agents to fulfill requests they cannot answer alone, producing emergent, non-deterministic behavior that no one explicitly designed or authorized. Privette draws a pointed analogy — an AI agent with broad data access resembles a super-admin account operating without the usual human accountability constraints. The blast radius of what an unconstrained agent can access, correlate, and act upon is largely unknown to most organizations, and most are still in a discovery phase simply trying to map what agents exist in their environment.

Robots Versus Robots: The Adversarial AI Landscape

Both speakers agree that the adversarial use of AI is no longer theoretical. Threat actors — including nation-state groups with effectively unlimited budgets — face none of the compliance, governance, or ethical guardrails that constrain enterprise AI deployments. Privette notes that every AI guardrail implemented to date has been bypassed, citing public examples of Claude being used to compromise government systems. The framing both speakers settle on is "robots versus robots" — defenders must use AI at scale to counter attackers who are already automating reconnaissance, exploitation, and lateral movement. Privette draws a sharp distinction between "security for AI" (securing AI systems themselves, which is ultimately just security) and "AI for security" (using AI to accelerate and scale defensive capabilities), arguing the latter is where the real strategic opportunity lies. Practical applications discussed include AI-driven vulnerability prioritization — reducing a backlog of millions of findings to the handful that are actually internet-facing, exploitable, and critical — and the concept of AI honeypots or "AI labyrinths" designed to waste attacker compute and financial resources. The conversation closes on a note of cautious optimism: data, identity, and network security remain the foundational problems they have always been, but AI now makes solutions technically feasible that simply could not have been built even a year ago.

Fundamentals Still Matter: Data and Identity at the Core

Despite the novelty of the AI threat landscape, both speakers return repeatedly to a conclusion that Lock says he has been making for over a decade: the root problem is data and identity governance. AI has not created new categories of risk so much as it has dramatically amplified and exposed existing failures — overpermissioned identities, ungoverned data sprawl, and the absence of just-in-time access controls. What has changed is urgency. Lock notes that clients who once nodded politely at data security recommendations are now actively seeking help, driven by board pressure and the visible consequences of deploying AI on top of an ungoverned data estate. Privette adds that investment patterns in the security market reflect this shift — early AI security spending focused on protecting LLM systems themselves, but capital is now flowing toward AI-accelerated solutions for existing security problems. The implication for practitioners is clear: organizations that want to unlock the value of AI must first address the data and identity hygiene that AI deployment immediately exposes. Governance frameworks and compliance checkboxes are insufficient; the underlying data estate must be understood, classified, and controlled before AI can be deployed safely at scale.

Chapters

0:00 - AI Everywhere, All at Once
0:26 - Where Organizations Actually Stand
3:09 - The AI Paradox: Value vs. Risk
4:31 - AI as an Unexpected Pen Test
6:26 - Agents, Autonomy, and Blast Radius
17:44 - Attackers Have AI Too
24:25 - Robots vs. Robots
38:16 - Security for AI vs. AI for Security
40:30 - Data and Identity: The Fundamentals
42:49 - Closing Thoughts

Key Quotes

4:33 "I've heard it referred to as an unexpected pen test when you go and deploy these features just because you give it a certain level of access to go and see across things."
5:55 "AI has made us realize that we're just terrible at securing and managing data."
7:11 "What is the blast radius of what it can access? And it's never — we've never come across a construct like this yet where other than perhaps like a super admin kind of level person having the ability to kind of go and do all these things really without any kind of consequences."
24:25 "We are in a situation now where it is robots versus robots. That's how we should be looking at it."
38:47 "Security for AI, it's just security. It's just another thing that we have to secure. But AI for security is where we should be thinking about how we can start to expect big, big changes and start to really embrace that stuff as well."
40:43 "We've got to address the fundamentals. We've got to try and get a grip on the data, the identity, and just bridging the data and the identity piece and having control of it and having that just in time access that you should be implementing. It would solve so many, so many problems."

FAQ

What is the AI paradox in enterprise security?

The AI paradox refers to the tension between value and risk in AI adoption: the more data an organization feeds into AI systems, the more intelligent and useful those systems become, but the more security risk is introduced. Currently, organizations are so cautious about data exposure that only around three percent of enterprise data is being used to train or inform AI models, severely limiting AI's potential while the underlying data governance problems remain unresolved.

Why are AI agents considered a unique security challenge compared to traditional software?

Unlike traditional software with deterministic, predictable behavior, AI agents can act autonomously, chain tasks together, query internal and external data sources, and communicate with other agents to fulfill requests — all without explicit human authorization for each action. This non-deterministic behavior means the blast radius of what an agent can access or expose is difficult to constrain, and most organizations are still in a discovery phase simply trying to identify what agents are running in their environment.

What is the difference between 'security for AI' and 'AI for security'?

Security for AI refers to securing AI systems themselves — protecting LLM models, system prompts, and agent pipelines from attack or misuse. This is ultimately just standard security applied to a new asset class. AI for security, by contrast, means using AI capabilities to accelerate and scale defensive operations — for example, using AI to prioritize vulnerability backlogs, detect anomalous behavior, or automate threat hunting. The speakers argue the latter is where the transformative opportunity lies for security programs.


Categories:
  • » Webinar Library » Varonis
  • » Data Protection » Backup & Recovery
  • » Cybersecurity » Data Security
  • » AI & Machine Learning
  • » Data Protection
Channels:
News:
Events:
Tags:
  • AI & Machine Learning
  • Data Protection
  • Identity & Access
  • Security Operations
  • Threat Intelligence
  • Thought Leadership
  • Executive Briefing
  • AI security
  • Data governance
  • Identity and access management
  • Autonomous AI agents
  • Threat landscape
  • AI adoption risk
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Netskope: AI's Biggest Security Problem: Data, Identity & Agents

              XStreaminars (watch here)

              • Jul
                28

                Illumio + Netskope: Zero Trust in the Age of AI Autonomy

                07/28/202601:00 PM ET
                • Jul
                  29

                  Ask Your Cloud Anything: Unlocking Governance Silos in your Environments

                  07/29/202601:00 PM ET
                  More events

                  Industry Events (watch there)

                  • Jul
                    14

                    Crafting a Championship-Caliber Security Team for Lasting Defense

                    07/14/202601:00 PM ET
                    • Jul
                      14

                      Understanding the Crucial Role of Context in Safeguarding AI-Accessible Data

                      07/14/202602:00 PM ET
                      • Jul
                        22

                        Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue

                        07/22/202601:00 PM ET
                        More events

                        Upcoming Webinar Calendar

                        • 07/14/2026
                          01:00 PM
                          07/14/2026
                          Crafting a Championship-Caliber Security Team for Lasting Defense
                          https://www.truthinit.com/index.php/channel/2025/crafting-a-championship-caliber-security-team-for-lasting-defense/
                        • 07/14/2026
                          02:00 PM
                          07/14/2026
                          Understanding the Crucial Role of Context in Safeguarding AI-Accessible Data
                          https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-safeguarding-ai-accessible-data/
                        • 07/21/2026
                          04:00 AM
                          07/21/2026
                          Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                          https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
                        • 07/22/2026
                          06:30 AM
                          07/22/2026
                          Insights and Strategies in Data Protection and Privacy Management
                          https://www.truthinit.com/index.php/channel/2000/insights-and-strategies-in-data-protection-and-privacy-management/
                        • 07/22/2026
                          01:00 PM
                          07/22/2026
                          Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue
                          https://www.truthinit.com/index.php/channel/2029/insights-from-attackers-during-the-fifa-world-cup-a-human-dialogue/
                        • 07/28/2026
                          01:00 PM
                          07/28/2026
                          Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                          https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
                        • 07/29/2026
                          04:00 AM
                          07/29/2026
                          Real-Time Strategies for Safeguarding Against Prompt Injections
                          https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
                        • 07/29/2026
                          01:00 PM
                          07/29/2026
                          Ask Your Cloud Anything: Unlocking Governance Silos in your Environments
                          https://www.truthinit.com/index.php/channel/2048/ask-your-cloud-anything-unlocking-governance-silos-in-your-environments/
                        • 08/19/2026
                          12:00 PM
                          08/19/2026
                          Becoming Agent Ready: Insights from Cyera's Expertise
                          https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
                        • 09/02/2026
                          12:00 PM
                          09/02/2026
                          Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                          https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
                        • 09/30/2026
                          04:00 AM
                          09/30/2026
                          AI Command Center: Optimizing Visibility and Control in Your Operations
                          https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version