In this episode of AI for Business Owners, host Jeff Torello sits down with cybersecurity veteran Peter Holcomb, founder and CEO of Optimo IT. With decades of experience across IT, sales, engineering, and CISO leadership, Peter brings a rare blend of business and deep tech knowledge to the conversation. Together, they explore the evolving challenges of securing AI systems, the importance of AI governance, and how to build trust into AI-powered architectures from the ground up.

Jeff and Peter break down the real-world security risks posed by autonomous agents, multi-agent systems, and large language models (LLMs). They also share practical advice for business owners on designing secure AI applications, implementing access controls like OAuth and RBAC, and how to use observability tools to improve AI performance and mitigate risk.

This episode is packed with valuable insights for SMBs looking to build or adopt AI technology in a secure, scalable, and forward-thinking way.

Key Takeaways

• Why Governance Comes First: AI projects must begin with governance and compliance frameworks, not just security tools.

• Risks of Agentic AI and Tools: The rise of agent-based systems and skills introduces new threat vectors like injection and impersonation attacks.

• Prompt Injection Explained: Learn the difference between direct and indirect prompt injection, and how real-world attacks can trick AIs.

• OAuth + RBAC for AI Tools: How identity and role-based controls help prevent AI systems from accessing the wrong data.

• AI Observability as a Must-Have: Why logs, metrics, and traceability are essential to managing and improving AI applications.

Noteworthy Quotes

• "We need to shift left, bake security into AI from the very beginning, not bolt it on later." – Peter Holcomb

• "Observability is the foundation of AI governance. You can't secure what you can't measure." – Peter Holcomb

• "Prompt injection is just a new version of old school exploits, same risks, new names." – Jeff Torello

• "LLMs are always trying to say yes. Security problems arise when they don't know when to say no." – Jeff Torello

Key Timestamps

[00:00] - Introduction to the AI for Business Owners podcast & guest Peter Holcomb

[02:35] - Peter's 20-year journey from sales to becoming a CISO and entrepreneur

[09:01] - Starting with governance: The foundation of secure AI systems

[15:35] - Tool calls, MCP servers, and how identity complicates agentic AI

[20:26] - Claude's "skills" and why arbitrary code execution is a security nightmare

[26:22] - Prompt injection explained: examples and real-world attack vectors

[31:36] - AI observability: Using logs and metrics to monitor and secure LLMs

[33:13] - Peter's wish: AI-powered sales with human psychology and real interaction

[40:58] - Final thoughts, LLM-SEO, the future of advertising, and AI agents as the new gatekeepers

FOLLOW OUR GUEST PETER HOLCOMB

• Peter's LinkedIn: https://www.linkedin.com/in/pholcomb8/

• Optimo IT LinkedIn: https://www.linkedin.com/company/optimo-it/

• Optimo IT Website: https://www.optimoit.io/

FOLLOW OUR HOST JEFF TORELLO ON:

• LinkedIn: https://www.linkedin.com/in/jtorello/

• Website: https://sinjun.ai/

FOLLOW SINJUN AI ON:

• LinkedIn: https://www.linkedin.com/company/sinjunai/

• Website: https://sinjun.ai/

• X (Twitter): https://x.com/sinjunai

• Instagram: https://www.instagram.com/sinjun.ai/

• Facebook: https://www.facebook.com/Sinjun-AI/

• YouTube: https://www.youtube.com/@SinjunAI

FOLLOW AI FOR BUSINESS OWNERS PODCAST ON:

• Spotify: https://open.spotify.com/show/3yi0lfb6ZtSuqRvKh6a2e1?si=88f9e649d1f546c8

• YouTube: https://www.youtube.com/@AIforBizOwners

• Apple Podcast: https://podcasts.apple.com/gb/podcast/ai-for-business-owners/id1823255627