Sign up to save your podcasts
Or
Share AI Security Is Just as vague as "Cloud Security", but With Sparkle Emojis
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
AI Security Is Just as vague as "Cloud Security", but With Sparkle Emojis
Amber Bennoui calls it like she sees it: most of what gets sold as "AI security" is just cloud security with sparkle emojis on it.
She's co-founder of AISECA, a veteran product leader, and a more honest voices in a space that isn't exactly famous for honesty right now.
We sat down with her fresh off RSA, and the conversation got very real:
The real AI risk isn't the sci-fi scenario. It's the DevOps engineer at a 900-person company arguing they should be able to send commands via a remote control feature, with three security people in the building who don't even know the conversation is happening. It's the tools already embedded in software your finance and HR teams use every day, making decisions nobody gave explicit permission for.
Amber's argument is simple and uncomfortable: most organizations have a discoverability problem they haven't solved yet, and vendors are selling dashboards to people who don't even know what's running in their own house. That's not security. That's theater.
We also got into what it actually takes to build something vendor-agnostic and practitioner-led when the companies with the biggest budgets are also the ones racing to define what AI security means. And whether the tension between speed and safety is even something security teams get to resolve — or whether that decision has already been made for them.
Mentioned:
- MIT Paper, "Sycophantic Chatbots Cause Delusional Spiraling, Even in Ideal Bayesians"
View all episodes
By BKBT Productions
5
1010 ratings
Amber Bennoui calls it like she sees it: most of what gets sold as "AI security" is just cloud security with sparkle emojis on it.
She's co-founder of AISECA, a veteran product leader, and a more honest voices in a space that isn't exactly famous for honesty right now.
We sat down with her fresh off RSA, and the conversation got very real:
The real AI risk isn't the sci-fi scenario. It's the DevOps engineer at a 900-person company arguing they should be able to send commands via a remote control feature, with three security people in the building who don't even know the conversation is happening. It's the tools already embedded in software your finance and HR teams use every day, making decisions nobody gave explicit permission for.
Amber's argument is simple and uncomfortable: most organizations have a discoverability problem they haven't solved yet, and vendors are selling dashboards to people who don't even know what's running in their own house. That's not security. That's theater.
We also got into what it actually takes to build something vendor-agnostic and practitioner-led when the companies with the biggest budgets are also the ones racing to define what AI security means. And whether the tension between speed and safety is even something security teams get to resolve — or whether that decision has already been made for them.
Mentioned:
- MIT Paper, "Sycophantic Chatbots Cause Delusional Spiraling, Even in Ideal Bayesians"