Sign up to save your podcasts
Or
Share Not All Agents Are Created Equal featuring Brian Fricke
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Not All Agents Are Created Equal featuring Brian Fricke
Breakout time has collapsed from 285 minutes to 17 seconds. Attackers are running orchestration agents around the clock while defenders are still scheduling a meeting about it.
Brian Fricke, CISO at AutoNation, has done something rare. He's built security programs from the ground up four times across the military, government, and heavily regulated financial institutions. He joins Nate and Lior, live from RSAC, to break down the governance mistake almost every organization is making with AI agents right now, and what a risk-tiered framework actually looks like in practice.
Impactful Moments:
00:00 – Introduction
01:00 – Brian's background: four programs built from scratch
05:10 – Why bad guys don't have a human-in-the-loop problem
08:00 – How to structure an information security program: the full framework
11:50 – Not everything needs AI: the case for deterministic automation
15:00 – The four agent types and why risk tiering matters for governance
19:00 – Why vendors should start agents in read-only mode and earn trust
20:50 – People on the loop, not in the loop
30:00 – Attackers are running at machine speed, defenders are running at meeting speed
33:00 – The inflection point: finding attacks no other tool caught
38:40 – Unpopular opinion: CISOs would make the best CIOs
41:00 – What security teams look like in the future: upscaling with the next agents
Interested in being a guest or want to recommend someone? Reach out to us at [email protected]
View all episodes
By 7AIBreakout time has collapsed from 285 minutes to 17 seconds. Attackers are running orchestration agents around the clock while defenders are still scheduling a meeting about it.
Brian Fricke, CISO at AutoNation, has done something rare. He's built security programs from the ground up four times across the military, government, and heavily regulated financial institutions. He joins Nate and Lior, live from RSAC, to break down the governance mistake almost every organization is making with AI agents right now, and what a risk-tiered framework actually looks like in practice.
Impactful Moments:
00:00 – Introduction
01:00 – Brian's background: four programs built from scratch
05:10 – Why bad guys don't have a human-in-the-loop problem
08:00 – How to structure an information security program: the full framework
11:50 – Not everything needs AI: the case for deterministic automation
15:00 – The four agent types and why risk tiering matters for governance
19:00 – Why vendors should start agents in read-only mode and earn trust
20:50 – People on the loop, not in the loop
30:00 – Attackers are running at machine speed, defenders are running at meeting speed
33:00 – The inflection point: finding attacks no other tool caught
38:40 – Unpopular opinion: CISOs would make the best CIOs
41:00 – What security teams look like in the future: upscaling with the next agents
Interested in being a guest or want to recommend someone? Reach out to us at [email protected]