Sign up to save your podcasts
Or
Share Securing AI at the Speed of Engineering | DoorDash | Forward Deployed Security | GRC Engineering
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Securing AI at the Speed of Engineering | DoorDash | Forward Deployed Security | GRC Engineering
Is your security team moving at the speed of your engineering team? In this special live recording of the AI Security Podcast from San Francisco, Ashish is joined by Nick Reva (Global Director, Engineering Security, DoorDash) and Shivani Doke to tackle the two most critical conversations in AI right now: Proactive Offensive Security and the evolution of GRC .
In the first half, Nick explains why traditional AppSec teams fail to keep up with AI development, and shares his strategy for building "Forward Deployed" tiger teams that embed directly with product engineers . Nick also coins the term "Claude Kiddie", a new breed of script kiddies using AI to generate sophisticated bug bounty reports and argue with triage administrators .
In the second half, Shivani defines the emerging role of the "GRC Engineer." As AI compresses the software development lifecycle and introduces complex third-party (and fourth-party) risks, static PDF policies and manual compliance screenshots are dead . Learn how GRC is shifting left, embedding guardrails directly into CI/CD pipelines, and eventually using AI agents to automate the bane of every compliance officer's existence: evidence collection.
Questions asked:
(00:00) Introduction: Live from San Francisco (04:00) Audience Story: How an AI Agent Exfiltrated Data via a Vibe-Coded App (06:50) Meet Nick Reva: Securing DoorDash at Silicon Beach (08:30) "Shift Far Left": Embedding Tiger Teams in AI Development (09:30) Using PromptFoo for Automated Prompt Injection Testing (11:30) Why Security Must Operate at the Speed of Engineering (12:30) The Netflix Model: Forward Deployed Security Engineers (15:30) AI-Enabled Threat Modeling and PR Reviews (19:30) Build vs. Buy: Why Speed Matters More Than Money in AI Security (24:30) The Rise of the "Claude Kiddie" in Bug Bounties (30:30) Who Owns AI Risk in the Enterprise? (Business vs. Security) (37:00) Meet Shivani Doke: The Evolution of GRC Engineering (38:30) Why Traditional Compliance Standards (SOC2/ISO) Fail with AI (43:30) Owning Third-Party AI Risk vs. In-House AI Risk (44:30) The Death of PDF Policies: Shifting GRC Left into CI/CD (50:30) The New Privacy Paradigm in Third-Party SaaS Reviews (52:30) Dealing with Unauthorized AI Software Expensed on Corporate Cards (57:30) Fourth-Party Risk and Transitive Dependencies in the Cloud (01:00:30) Will GRC Agents Finally Automate Compliance Screenshots?
View all episodes
By TechRiot.io
4.9
99 ratings
Is your security team moving at the speed of your engineering team? In this special live recording of the AI Security Podcast from San Francisco, Ashish is joined by Nick Reva (Global Director, Engineering Security, DoorDash) and Shivani Doke to tackle the two most critical conversations in AI right now: Proactive Offensive Security and the evolution of GRC .
In the first half, Nick explains why traditional AppSec teams fail to keep up with AI development, and shares his strategy for building "Forward Deployed" tiger teams that embed directly with product engineers . Nick also coins the term "Claude Kiddie", a new breed of script kiddies using AI to generate sophisticated bug bounty reports and argue with triage administrators .
In the second half, Shivani defines the emerging role of the "GRC Engineer." As AI compresses the software development lifecycle and introduces complex third-party (and fourth-party) risks, static PDF policies and manual compliance screenshots are dead . Learn how GRC is shifting left, embedding guardrails directly into CI/CD pipelines, and eventually using AI agents to automate the bane of every compliance officer's existence: evidence collection.
Questions asked:
(00:00) Introduction: Live from San Francisco (04:00) Audience Story: How an AI Agent Exfiltrated Data via a Vibe-Coded App (06:50) Meet Nick Reva: Securing DoorDash at Silicon Beach (08:30) "Shift Far Left": Embedding Tiger Teams in AI Development (09:30) Using PromptFoo for Automated Prompt Injection Testing (11:30) Why Security Must Operate at the Speed of Engineering (12:30) The Netflix Model: Forward Deployed Security Engineers (15:30) AI-Enabled Threat Modeling and PR Reviews (19:30) Build vs. Buy: Why Speed Matters More Than Money in AI Security (24:30) The Rise of the "Claude Kiddie" in Bug Bounties (30:30) Who Owns AI Risk in the Enterprise? (Business vs. Security) (37:00) Meet Shivani Doke: The Evolution of GRC Engineering (38:30) Why Traditional Compliance Standards (SOC2/ISO) Fail with AI (43:30) Owning Third-Party AI Risk vs. In-House AI Risk (44:30) The Death of PDF Policies: Shifting GRC Left into CI/CD (50:30) The New Privacy Paradigm in Third-Party SaaS Reviews (52:30) Dealing with Unauthorized AI Software Expensed on Corporate Cards (57:30) Fourth-Party Risk and Transitive Dependencies in the Cloud (01:00:30) Will GRC Agents Finally Automate Compliance Screenshots?
More shows like AI Security Podcast
View all
The a16z Show
1,105 Listeners
Risky Business
375 Listeners
CyberWire Daily
1,023 Listeners
Invest Like the Best with Patrick O'Shaughnessy
2,388 Listeners
NVIDIA AI Podcast
347 Listeners
Cybersecurity Today
178 Listeners
Practical AI
211 Listeners
Google DeepMind: The Podcast
197 Listeners
Cloud Security Podcast
57 Listeners
All-In with Chamath, Jason, Sacks & Friedberg
10,197 Listeners
Cybersecurity Headlines
137 Listeners
Cloud Security Podcast by Google
40 Listeners
Honestly with Bari Weiss
8,443 Listeners
The AI Daily Brief: Artificial Intelligence News and Analysis
693 Listeners
AI + a16z
32 Listeners