Podcasts
AI Security Brief
Ep 2
AI Security Brief 5.7.26
Ep 2 | 5.7.26

How do we secure applications when anyone can code?

Show Notes
Transcript

Ashish Rajan: The future that I see for SaaS in general, irrespective of whatever category you're in, we're moving towards a world where all of us cybersecurity professionals will start creating something called a harness internally, or some kind of a framework where I know what my context for the organizations, which unfortunately, I cannot expose to a third party. And it's not the fault of the third party. You're doing a great job. It's just that my expectation from you is not a UI anymore. It's the expectation that you should have an API that I can have my "agentic framework or harness" use to -- I'm still subscribed to you, but I can use the telemetry that you provide me from WAF, the telemetry you provide me from cloud, the telemetry you provide me from AI to make decisions with my context as the RAG or the even to the context for, "Is this a vulnerability I should care about?" instead of looking at 10,000 alerts that came from a provider.

Johnny Hand: Welcome back to the AI Security Brief, where we're unpacking emerging AI threats, vulnerability research, and the strategic decisions security leaders are making right now. I'm Johnny Hand.

Dustin Childs: And I'm Dustin Childs. Today's conversation gets at something that doesn't get said plainly enough. The pace at which your organization is adopting AI is almost certainly outrunning your ability to secure it.

Johnny Hand: And today's guest is Ashish Rajan, CISO, podcast host, and author of the upcoming book "AI Security Engineering." Ashish came to this conversation with a lot of candor. What happens to your risk posture when non-technical employees start committing code?

Dustin Childs: And he offers real, actionable advice for both security leaders and practitioners on how to start to get ahead of this accelerated use of AI within organizations and not just react to it.

Johnny Hand: Now, Dustin, I forget. Were there any real hot takes in this conversation with Ashish?

Dustin Childs: Oh, most definitely. Maybe too many. But the one that really sticks out to me most was around SaaS offerings and how agentic AI could be the death knell for software as a service.

Johnny Hand: So, Ashish, I got to ask. We seem to be in an era that we have, like, this breakneck AI innovation, right? And as we look at that, we're noticing that more and more what I'll call novice users are wading into the water with software development and application development, right? As a security leader, are you excited or terrified by the amount of vibe coding that's happening in the app development space right now?

Ashish Rajan: Oh, I'll give -- I would say I have both excitement and trauma from it. And I'll say this because -- so in the work that we do and the advisory board we have, there's almost people on two spectrums. I think I would imagine with a barbell. On one side of the barbell, you have people who have completely said, "Unless there's proper regulatory requirements for it, we're not adopting it. We'll use Copilot. We'll do the -- I would use it as a Copilot, but that's about it. I'm not putting any sensitive information there." On the other extreme, you have people who have been basically going full in. They use it for development, productivity, and possibly accepting risk as they're going along as well, because not everything in AI security is solved at the moment. But there are people -- like, this is -- and someone described this as a messy middle, which I kind of agree, where you have a spectrum of people who want to do more, so they've gone down the software development path. They're using Claude Code or maybe Cursor, whatever the flavor, or they have also gone to the point of asking not just their developers, but also their product managers, their UX designers, "Hey, we want you to commit code as well because -- " I'm just going to throw some number here, maybe -- "Anthropic does 500 deployments a week. We need to at least do 100 because we are also a tech-forward company. We are a developer-first company." I think that's where it becomes a scary part for -- and that's where it's like, "Oh, it's a bit traumatic," because now you have -- earlier it was just developers with, "Hey, I can produce more code." But now I have people who have never done any coding and have prototypes with Lovable, Replit, whichever the example. And by the way, I don't think these companies are bad. It's just that the -- it's like I can make you sit on a bike and go, "You know, just figure it out." You kind of fall, whatever, but there is a -- so the walk, run, crawl. Oh, sorry, walk, walk. Crawl, walk, run. Crawl, walk, run?

Dustin Childs: Yeah, exactly.

Ashish Rajan: There is no stage for that for this. You're basically just going -- go full throttle.

Dustin Childs: Yeah, I think you actually had it right the first time.

Ashish Rajan: Oh, really?

Dustin Childs: As far as agentic AI deployment goes.

Ashish Rajan: Yeah, yeah, right, yeah.

Johnny Hand: So, it's interesting, too, because -- yeah, I've been in cybersecurity for 25 years and I always talk about, like, the ebb and flow of these marketing terms that rebrand kind of age-old ideas, right? And, you know, we think about agentic as an idea, and then it blends so closely with autonomous and these terms. But ultimately, what we want to do is we want to take these tools and allow them to start, actually, taking action and doing it in a way that's meaningful and that actually helps us. Although, you know, turning my pictures into funny GIFs and stuff is great with GenAI, but it's not the real value that comes out of it. So when you look across, like, that idea, what are some of those practical, like, implications around that? Like, how do you move into a world where, like, especially in a cloud security aspect in organizations, as they wade so hard into that pace of AI adoption to try to keep up, how does that work in terms of understanding that these applications have risk with them?

Ashish Rajan: Oh, I want -- it's an interesting one. So I'm grateful that I get to talk to companies in different spectrums. Thanks to the work we do. On one end of the spectrum, there are companies where security has not been given access to AI, where they are just a reviewer of a third party. And we can be here in Silicon Valley and say that everyone's AI, and I always remind myself that there is someone out there who probably doesn't even have the budget for an AI subscription to be available to security, and they give it to limited developer teams as well. So I'll probably, in those companies, the risk that they talk about is primarily around the, "Hey, can we -- how should developers use Claude Code? Where can they commit the code and go into production straightaway, or should they produce the code and go through the regular approval review? How do we speed that up?" That's kind of how they try to tackle AI and put that into, like, the application security. But that also goes into your infrastructure security as well for cloud, because now you can produce Terraform script from it. You can have your infrastructure as code, CloudFormation template, Azure ARM template. All of that can be created by this. Where I find it to be really interesting, and the risk starting to introduce is that where the volume of it starts increasing. I think that's when people have that moment for, "Oh, it's no longer my pet project that I did over the weekend. Can I use AI to produce Terraform templates?" I tick that box. I come back to my workplace the next day, and I try doing that. Then I realize, actually, oh, it's not one EC2 instance that I'm creating. I've got dev, test, prod. I have to stage this in a CI/CD pipeline. I have to make sure that I'm doing security across the CI/CD pipeline. The moment you start applying it to real life, I think that's where the rubber hits the road, as they say.

Johnny Hand: Yeah.

Ashish Rajan: That's when -- pretty much, if you have not done security before and if you're starting from zero, you know, you're already behind the train. But you realize very quickly how exposed you are. And I think this is why I've been saying this for a while that if you are using AI today, I would be -- you're already exposed. You just don't realize it.

Dustin Childs: Oh, that's a hot take. Yeah, I mean, there are some people now who are saying that because of agentic AI agents, that essentially SaaS is dead, that you're not going to have any SaaS offerings anymore or SaaS subscriptions. So I wanted to get your take on it. How does agentic AI really affect the SaaS industry, and is there life in SaaS left?

Ashish Rajan: Oh, this is -- I heard this yesterday, and I thought it was really interesting to describe SaaS. And someone described SaaS as why do you need a database with a pretty UI? And I'm like, actually, you know what? When you say it like that, that's pretty much what they're doing. They're not -- I mean, they're not reinventing something. If you -- obviously, we looked at SaaS as a category for, hey, solve a problem, product subscription, all of that. But then you look at it, wait, so they've just -- so if I was just to use a sales product, for example, they collect my prospects, my leads, and has a few people who can enter into it, I guess enter information into it, connect to it, use the information, whatever. But can I technically use Lovable or Replit to recreate that today? Possibly. Can I use Claude Code because it has an Excel integration as well? Maybe I can. And it can be a bit more smarter. So I think that's where the question is coming from. But I definitely feel the future for SaaS as it stands today is definitely dead. But the new world that we're moving towards, like, I don't think it makes sense for a financial organization to build a sales CRM as a product. It would not make sense. But what would make sense for them is that, usually, even if I had a sales CRM, I would have to put it through my filter for, what do I consider is a lead? What do I consider my campaigns that I care about? What do I consider -- or even security for that matter as well. Now, bring it back to cybersecurity, even if I have a CSPM, CNAPP, or any category including AI security products as well, my initial thinking used to be that I get a -- I work with a product, and I use the information to add a layer of my info, what is a high, medium risk? What is a high, medium, low? And I classify that based on my understanding of the environment. So just because a file is exposed -- but Ashish left the company five years ago, so I don't have to worry about that kind of a thing. So to bring that back to what you're saying about SaaS companies, so the future that I see for SaaS in general, irrespective of whatever category you're in, we're moving to a world where all of us cybersecurity professionals will start creating something called a harness internally, or some kind of a framework where I know what my context for the organization is, which, unfortunately, I cannot expose to a third party. And it's not the fault of the third party, you're doing a great job, it's just that my expectation from you is not a UI anymore; it's the expectation that you should have an API that I can have my "agentic framework or harness" use to -- I'm still subscribed to you, but I can use the telemetry that you provide me from WAF, the telemetry you provide me from cloud, the telemetry you provide me from AI to make decisions with my context as the RAG or the to the context for "Is this a vulnerability I should care about?" instead of looking at 10,000 alerts that came from a provider.

Dustin Childs: How in the world did you have time to write a book? Tell me about that. I mean, yeah.

Ashish Rajan: I'll tell you -- I mean, I'll give you guys an exclusive as well. The funny thing was, I started writing the book in Jan 2025, and to kind of share how much AI kind of transforms. AI agent was like this thing that people were you know simmering away, people were not sure what's going to happen. There were a few providers. But so I wrote the first three chapters, and come June, just around Black Hat, suddenly AI agents were everywhere. It's like that was the year. And I'm like, "I cannot release a book called 'AI Security Engineering' and not have AI agent in there." I'm like, "Okay. I've got RAG covered." So I had to rewrite the entire book. So, to your point, I would say every waking hour after that was basically spent writing the book, because, like, I was running short on time. I only had -- it's coming out just before Black Hat as well, funny enough, because I had to push the deadline. But hey, apologies to the publishers. But they were kind enough to realize that, "Okay. I get it. If you don't cover AI agents, this book is basically nothing." No one's going to -- I mean, I would not pick it myself of those, so leave it to anyone else. And I think because that's why I kind of switched my gears to instead of making it bored on the side of "Hey, we should -- this is how we can do security of say specific Replit or Lovable," or whatever, the intent has become -- this book that inspired me was called "Security Engineering" by a British author. And the intent is to kind of build frameworks rather than just giving strict instructions for this is how you do identity, this is how you do that. Because what I realized was say when the book comes out, there would be an opportunity for another update. I mean, I don't know, like we're already texting code. That was not planned in my book. So I had to give a link in that book for, "Hey, by the way, go to either my own website or aisecurityengineeringbook.com so I can keep giving you updates," because I have written the book, but the versions keep updating. And there is no -- I don't even know -- and going back to your SaaS is dead, I don't know if people can have physical books about AI that can last more than six months.

Dustin Childs: It's going to be rough. I mean, we're seeing AI adoption at a rate faster than any other technology that we've ever seen. So, yeah, that's kind of my question is like, that's amazing that you've been actually able to put pen to paper, you know, metaphorically, of course, because who writes with a pen these days?

Ashish Rajan: Yeah. Well, yeah. I mean, shout out to the publisher who asked me to draw a line because, like, dude, if you just keep pushing this, we'll be here till 2028 waiting for AI to stabilize.

Johnny Hand: It's almost like you have to put a forward in there. I think back to, like, the early days of writing, like, you know, SOPs and organizational documents, and I would always, like, put a caveat at the front and say, you know, "Bear in mind this is a living and breathing document that's forever changing."

Dustin Childs: Ashish, we talked about the process of creating the book, but what is the real content of the book? What can readers expect when this comes out? Because I'm looking forward to it as well. But what can readers expect from the book?

Ashish Rajan: Sure. So the book is written for your -- I think I, like, described leaders and builders because eventually, I think, everyone's going to have to figure this problem out. It's split into -- I guess the components are how, what does it take to build, say, AI systems or build secure AI systems? How do you monitor them? Incident response was something that I spoke about earlier. But I've primarily focused on two big components in AI today, the way they're consumed. One is the AI agent ecosystem that's being created, and the other one is the internal AI systems with RAGs searchability. If you look at the consumption of AI or how it's being used across the enterprise so far, they only fall into those two categories. I either have a vector database or RAG pipeline that I've built, and I have a AI agent. Now, both of these are going to integrate into your CI/CD pipeline, identity, network. All of that is important. The intent of the book is not to say everything that we have done so far is incorrect. It's just that it's not relevant with the threat model that we have -- we are moving forward with. So it's not a AppSec, CloudSec refresher for the 1.0 version. It's what does AppSec, CloudSec, all that look like for the 2.0 world, is kind of what we're going with.

Johnny Hand: This is one of those kind of shout it from the rooftop moment. And I say that because I think the natural thing is we're seeing that folks are leaning in and inherently trusting, right, of what the AI models are doing. And then you also, on the other side, we're seeing these foundational model makers really boast about the security and the things that they're doing, but from a perspective where they're not security leaders. And so as you're talking to folks and you're having this discussion, are you seeing that same inherent trust and cautioning -- like, what are you seeing, like, what's the boots on the ground perspective around this trust in these tools?

Ashish Rajan: So the funny thing is, depending on which kind of leader you talk to, I definitely find the regulated environment is a lot more aware. They don't see that as a, "Oh, wow. Thank God they're doing this." They look at that as like, "That's great, but I think we have figured this out ourselves. We have people who are on our side working through this." Because at the end of the day, it's an external auditor who's going to come and look at it. Just because you have a foundational model security product doesn't make you automatically compliant to HIPAA, automatically compliant to SOC 2, or any of the -- not that I'm saying having compliance makes you "secure," but it's the work you put behind it. Bringing that back to this as well, the other kind of leaders that exist also are we already have an enterprise license with Claude or OpenAI, whoever, which is kind of what happened with the Microsoft line. If you have an E5 or an E7 license, you get Defender, you get Sentinel. Now you're like, "Oh, when I'm paying a lot of money for this already, can't we just use Defender and Sentinel? Because apparently, I've heard it looks at AWS and Google as well. Should be fine." I'm like, "Yeah, yeah." I'm like, and I think those are those kind of leaders as well. So I think they would just still go down that path of try and use and see what happens. >> Yeah, yeah. So, but I definitely feel boots on the ground, most people I've touched -- at least the cybersecurity industry completely understand this is not what we would want to use. But if I flip the customer to be the technical leader in a organization who's making that financial call or in a SMB market, for them it's a no-brainer.

Johnny Hand: Yeah.

Dustin Childs: Yeah. So I've heard a lot of the answer to this question already, but I kind of want to ask the question anyway, so we can put it in a succinct manner. What actual advice can security leaders provide to teams and executives to build confidence in secure AI adoption amongst the rapid technology advance?

Ashish Rajan: So, having some kind of policy that basically helps your organization understand the right way to use AI, having a standard for what would be a safe AI for us to use that we have monitored. If you want, have a process for if you are trying to introduce new AI capability, whatever new software you want to use, let's talk about it, not be -- I mean, that's the usual "Don't be as department no." I think where people are going to struggle -- and this is maybe we can put some effort, and this is where they can ask board for some money -- is around the capabilities where the example that I gave earlier on detection for things that are not -- like the GitHub public repository example that I gave. Before we start giving everyone access to, let's just, you know, "Go out, guys, everyone should use Claude Code. I'm being enterprise licensed. Let's go full throttle, 50 deployments a day or 50 deploys a week, whatever you're going to do." I think before we go down that path, I think people should definitely caution the board on, "Hey, look, there are things that would not be picked up by things we do today. We have a lot of tech debt that we need to work on. That tech debt needs to be cleared."

Johnny Hand: So, in the interest of time, as we start to wrap up here, we've talked a lot about a lot of things today. What's one thing that you want the audience to think about or do after they hear this conversation?

Ashish Rajan: Oh, level one, as we know, is disappearing, whether you like it or not. In AppSec, your CloudSec, your SOC analyst, level one is almost becoming like a table stake. So you would find that if you thought you are not a Python person or if you're not a "I would not do this because I'm not a Python person, I would not do this because I don't know Excel or whatever it may be," that is no longer a good excuse. And I would say, for your own job safety, I would definitely start to using AI for building those paths, integrating that into your CI/CD pipeline, integrating that into the products that you may be using, cybersecurity products, whether it turns to be TrendAI, it could be anything, just start thinking about how do you integrate whatever you do as a day-to-day engineer into the products that you guys already use because that's where we're all heading, whether we like it or not. You're not going to build a cybersecurity product inside your company. It just doesn't make sense.

Johnny Hand: Yeah. Well, Ashish, thank you so much for the conversation today. This has been so valuable for our security and our engineering leaders to hear. We look forward to having you with us again.

Ashish Rajan: I look forward to this as well. Thank you so much for having me. Thank you. Great conversation.

Johnny Hand: Okay, Dustin, the "you're already exposed" line, I keep coming back to that.

Dustin Childs: Right. And Ashish is pointing out that the exposure isn't coming from some sophisticated attack. It's coming from a product manager -- yes, we're throwing PMs under the bus here -- who doesn't know the difference between a public and a private GitHub repository?

Johnny Hand: Yeah, it's such a grounding example, which brings me to what I think is really the key takeaway of the day. You cannot outsource your AI security context to a third party. It's not that those guardrails are worthless. It's that they were never designed for your specific environment, your specific data, or your specific compliance requirements. That's why it's so critical to leverage cybersecurity capabilities that are the right fit for your team and your environment.

Dustin Childs: And if you want to go deeper on all of this, Ashish has literally written the book on it. "AI Security Engineering" is available for pre-order on Amazon right now. We'll have the link in the show notes below. This book is thoughtfully built for both leaders and practitioners. And given how fast the space is moving, the timing couldn't be better.

Johnny Hand: And if you're a security leader, go talk to your development and engineering teams now. You have to partner early before the business directs everyone to start committing code, and you're the last to know.

Dustin Childs: Don't be the department of no, be the person who is already in the room.

Johnny Hand: And that's really the job right now.

Dustin Childs: And that does it for another episode of the AI Security Brief. We want to thank you for joining us. Our goal is to host conversations that have you thinking differently about security. And if it does, consider subscribing so you don't miss what's next.

Johnny Hand: The AI Security Brief is mixed and produced by Elliott Peltzman with original music by Omnia Jinx [phonetic]. Our executive producer is Jennifer Eiben, with content strategy by Ma'ayan Plaut, Shannon Murphy, and Melanie Galant. Additional production help by Liz Stokes. Video editing by Brigitte Criqui Wild and Sarelle Joppy. Thanks so much for listening.

Dustin Childs: And we'll see you next time on the AI Security Brief. [ Music ]

AI Security Brief
Podcast Info
HOST(S):
Dustin Childs
Johnny Hand
Dustin C. Childs is a part of TrendAI™ Zero Day Initiative™ (ZDI), which is the world's largest vendor-agnostic bug bounty program. Dustin began his infosec journey in the late 1990s at the Air Force Information Warfare Center. Following his time working for the government, Mr. Childs worked in the Microsoft Trustworthy Computing group, where he served as a case manager in the Microsoft Security Response Center (MSRC) with a focus on addressing vulnerabilities in the Windows operating system and in Microsoft's developer tools. In his current role, Mr. Childs gathers and analyzes threat intelligence from various TrendAI and open-source resources to understand and communicate risk to enterprises. He also creates, implements, and oversees internal and external communications programs that promote the work of the TrendAI™ ZDI and its researchers. He has spoken at multiple conferences including Black Hat USA, ThotCon, BlueHat, B-Sides, and multiple ISSA events.
Johnny Hand is a seasoned cybersecurity leader with over 20 years of experience translating intricate technical concepts into business-critical operations. He is the VP, for AI Operational Excellence at TrendAI™, where he spearheads the integration of artificial intelligence for enhanced security and operational efficiency. His background in securing critical infrastructure includes leading information security and technology operations for an international academic institution and overseeing communication and defensive cyber operations for specialized units within the U.S. Navy. His focus remains on building resilient security strategies that adapt to the evolving technology landscape.
Schedule: Biweekly
Creator: TrendAI
AI Security Brief