In this episode of Resilient Cyber, Ed Merrett, Director of Security & TechOps at Harmonic Security, will dive into AI Vendor Transparency.

We discussed the nuances of understanding models and data and the potential for customer impact related to AI security risks.

Ed and I dove into a lot of interesting GenAI Security topics, including:

• Harmonic’s recent report on GenAI data leakage shows that nearly 10% of all organizational user prompts include sensitive data such as customer information, intellectual property, source code, and access keys.
• Guardrails and measures to prevent data leakage to external GenAI services and platforms
• The intersection of SaaS Governance and Security and GenAI and how GenAI is exacerbating longstanding SaaS security challenges
• Supply chain risk management considerations with GenAI vendors and services, and key questions and risks organizations should be considering
• Some of the nuances between self-hosted GenAI/LLM’s and external GenAI SaaS providers
• The role of compliance around GenAI and the different approaches we see between examples such as the EU with the EU AI Act, NIS2, DORA, and more, versus the U.S.-based approach

In this episode, we sit down with Sounil Yu, Co-Founder and CTO at Knostic, a security company focusing on need-to-know-based access controls for LLM-based Enterprise AI.

Sounil is a recognized industry security leader and the author of the widely popular Cyber Defense Matrix.

Sounil and I dug into a lot of interesting topics, such as:

• The latest news with DeepSeek and some of its implications regarding broader AI, cybersecurity, and the AI arms race, most notably between China and the U.S.
• The different approaches to AI security and safety we’re seeing unfold between the U.S. and EU, with the former being more best-practice and guidance-driven and the latter being more rigorous and including hard requirements.
• The age-old concept of need-to-know access control, the role it plays, and potentially new challenges implementing it when it comes to LLM’s
• Organizations rolling out and adopting LLMs and how they can go about implementing least-permissive access control and need-to-know
• Some of the different security considerations between
• Some of the work Knostic is doing around LLM enterprise readiness assessments, focusing on visibility, policy enforcement, and remediation of data exposure risks

----------------

Interested in sponsoring an issue of Resilient Cyber?

This includes reaching over 16,000 subscribers, ranging from Developers, Engineers, Architects, CISO’s/Security Leaders and Business Executives

Reach out below!

-> Contact Us!

----------------

SecOps continues to be one of the most challenging areas of cybersecurity. It involves addressing alert fatigue, minimizing dwell time and meantime-to-respond (MTTR), automating repetitive tasks, integrating with existing tools, and leading to ROI.

In this episode, we sit with Grant Oviatt, Head of SecOps at Prophet Security and an experienced SecOps leader, to discuss how AI SOC Analysts are reshaping SecOps by addressing systemic security operations challenges and driving down organizational risks.

Grant and I dug into a lot of great topics, such as:

• Systemic issues impacting the SecOps space include alert fatigue, triage, burnout, staffing shortages, and inability to keep up with threats.
• What makes SecOps such a compelling niche for Agentic AI, and what key ways can AI help with these systemic challenges?
• How Agentic AI and platforms such as Prophet Security can aid with key metrics such as SLOs or meantime-to-remediation (MTTR) to drive down organizational risks.
• Addressing the skepticism around AI, including its use in production operational environments and how the human-in-the-loop still plays a critical role for many organizations.
• Many organizations are using Managed Detection and Response (MDR) providers as well, and how Agentic AI may augment or replace these existing offerings depending on the organization's maturity, complexity, and risk tolerance.
• How Prophet Security differs from vendor-native offerings such as Microsoft Co-Pilot and the role of cloud-agnostic offerings for Agentic AI.