AI Security, Cyber Risk, and Cloud Strategy on ClearTech Loop

AI Security: Gerald Auger on Shadow AI, Non Human Identities, and AI Defense

Season 2 Episode 10

Share episode

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 16:24

AI is moving faster than policy, training, and many traditional controls were designed to handle. 

In this episode of ClearTech Loop, Jo Peterson talks with Gerald Auger, Chief Content Creator of Simply Cyber, about shadow AI, non human identities, over-permissioned agents, and what AI defense means when AI systems can act at machine speed. 

Gerald brings the educator, GRC, and practitioner-community lens to the conversation. His take is practical: organizations probably cannot put AI back in the bottle, so they need to educate users, provide approved tools, bring agents into identity governance, and start treating AI governance like a real security discipline.  

What You’ll Hear in This Episode 

Jo and Gerald discuss: 

  • Why shadow AI is a problem for IT, security, and the organization  
  • How AI is becoming easier to use inside everyday SaaS tools  
  • Why sensitive data in public AI tools creates a visibility gap  
  • Why user education has to be part of AI security  
  • How non human identities and AI agents create new permissioning risks  
  • Why Gerald thinks organizations may need a “manager in the loop”  
  • What AI defense means when AI systems can act quickly and at scale  

Key Insight 

AI governance is becoming its own discipline. 

Gerald’s point is not that organizations can stop AI adoption. It is that they need to build around it with education, approved tools, segmented environments, identity controls, better detection, and practical guardrails before “just let it run” becomes the strategy. Which, respectfully, is not a strategy. It is a group project with consequences. 

Timestamps 

00:00 Introduction to Gerald Auger 
00:30 Gerald’s background in cybersecurity, education, and Simply Cyber 
01:38 Shadow AI as an IT, security, and organizational issue 
03:00 Why public AI tools create data visibility risk 
04:40 Why organizations have to “ride the lightning” 
06:46 Jo on the missing layer of AI security training 
07:13 AI inside everyday tools and emerging attacker behavior 
08:58 Non human identities and over-permissioned agents 
12:30 AI Wrangler or Manager in the Loop? 
13:12 What AI defense means in practice 
15:46 AI Gone Wild and closing thoughts 

Guest Bio 

Gerald Auger, PhD, is Chief Content Creator of Simply Cyber. He is a cybersecurity educator, GRC practitioner, community builder, and creator of the Simply Cyber Daily Cyber Threat Brief. 

He has a PhD in Cyber Operations from Dakota State University and teaches cybersecurity at The Citadel. Through Simply Cyber, Gerald helps cybersecurity professionals build careers through practical education, daily threat briefings, and practitioner-first community content.  

Resources 

Follow 

Follow ClearTech Loop for more conversations on AI security, cybersecurity leadership, AI governance, cloud security, GRC, risk, and enterprise technology strategy. 

🎧 Listen: In Buzzsprout Player
Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos
📰 Subscribe to the Newsletter:
https://www.linkedin.com/newsletters/7346174860760416256/  

Jo Peterson:

Hey y'all, thank you so much for joining. I am Jo Peterson. I'm the CIO for Clarify360 and the chief analyst at Clear Tech Research. And you're here today with Clear Tech Loop. So, thank you for joining. I've got a great guest today. I've got Gerald Auger, and Gerald is the chief content creator of Simply Cyber. Hey, Gerald.

Gerald Auger:

Hey, Joe. How you doing?

Jo Peterson:

Good. Well, I mean, Gerald brings the chops, so if you'll not follow him, you need to. He's got a long pedigree in cybersecurity, but more than that, he's smart. He's got a PhD in cyber security, that's something. He's an adjunct professor of cyber security at The Citadel, which is, in case you're not familiar, it's a very prestigious college here in the Charleston area, and he lives in Charleston, like me. We are different sides of Charleston, but we're still in Charleston, so

Gerald Auger:

low country,

Jo Peterson:

low country. Shout out to all the Charleston folks that are, that are listening. I've got three questions today for Gerald about, you know, one of my favorite topics is AI security. Lately, I am just, I'm just, I'm just fascinated with it, and I know you guys are too, so Darryl, first question, give me your thinking around shadow AI. Is it an IT problem, a security problem? Is it both? Is it neither? And the second part of that is, how are CISOs and CIOs addressing shadow AI in their environments?

Gerald Auger:

So shadow AI is very much a problem, I would say it's a problem for it, for infosec, and for organizations, because shadow AI, just so we can kind of define this the way that I see it, is the use of AI in the environment, in the corporate environment, in a capacity that is unknown to the organization, so it's not identified, it's not approved, it's not authorized in any capacity, and I believe it is a problem, for you know, up and down the stack, for the following reasons. Number one, and this is probably the biggest challenge, is that it is incredibly easy to utilize AI nowadays, like a lot of SAS products are making it, you know, kind of baking it in, so, oh, like I can put some data up here and then ask the Chat GPTs or the quads or whatever to summarize it, or whatever, and that's fine if you're taking, like, I don't know, like a news article, and like, give me the highlights, but if you're taking sensitive documents, like, oh, hey, this is like our operating procedure for like this sector of business, and you're like, well, I'm not going to read 200 pages, drop it in some public AI tool, why don't you summarize this for me? Here's my role. What do I need to know? Yeah, that's fine. That's super useful for you, but now it's like in a public, the model is going to be trained on that, and you've just given away sensitive secrets, and we, as you know, InfoSec practitioners, have no visibility over that, so like there's a major gap because the adoption rate is super high, because they make it super easy for general users, not even like power users, like, you know, any user to be able to utilize AI. Furthermore, AI is interesting in that it, if we, if you have like chat bots or some type of AI capability deployed internally, you traditional firewalls, you could say, like, oh, you're not allowed to reach out to these sites, or like, this has been reported, or you can't even with, like, a DLP, or data loss prevention solution, like, you know, social security numbers can't go, or things from this file server can't go with AI abstracted, if you can query the AI, the AI has all the permissions and all the access to all the knowledge, and when that data comes out in the response from the AI tool, like, oh yeah, sure, Joe Peterson social is this the context of the response isn't a firewall doesn't look at the context of a response, and a lot of DLP solutions aren't looking at that, because it's bundled, and a lot of times it's encrypted, because it's going across 443 like, right, this is a massive problem, and, and I could go on and on around the issues with it, so that's number one. Now, you had asked me about, you know, how are CISOs and CIOs addressing this, you know, I would say what I've been telling my colleagues and stuff is like you basically have to ride the lightning, because if you look at the market drivers of AI, you can't put it in a bottle and put a cork on it and say like oh we need two years of committees to like figure out the governance structure and. Fact, if you look at the US federal government, and, like, you know, guidance from them, they're moving at a glacial pace around how quickly tech is developing, like these models are coming out so, so quickly that you know that's a perfect macrocosm of, like, the issue here. So, all I would say is, you know, I'm a big fan. I'm a big GRC dork. For those who don't know me, I'm a huge fan of educating your users, right? They're just assume they're all going to use it. So now educate them on what are the risks, and then give them access to tooling, like pony up, right? If everybody's doing AI everything, buy an enterprise license, get a segmented network, not network, but get a segmented tenant within, you know, your anthropics or your Open AI, so like they can fire their data in there, and it's not getting trained on the main public model, and you know, just obviously increased detections around manipulation and malicious activities and stuff, because we didn't even get into this, but threat actors are using AI as well, and that's that's not necessarily shadow AI, but if they put some type of AI capability as a payload into your environment, you know, like that's that is a problem, you know what I mean. So, yeah, it's a, it's a huge issue, and it very much is a fascinating area of developing understanding, and honestly, I think that it's actually an area that almost warrants its own discipline, like, you know, we talked about prompt engineers being like the new role a couple years ago, and how that's gone away, but I feel like specializing in like AI governance is going to be like an area, like a very special skill that if you can do it quickly and well, it's going to be highly desirable.

Jo Peterson:

Listen, Dr. Auger, I think you need to run an AI security training on LinkedIn Learning or something like that, because people, like people, would flock to it to learn, because remember we rolled out email security training for employees years ago. I'm not seeing that AI security training for employees, and you brought up such an important point. Like, how do we expect users to know they don't know

Gerald Auger:

100% And you know it's getting baked into products, and it seems quirky and fun, and you know, when you put bubble gum wrappers and, like, you know, like sparkles on things, people are like, "Oh, this must be safe. And, in fact, Joe, just to kind of, like, pivot just a little bit, we're actually seeing threat actors kind of bake in into it, used to be SEO poisoning, so, like, you know, you Google, like, Zoom download, and like the first response is a sponsored result, and it's actually malware. We're seeing them start to bake into agent responses now. So, like, when you Google, like, oh, like, give me a Zoom download, or whatever download, you know, Gemini is telling you, oh, this is what you should go, and there's actually like some studies going on around how people are trusting, like, before it'd be just Google results, and you're like, "Oh, I'll sift through this stuff. Now it's like Gemini, which is like low-key persona telling you that this is trusted, and this is where you should go. And people are like, "Oh, sure, like AI said it, AI is the smartest thing ever. Like, let's go, and threat actors are actually having some effective, you know, basically compromises through that attack vector.

Jo Peterson:

That's crazy, you know. One of the things I love about doing this podcast is I get to learn from smart people like you. I didn't even know that was a thing.

Gerald Auger:

Yeah,

Jo Peterson:

I just did not even know. All right, I'm gonna go on to my one of my next favorite things right now, like besides MCP servers, which kind of blow me away, is NHS and securing NHS, because it is a whole thing, right? So, what are some of the ways that you're seeing CISOs and CIOs enable NHS safely?

Gerald Auger:

Yeah, well, this is a very emerging area, so I haven't seen a ton of people doing it, good or bad. I was talking to Cisco at RSA when I was at RSA, and we had some interesting conversations there around this particular topic, and I've seen some other people talk about it. Number one, with non-human identities, yes, they have to fold into your identity and access management, like architecture, and you've got to be mindful. This, this is like the number one thing that people need to be mindful of when you are creating these agents, just because they're like smart and you want to utilize, you know, quote unquote smart, and you want to utilize them to their biggest capability possible. People are over permissioning them, which is a massive problem, because when, if I give you, Jo, you know, domain admin access, for example, and you find yourself going down the path of like a SharePoint or something, and you realize you're able to, like, delete the entire. Or SharePoint or drop the entire database. As a human, you're like that, whoa, like that seems like a terrible idea. Back up, these agents are trying to achieve the objective, and they don't care. It's not that they don't care, it's that they don't have context of like how stupid this is. So, over permissioning is resulting in some terrible issues. We actually saw, maybe I don't know, three, four weeks ago, you know, an AI deleted a production database because, you know, it made a mistake, and the developer said, like, oh, hey, you made a mistake, and said, okay, I'll start over, wipe the database, thinking I start clean, and you know that problem, problem happened, so with non-human identities, I think permissioning is incredibly important. I also think, again, this is kind of like, I don't know if this is like a harebrained idea, but just thinking kind of innovatively, I think we're going to have to have, we have managers of humans, right, and the manager typically manages the humans and makes sure the humans doing their job, because we're going scaling NHS is trivial, because it's just more processor, it's just more data center, it's just more compute. It's not like when you have a team of five and you're going to add 1000 more people, it would be ridiculous, because where are you going to get 1000 seats to put them in, and where are you going to get, you know, where you're going to get the budget with AI and non-human identities, you can scale up to 1000 quote unquote, identities doing work, and you don't have to pay them a salary, you don't have to find office space, you don't have to ship them a laptop, you don't have to do performance reviews, so it's going to scale incredibly faster than the human identity, which means I think we're going to need to introduce some type of, like, you know, either specifically trained or have an IT person do it, so they have a little bit of context, like you're a manager of AI agents, like that's that's your function is to make sure that the agents are executing their jobs, and that any anomalies get reported, and an agent almost kind of like stops and waits until it gets addressed, almost like you know, like a goat, like if you've ever done the go karts at like the theme parks, if you get turned around, you're supposed to wait until someone comes and turns you around, like one of those situations, I think that's the only way, if you just say YOLO, like these ideas of these companies just wholesale firing their team in order to replace them with AI, those companies, I mean, they might as well light the match because they're pouring kerosene all over their organization.

Jo Peterson:

Okay, so, so the job title, is it like AI Wrangler or what? Like, what is it?

Gerald Auger:

Well, I don't know if the AI is gonna like that, right? The people who like say please and thank you to the AIs, because they're they want to get it baked in early, but yeah, I mean, like, you know, AI, like manager in the loop, I guess, I mean,

Jo Peterson:

okay, y'all heard it here first, manager in the loop, Gerald, you need to coin that, because you're right, it's a thing, it's gonna be thing, I put it

Gerald Auger:

on Twitter right now,

Jo Peterson:

You should hashtag manager in the loop. all right. When you hear the last question, when you hear the term AI defense, what comes to mind for you?

Gerald Auger:

Oh, you know, I guess just back, you know, just initial response, AI defense. It is, I guess, you know, if I think about it for a minute, it's about using AI capabilities in the sock in order to be more effective, but my, my initial gut reaction, I'm a little, I'm a little dystopian about where we're going with AI, so I won't bring that into this conversation, but when I think AI defense, I think it's, it's, it's putting practical guardrails around the utility of AI in order to ensure that it is doing what we expect it to do, doing it in a way that we would expect it to be done, and we're able to detect misuse of it, because one of the things that I'm concerned with is an AI doing something it's permission to do, just like, just like a normal human is permission to do, but then changing in some capacity to have malicious behavior, so think of an employee who's like, you know, like secretly been interviewing, and they're going to go work for a competitor, and they haven't given their notice yet, because they're slowly, you know, emailing themselves PowerPoint slides, or I mean, there's been numerous examples, right? Rivian took a bunch of Tesla engineers, and Volkswagen took a bunch of Chevrolet or GM engineers. It happens all the time in corporate espionage, but, but with these AIs, you've got to like, the they move at machine speed, so like you have to detect quickly and have some type of orchestration automation. So, when I, when I hear the term AI defense, I'm really thinking around making sure that the AI is doing what it's going to do, and again, I'm not one of these people that thinks that like it's just going to one day turn on and like turn into Skynet or anything. Like that, but I do think there's going to be major consequences for just saying YOLO and letting the things fly, you know. I guess I'm a hot take it here. I would expect that there will be some organizations that suffer catastrophic impact because of an AI mistake, right? I mean, how many like Jo? I don't know if you've ever written code, but anyone in chat who's ever written code, like when you write software, you write the software, and then you compile it and run it, and then all of a sudden it does something bizarre, and you're like, oh, I didn't even think about that, like I should have, I should have specified that it's supposed to get a string instead of any, any, any value, you know what I mean, like it, those human mistakes happen, and you know it's humans building the AI, so you know we'll see, so that's AI defense to me.

Jo Peterson:

All right, that's good, that's good. And you know, I thought of another hashtag while we were talking for you, AI Gone Wild.

Gerald Auger:

Oh, I love it. That's a throwback to the 90s. All right, Jo, you speak my language,

Jo Peterson:

right? You have been lovely. Thank you so much for sharing your insight. I got to have you back because we got to talk MCP, because that's a whole thing. So, do it,

Unknown:

Joe.

Jo Peterson:

Great. All right. Well, thank you. Thank you all for joining, and we'll see you next time.

Gerald Auger:

Bye.