When AI Stops Assisting And Starts Acting Artwork

AI Proving Ground Podcast: Exploring Artificial Intelligence & Enterprise AI with World Wide Technology

AI deployment and adoption is complex — this podcast makes it actionable. Join top experts, IT leaders and innovators as we explore AI’s toughest challenges, uncover real-world case studies, and reveal practical insights that drive AI ROI. From strategy to execution, we break down what works (and what doesn’t) in enterprise AI. New episodes every week.

All Episodes

AI Proving Ground Podcast: Exploring Artificial Intelligence & Enterprise AI with World Wide Technology

When AI Stops Assisting And Starts Acting

May 20, 2026 • World Wide Technology: Artificial Intelligence Experts • Season 1 • Episode 84

0:00 | 32:31

What changes when AI stops answering questions and starts taking actions?

In this episode of the AI Proving Ground Podcast, WWT security leaders Istvan Burko and Jillian Anderson-Nix break down why agentic AI is forcing enterprises to rethink security from the ground up. These systems are no longer just generating content. They're touching sensitive data, triggering workflows, modifying code and operating with a level of speed and autonomy existing security models were never designed to handle.

The conversation explores the idea of blast radius, why AI agents can behave like highly privileged employees vulnerable to manipulation, and what happens when AI deployments move faster than governance and operational controls can keep up.

We also unpack ARMOR, WWT’s AI Readiness Model for Operational Resilience, along with the practical guardrails leaders should be thinking about now, including observability, least privilege, secure operations and disciplined human oversight for coding agents.

If your organization is building or deploying agentic AI, this episode offers a practical look at where the next generation of security risk is starting to emerge.

Support for this episode provided by: Akamai

More about this week's guests:

Jillian Anderson-Nix is a Technical Solutions Architect at World Wide Technology focused on enterprise AI security and operational resilience. Her background spans biomedical research, aerospace and applied AI, bringing a cross-industry perspective to securing emerging technologies. Jillian is passionate about building safe, practical and collaborative AI ecosystems grounded in real-world enterprise use cases.

Jillian's top pick: How to Use ARMOR: A Guide to AI Security Transformation

Istvan Burko is a security and governance leader with more than 25 years of experience across cybersecurity, risk and cloud strategy. He has held senior leadership roles at NTT/Dimension Data and Amazon Web Services, where he contributed to the AWS Cloud Adoption Framework whitepapers. Istvan remains active in the cybersecurity community through industry leadership, events and enterprise security initiatives focused on modern operational resilience.

Istvan's top pick: Breaking Data Silos: How Private Inference Unlocks GPU ROI on Sensitive Data

The AI Proving Ground Podcast leverages the deep AI technical and business expertise from within World Wide Technology's one-of-a-kind AI Proving Ground, which provides unrivaled access to the world's leading AI technologies. This unique lab environment accelerates your ability to learn about, test, train and implement AI solutions.

Learn more about WWT's AI Proving Ground.

The AI Proving Ground is a composable lab environment that features the latest high-performance infrastructure and reference architectures from the world's leading AI companies, such as NVIDIA, Cisco, Dell, F5, AMD, Intel and others.

Developed within our Advanced Technology Center (ATC), this one-of-a-kind lab environment empowers IT teams to evaluate and test AI infrastructure, software and solutions for efficacy, scalability and flexibility — all under one roof. The AI Proving Ground provides visibility into data flows across the entire development pipeline, enabling more informed decision-making while safeguarding production environments.

Building Safer AI Agents

SPEAKER_02 0:00

I mean ultimately it becomes a conversation of of really what is the blast radius of these tools. It it's exponentially larger than anything prior. You know, a lot of the conversations I have with customers, I I phrase it like it's your riskiest employee. It's the employee that doesn't sleep and doesn't need to eat or take PTO. Um they can simply just work 24-7 and they will always fail the phishing test in the email, right? This is somebody that has uh extensive access to data more than any individual human in your organization would. And they're able to enact change. So, you know, in the ultimate question of what's the worst case scenario when it comes to something going wrong with an agentic solution is that any unexpected action is the worst case scenario. Anything that you didn't intend it to do, it could potentially do. So you need to have, you know, that visibility into exactly what it can touch, what it can reach.

SPEAKER_01 0:52

AI is moving from assistant to independent actor, and that's materially changing the security equation. The risk used to be a bad answer or a leaked file. Now, with frontier models like Mythos offering unprecedented capability, the risk is an AI system that can touch data, trigger workflows, write code, and here's the scary part, take action before anyone fully understands the blast radius. That's the urgent problem behind Armor, a framework recently released by WWT for how to secure AI when ownership is blurry, controls are still catching up, and the technology is moving faster than the org chart. So today, we're talking with Isvan Burko and Gillian Anderson Nix, two security leaders here at WWT, who are part of that team that recently published that new framework. And what they've found in the field is as practical as it is urgent. So let's dig to it.

Why AI Security Is Evolving Fast

SPEAKER_01 1:49

We've talked a lot about over the last several years as it relates to AI insecurity, vulnerabilities like data leakage or hallucinations or you know, things of that nature. But as we move kind of squarely into the agentic era, which does feel like it's being unlocked more and more as the days go by, the risks are certainly becoming more tangible, more real, and more real time. So Isvanam, I just set us off here, set the table. How has what we've experienced, you know, in the last six to 12 weeks changed the security conversation around AI?

SPEAKER_00 2:24

I think the uh interesting thing is we saw this horizon coming, right? The challenge was with hallucinations and everything, we were faulting models, right? Models weren't great. They were, they had their very specific use cases, but they were getting better. And each generation of model that was getting better helped the following model get better quicker and quicker and quicker. So I think one of the things we've been seeing is seeing is that acceleration of capabilities, and that generated these emerging capabilities that we didn't even think models would be able to do. And, you know, specifically in the security space, one of the interesting things was that context matters, right? So being able to process large amounts of information in a consistent way quickly really enabled security, uh, you know, not just from a defensive perspective, but also from an attacker perspective. Because now you can look at entire package of code where humans had to focus on very specific points and leverage that during their investigations and things, models can look at that far more broadly. So I think it's a combination of performance, you know, NVIDIA coming out with better performing uh GPUs, the harnesses that enable us to use those in effective ways, and then just the models getting better so rapidly right now that it's just shortening that time to innovation, shortening that time. And we see it with the developers and you know being able to build applications so quickly. All of that comes with the alternative point of view that you have to actually go and inspect that applications. And it's really just uh the speed at which we need to be able to respond now at the security side and this where there was in the past you know, we used to use the term security through m obscu uh obscure uh what's the word? Obscurability. Yes, essentially. And the interesting thing about that was now these models can find things that we thought wasn't going to be a challenge, right?

SPEAKER_01 4:48

Yeah, Jillian, I mean what what fundament fundamentally changes when you're talking about securing a system that, you know, in the olden days, i.e. just a couple months ago, was just regurgitating information or creating an answer versus what we have today and moving into the future, which is AI systems that can actually act on their own or on our behalf.

SPEAKER_02 5:11

Yeah, I mean, ultimately it becomes a conversation of really what is the blast radius of these tools. It it's exponentially larger than anything prior. You know, a lot of the conversations I have with customers, I phrase it like it's your riskiest employee. It's the employee that doesn't sleep and doesn't need to eat or take PTO. They can simply just work 24-7 and they will always fail the phishing test in the email, right? This is somebody that has extensive access to data more than any individual human in your organization would. And they're able to enact change. So, you know, in the ultimate question of what's the worst case scenario when it comes to something going wrong with an agentic solution is that any unexpected action is the worst case scenario. Anything that you didn't intend it to do, it could potentially do. So you need to have, you know, that visibility into exactly what it can touch, what it can reach. And you also need to know exactly what's the responsibility model look like for that? Who's gonna be whose name is really on the ticket when it comes to those things going wrong? And those are two of the biggest questions I think I've been getting just within the past six weeks, especially.

SPEAKER_01 6:18

I feel like mythos, right, is is maybe the clearest inflection of of how that future is taking shape or that time to reaction and time to vulnerability is compressed so much. You spend your time with a lot of security teams within the industry with our clients. How are they reacting to that need to get to that speed to reaction? I mean, is it even fair anymore to expect any of these teams to move so quickly?

SPEAKER_02 6:44

Well, I mean, I think that they're they're reacting very strongly. I think a lot of the industry has woken up, especially in the past couple of weeks. But that conversation was interestingly happening before. You know, we were always trying to propose that things like this were on the horizon. You know, there have been incidents of agents attacking internal LLMs and items like that. So we knew that this was coming. But I think that the scale that it's happened has really shaped the conversation. And ultimately, a lot of what I've seen is that it's shifting a lot of that burden and conversation to the network security teams within organizations. You know, prior to about the past two months, my typical conversation was with a general security leader or a general AI or innovation team leader. And now it's really shifted to security leaders, but also the network security leaders specifically, because they're really facing a lot of that internal organization pressure as this news comes out.

SPEAKER_00 7:40

On the flip side, I definitely see the security teams realize that they actually need to be able to bring some of the benefits that AI is coming up with into their environment. So a lot of times we're talking with customers about how do we buy versus build to expand that agentic capabilities within our secure operations center, within our risk processes, within our, you know, analytics of the environment and even our operational platforms like patching, software development, et cetera. So I think as much as some customers are in that uh range of, you know, crawl walk run, that's really where they're focusing. It's like, how do we get to that next stage so we can leverage some of these capabilities that the Gentech and the LLMs bring to us and be able to actually optimize the way we we defend in this scenario as well. So

When AI Starts Working Alongside Teams

SPEAKER_00 8:39

the picture is clear.

SPEAKER_01 8:40

The threat surface is expanding faster than the controls. The teams responsible for defending it don't always agree on who owns what. And the tools to fix all of it are still catching up. That's the problem. Jillian and Nisfan have spent the last couple of years building a framework designed specifically to address it. It's called ARMR. And it starts by doing something surprisingly simple: structuring the conversation. So, Jillian,

A Better Framework For Securing AI

SPEAKER_01 9:01

let's get back to ARMOR, which I mentioned just a moment ago. So we introduced ARMOR, the AI readiness model for operational resilience. Everything has a good acronym to it. Before we get into some of the domains and how to think about it, just generally speaking, what problem is it solving for security teams?

SPEAKER_02 9:17

Well, you know, I think at its core, it's solving the problem of how do you structure the conversation. You know, when this came to be, it was really at a time where a lot of organizations were undertaking some form of a generative AI initiative. They were going through some similar tool to co-pilot something that's very directed within their ecosystem. And what we were seeing from our perspective within our practice was that a lot of times they were seeing some level of a security issue along the way. And their instinct reaction was to roll back the tool and the deployment as a whole. And then as soon as they would push it back out, you know, their solution had been to really strip it for parts. They had removed a lot of the data access behind it. They had removed a lot of the core usage and capabilities that it had. So as soon as they rolled it back out, they saw the ROI drop. And so when we were having these conversations internally and discussing what's happening here, you know, is this happening across the board? What are the common factors going on? We were seeing that a lot of them had considered security in some aspect, but it was really in this kind of point solution. You know, the more emerging AI security topics, they were focused on things like prompt injection or red teaming and items like that, but they weren't having the conversation about these traditional security controls that do apply to AI. And so we decided, you know, we need to go back to the drawing board of how do we approach a conversation about a technology and securing a technology that is so ubiquitous and blended? You have to have a conversation that blends security controls, emerging and traditional. So fundamentally, you know, at its core, Armor serves to structure that conversation so that you do cross into both of those areas and you know exactly what level of security you have to have to consider infrastructure around AI secure.

SPEAKER_01 11:07

How should we view Armor in general? Is it is it a framework? Is it a maturity model? Is it an architecture? Is it all of the above?

SPEAKER_00 11:15

It's a little bit of the above, right? So the reason we also structured it into six initial domains is uh we saw the way that the customers were challenging because when you look at the way that the industry was positioning AI, it was security of AI, AI for security, and then secure use of AI. And those three things, the challenge was it didn't translate very easily to cut and the way that customers were organized. So we'd go out there and speak to them about the three concepts, and it would be a great learning session, but no one person would take ownership of how they implement it and how they operationalize it into their organization. So we used things like infrastructure security applied to AI. We use data security applied to AI, which has responsible owners within organizations that can actually take that body of knowledge we generated and go and apply it, right? And that really applies to each of those domains, whether it's uh and the six are governance, risk, compliance, model security, because model is key to AI, it's uh infrastructure. One of the things that isn't traditionally a domain, but it's SDLCs, Secure Development Lifecycle, not only are because a lot of AI is being driven by the applications that leverage AI, but it's also about the operational aspects of AI infrastructure and the way that customers deploy it is essentially AI as code on top of infrastructure as code. So making sure all those development pipelines, the model provisioning platforms, all of that also look at it from a secure development lifecycle perspective. And then, of course, there's secure operations. How do you take this new generative environment and training environments and also look at the gen tech, which is all across, whether it's agents on hosts, and how do you operationalize that securely, right?

SPEAKER_01 13:32

Why does that domain-based model matter here as opposed to just going out and saying, let's go secure the model or secure the app or even broader secure AI?

SPEAKER_02 13:42

Yeah, I think a large part of it is to what Esteban was saying, there's so many different layers within it, and the ownership is really unclear within organizations. You know, I've had conversations where there is this kind of parallel structure with AI and innovation groups and security groups. And even within those groups, the areas and domains that we're speaking to have coverage within both of them. So an ultimate conversation, and one of the biggest questions that I get asked a lot, especially within the past year, has been who's in charge of this? You know, is it my job? I'm I'm only security, I don't do stuff with AI. So if this surrounds AI, then technically it's not my job. Or is it, you know, the AI individual or leader's job, you know, well, they don't do anything with security. And so within that, even the security practices have a very similar idea where you know we're speaking to security organizations and leaders, but within it, they have these security practices that manage things within these domains and even overlapping topics within these domains. And so there's not really a clear direction and you know comprehensive approach. They're taking very fragmented approaches where they're each kind of marching in a direction. It's not always the same. So, from our perspective, giving a framework where we can say, here's from top to bottom across all of these domains, exactly what controls that we're looking at and how that's operationalized in the field from the experts that are seeing it every day, that can really help guide the conversation to find out that these teams are actually working towards the same goal. Because quite honestly, they they usually are. They just don't necessarily recognize that from the start. A lot of AI and innovation groups, their primary ask of me when we get on a call and we start to come to talk about security is well, I don't want to slow anything down. I don't want to dissuade usage. We've just invested so much to have our organization embrace AI. We don't want to stop that now. So all of the security controls need to be looked at through that lens. And the primary thing, you know, I say to those groups at this point, which I think better aligns to the conversation to get us on the same page with those domains, is that fundamentally, for an AI initiative to be successful in order to accelerate, in order to innovate, you have to cover across all of those domains and including those traditional controls with the emerging ones. You know, at this point, it is a really critical piece that security and AI and innovation are genuinely aligned. And I think it's just about how we gather all of those individuals that pay attention to those controls to get that message across.

SPEAKER_01 16:17

Armor was not something that we just kind of came up with out of the blue. I mean, certainly it was rooted in a lot of the expertise that we have here at WWT, but we also put this kind of through the battleground with Texas AM, as I understand it. What did we learn from that engagement that really kind of helped shape where Armor's at today?

SPEAKER_00 16:36

A lot of the initiatives within Texas AM really led to us verifying our thoughts. You know, as you said, we have over 20 domain experts that led within each of the domains, but putting it out there with the field, we got CISO from the entire system, CISO feedback. We uh stood up work like shared responsibility model because it's a very well understood uh uh you know structure within cloud service providers, etc. But now with AI, there's models, there's infrastructure supporting those models, there are tools within those models. Where whose owns responsibility for that? So we were able to test a lot of our thoughts and the criteria that we did, and we got a lot of feedback. So it really helped develop the model to be more mature with the actual real-world implementation of AI factory and not just an AI factory. The great thing about doing this at the academic level is that they do engineering-based AI, they do health and life sciences-based AI, they do defense AI. So also taking all those controls and constraints for each of those industries into account was extremely helpful.

SPEAKER_01 17:56

So Armor is the framework. Six domains built to map how organizations are actually structured, not how the industry talks about AI security. What that means in practice is that depending on your role, you're probably already living inside one of those domains. Jillian and Istvan have been operationalizing it with real customers. So let's go domain by domain and look at what they're actually finding. This episode is supported by Akamai. Akamai's GardaCorps micro-segmentation platform uses AI-powered behavioral analysis to stop lateral movement and contain ransomware across hybrid cloud and on-premises environments. Achieve zero trust security without infrastructure changes with Akamai's industry-leading segmentation solution.

Bringing Ownership To AI Security

SPEAKER_01 18:38

You know, I feel like governance can oftentimes sound like, you know, paperwork or back office type of functions, but surprisingly, I would say governance might be one of the more, one of the hottest buzzwords that we hear here on this podcast. It's used all the time. You know, if you take just mythos as an example, you know, that raises a real governance concern about who owns what and when and so on and so forth. So as we see it, how what does good governance look like within within an organization?

SPEAKER_02 19:07

I think ultimately it looks like a holistic approach and one that is able to scale as you know these emerging technologies come out and evolve and continue to just kind of dominate the space around us, right? I think at its core, that's really what that can look like. You know, it's interesting that you bring that from the kind of start and release of ARMR within the first couple of months. The primary domains I saw that would come back and from an organization, they'd say, let's follow up and have a deeper dive into these. It was always GRC, model protection, and SDLC. And a lot of the model protection SDLC was kind of expected because those were some of the more emerging uh security controls and topics, especially in a time that was really focused on AI coding assistance. You know, that was a big one that really drove that conversation. But even in the past two months, what I've seen is that has really shifted to uh GRC, infrastructure security, and secure AI operations. And so the interesting component of that is, you know, it really speaks to how GRC blends with all of the other ones. You have to have a good governance system within your organization. You have to be able to understand and pretty soon hear answer what does your non-human identity and agentic governance framework look like within your organization? How are you guys, you know, standing up agents and who can stand up agents? What does that look like and what's that process look like? One of the top questions I get is just who's responsible if something goes wrong, right? A lot of the current agents and deployments, some people are just whoever created the agent, their name is on that. Or, you know, the IT leader that's approving the agent, their name is on that. If something goes wrong, you know, that's the responsible party. So that's really where you know GRC does get into the importance and the success, not only of the security of you know an AI infrastructure, but also of the deployment as a whole. You need to have a good approach and you need to be aware of what good looks like as things scale so that you're not feeling always kind of behind the curve.

SPEAKER_01 21:06

Certainly here

Smarter Guardrails For Coding Agents

SPEAKER_01 21:07

at WWT, we've talked a lot, certainly on this podcast, but also here within the you know the four walls of GHQ about coding assistance. Jillian, you know, I you can pretty much go to any news organization now and see kind of scary stories about how you know people are using coding assistance and then maybe you know some of their backups are gone or it's doing something that would be a little bit rogue. So what does that mean to us as it relates to you know human approvals or uh permissions or anything along that lifecycle? So how does that bake into Armor?

SPEAKER_02 21:39

Well, I really think it stands out in the sense of observability, for one, is we have to know exactly what tools are in the ecosystem, you know, what they're capable of doing. But I also think it really does speak to a heightened level of attention that we as you know developers or or monitors of these development tools have to have at this point. Right. You know, there is a An overwhelming kind of innate trend of over reliance that happens. You know, the more times that you get an accurate response from one of these tools, you know, the less likely it is that you're going to check it just as tough the next time. But we need to make sure that we're enabling these development teams to consistently keep up that level of effort of checking. And we also need to be aware of what exactly can go wrong as we introduce these into an environment. Ultimately, these tools, especially blended into an agentic context, are the world's most literal genie. There's development agents from the stories I've heard of where they assign an agent, okay, you are to act within the bond the confines of this corporate security policy. And you're going to help me develop for our company website. And then a couple, you know, weeks later, they go and check on it and it's trying to change the company's intranet and the upload a new document. And it's basically just rewritten the corporate security policy and it's trying to upload it. So we do see that as kind of this level of there needs to be more uh attention with the humans in the loop. There also needs to be more focus on exactly what scope these tools have. You know, how much can they really touch? Going to your point of do they accidentally delete all of your system and backups? You know, these are things that are are getting considered in real time. And I think that we're going to continue to see things like that happening as they they work their way through organizations at this point.

Zero Trust For The AI Era

SPEAKER_00 23:29

Yeah, and that's one of the things where we see, you know, the controls, right? Some of these new emerging capabilities, there aren't even always controls. And if we look at some of the model providers, some of the Frontier Labs, even their corporate services, that only getting to providing some of those controls today. So, you know, one of the challenges when we face talking with customers, right, is that we can highlight these risks, but sometimes there aren't even tools that are available to reduce it. So then you have to do the best that you can do. You know, like that example, you know, putting in system prompts is not perfect, but it gets you closer to reducing that risk, right? And as these Frontier Labs and as these startups that bring some of these controls to the market are developing controls and capabilities to secure these gentic agents, et cetera, then we're going to be able to see that we're going to drive maturity. But right now, a lot of times it's highlighting the risk, getting observability, being intentional about where you deploy. And as within security normally, right, try and reduce the to dust. It's like zero trust architecture, limit the agent to what you expected to do at the tool level, at the data level, right?

SPEAKER_02 24:57

There was actually an academic use case where they had an agent break out of their sandbox lab environment. And the only reason they knew that it had done that was because of the East-West traffic, a basic firewall. You know, their network security was really what enabled them to have visibility into what was going on and what was potentially going wrong. So in a lot of these conversations that we do have, where the technology is new and the security controls have to lag a little bit as they catch up to protect specifically to these solutions, you know, we're seeing that the conversation around these traditional security controls gets us pretty far. And so that's the kind of message that we try to, you know, instill in organizations is make sure that, you know, your network security is enabled in the context of AI. Make sure that you have proper observability and that you do have a solid system of what does this look like when something is detected, right? Because we are seeing that a lot of that burden's falling on the network security teams to kind of figure this out. And then the very next team that this is going to fall on is the AI or secure operations team, right? Because then, you know, there's going to be countless alerts happening. There's there's a lot of data that's getting flooded into these. What does managing that look like? What do approvals look like for if you're onboarding agents? How do all of these things kind of come together as you're deploying a GenTech infrastructure or AI infrastructure generally?

SPEAKER_01 26:22

The domains are the map. And what's clear is that some of these controls existed long before AI. Things like network security, observability, and zero trust. What AI has done is make them urgent in new places with new stakes. So the question now is how does Armor keep up? And how does an organization actually start? So,

Keeping AI Security Practical

SPEAKER_01 26:40

what are we doing here with Armor to make sure that we're ready, that it can handle and that it can protect against whatever's coming next? Or is it just always kind of staying plugged in with what's on the horizon?

SPEAKER_00 26:50

With the gross and agility of AI and the changes in the model and capabilities, et cetera, we can't be sitting still, right? So with Armour, we definitely never designed it to be we put it out there and you know it'll tell them it'll be three years before we iterate. So we're working on an active process of extending the capabilities to the latest models, to the latest harnesses that's being made available to the latest kind of implementations that we see, and even some of these vendors that we actually work with that bring out some emerging capabilities on the security side as well. So for us, it's right now we're going to try and get a new version of Armor out approximately twice a year. And that's one of the things where, you know, the Armour approaches all the controls consistently across that. But the way that we apply it, right, and it's similar to what you were talking about earlier, you know, the model and how organizations need to, you know, test those models and things like that. Because sovereign countries, they need to be validate that the models work according to their rules and things. So one of the things we see is like when you're training models, you have to validate what that data goes into it. So tying a lot of these security controls, data policies, etc., to those sovereign governance and compliance standards is one of the big challenges globally, right? Because it's not one standard that you can put out there. It's not one regulatory definition. So a lot of the conversations we're having with sovereign data centers, sovereign neo-clouds, and even customers that need to operate AI in different regions of the world is how do we instantiate these in the right way? That not only are we not creating models we can't use, because if you use PII, for instance, in the EU to train your model, it's not allowed to be used. It's essentially an illegal model. So being able to understand how we put those guardrails in place, align those to the compliance needs from a country and organizational perspective is extremely key.

SPEAKER_01 29:18

What's the starting point? Is it is it diving in kind of domain by domain, or how do you start to actually integrate that into real-world setting?

SPEAKER_02 29:27

Yeah, I think really the first step is you know figure out exactly who the stakeholders really are. You know, our design of Armor was specific to include these domains in a way that you could package and just send over the infrastructure security section to an infrastructure leader, right? And all of the information that's pertinent to them is there. So our goal is essentially, you know, take some of these information, take the Armor dashboard, distribute it to your teams, and really just take the insights that we've seen, our experts have seen from operationalizing these deployments in the field and see where you're at.

SPEAKER_00 30:00

Similar to AI, right? AI becomes, and we've seen it at WWT, AI becomes more valuable as you break down silos. Similar to that, breaking down the silos and having teams work towards the same kind of capabilities is extremely important. We see that in network operations, combining capabilities with security operations. And, you know, having that consistent taxonomy. Now, when the development team brings out a new AI-enabled application, they're not coming to the security team after the fact. They're working with them, that doesn't only make the application more secure. It also reduces the time, right, to deployment. So that's directly results in better auto e to the organization as well. Like, you know, brakes were put on cars, not only to stop it, it was so that you could actually go fast, right? Because if you don't have brakes, you can't go fast because then you'd crash into something.

SPEAKER_02 31:00

The wrong way of approaching it would be really treating it as we've treated security in the past and what we were seeing two years ago, which is treating every single one of those as bullet points you need to hit individually. You know, we do have some organizations that come to us after you know attempting that approach where they've got massive sprawl and they've got a solution, a different solution for countless different security controls. And at that point, not only are they kind of just exhausted with dealing with so many different ones, they really don't understand exactly what coverage they have. So I would say that you know the goal of Armour is to look at it from the perspective of here's all of the things that we consider constituting securing AI.

Where Security Teams Go From Here

SPEAKER_01 31:43

Well, Isvon, Jillian, thank you so much for joining us here on the AI Proving Ground podcast today. Um, something tells me that none of this is gonna slow down, so I'm sure we'll have you on um relatively shortly to talk about this some more. Thank you so much.

SPEAKER_00 31:55

Yeah, thank you very much. Thanks for having me.

SPEAKER_01 31:58

Okay, thanks to Isvan and Jillian for joining us here today. The lesson, the model gets deployed, the governance comes later. The gap between those is where the breach typically happens. So take what you've learned from this episode to make sure you're not caught flat footed. This episode of the AI Proving Ground Podcast was co-produced by Nas Baker and Kara Kuhn. Our audio and video engineers, John Nomblock. My name is Brian Phelps. Thanks for listening. See you next time.