Securing AI Across the Global Enterprise WAN

Show Notes

In this Macro AI Podcast episode, Gary Sloper and Scott Bryan break down why AI fundamentally breaks legacy WAN security models—and why enterprises can’t secure AI like it’s “just another SaaS app.” AI traffic may look like ordinary encrypted HTTPS on the wire, but the real risk lives inside semantic intent, context windows, and increasingly agentic workflows that can execute actions across systems at machine speed. 

Gary and Scott walk through the core shift: security teams used to ask who is the user, where are they going, and is the data allowed to move? In the AI era, the question becomes far more complex: should this semantic content—originating from this identity, device posture, and region—be allowed to influence a reasoning system that can take downstream action? That’s not a firewall rule, URL filter, or traditional CASB problem—it’s a new enforcement model. 

The conversation builds an actionable architecture for securing AI across the global enterprise WAN, including why AI controls must be inline, preventative, and WAN-native. They outline the AI security capability stack—AI traffic classification, semantic inspection, and AI-specific policy enforcement—and explain why enforcement must be bidirectional, since model outputs can be just as risky as prompts. 

From there, the episode tackles the two dominant enterprise realities: securing AI that users consume (often hidden inside SaaS and productivity platforms) and securing AI the enterprise builds, including training pipelines, RAG systems, and agent-driven execution. The hosts also dive into the hardest global constraints—latency, sovereignty, and elastic load—and why distributed enforcement with centralized policy is now mandatory for performance and compliance. 

Finally, they cover what it takes to operationalize AI security over time: derived telemetry (not raw prompt hoarding), explainable policies, automated response integration, continuous governance, and agent privilege reviews—because architecture without operations is theory. 

Key takeaway: AI is now a first-class WAN workload—semantic, stateful, autonomous, latency-sensitive, and globally distributed. Treat it like SaaS and you lose control. Anchor AI security in the WAN and you gain visibility, preventative enforcement, and durable governance at enterprise scale. 

About your AI Guides

Gary Sloper

https://www.linkedin.com/in/gsloper/

Scott Bryan

https://www.linkedin.com/in/scottjbryan/

Macro AI Website:

https://www.macroaipodcast.com/

Macro AI LinkedIn Page:

https://www.linkedin.com/company/macro-ai-podcast/

Gary's Free AI Readiness Assessment:

https://macronetservices.com/events/the-comprehensive-guide-to-ai-readiness

Scott's Content & Blog

https://www.macronomics.ai/blog

Transcript

00:57
I'm Gary Sloper.  And as always, I'm here with my cohost, Scott Bryan. In today's episode is a topic that is top of mind for executives, AI security. Yeah, it definitely is. think the uh artificial intelligence  is, it's no longer just a few users of generative AI in a company. It's really now moving across.

01:26
entire enterprise networks  and at global scale. And I think most organizations are trying to secure it using security models that were designed for a completely different era. So today we're going to explain why that doesn't work and what architecture actually does work for the wide area network in this new era. Exactly. And this topic sits at the intersection of two worlds. We've both been entrenched in with our clients for many years, Scott, and that's

01:55
global WAN architecture, and now enterprise AI. And now the full extent  of the security risk and potential solutions are starting to come into view. And we should probably dive a little bit further into that, Scott. Yeah. Yeah. We'll just kind of jump into that conversation.  I think to understand why  AI changes the security conversation, you really have to understand ah what enterprise WAN security was originally built to protect. So

02:24
Traditional WAN security assumed really a  stable model.  Users authenticate, applications will expose some defined interfaces, data moves in predictable formats across the network, and uh enforcement decisions are based on identity, destination, metadata. And that model worked for decades really because applications were  deterministic. So if a user logged into Salesforce, the system behaved within

02:54
those defined bounds. If they uploaded a file, it was a file. If they accessed a database, the queries were structured and they were governed. And obviously AI doesn't behave like that at all. AI introduces a whole new kind of workload. One that's probabilistic, it's semantic and it's execution driven. So when you think about a prompt, a prompt isn't just a, you know, it's not a text, it's an interpreted instruction by the machine. And

03:21
Context, context window isn't just memory. It's, it's a, I guess you would say an aggregation of sensitive material. And now you have agents and agents aren't, um, what they are is that they're a really a reasoning loop that's capable of its own autonomous action. Yeah. And yet from a WANs perspective, all of this looks like encrypted HTTPS traffic. And that's really the break. The network sees encrypted packets.

03:50
But the real risk now lives inside the meeting. is something really legacy security was never designed to inspect, kind what you were just explaining above.  And so  if you were to translate this for any executives listening, ah CIOs, CEOs,  CISOs, if you go back 20 years, security teams asked really three main questions when it came to this topic. Who is the user? Where are they going? Is the data allowed to move? Very basic.

04:21
If think about artificial intelligence, AI now changes the questions to something more complex. Should the semantic content originating from this identity with the device posture in this region be allowed to influence uh a reasoning system that can break  down  into a downstream action? So if you think about that in that  context, no pun intended, ah that's not a firewall rule. That  is not URL filter.

04:50
filtering and that's certainly not CASB. It's fundamentally new enforcement problems that are now arising. Right. Yeah. And I think the mistake that a lot of IT teams are making right now is trying to treat AI  as just another SaaS application category. And it's definitely not. ah It's more of a behavioral layer that  sits on top of your entire data plane. Right. And your firewall is not designed for that type of behavior.  Nope. Totally different.  So

05:20
So I think one of the biggest misunderstandings in AI security is how data actually leaks. And that's something that you really need to break down. So I think a lot of  IT uh execs will imagine uh exfiltration as a of a dramatic event where someone downloads  a database or someone uploads a file or someone exports a report. And AI just doesn't leak like that. It leaks conversationally and it...

05:50
leaks, I guess you'd say incrementally over time. you know, like a user will paste a paragraph to get help, uh, summarizing some, some texts and then a second paragraph and then a code snippet. And then, you know, maybe some customer examples for some more context and each incremental step feels harmless, the model, uh, consolidates, or should I say aggregates all of that into a context window and

06:18
And I think here's what matters is, you know, a legacy DLP or, know, data loss prevention system will look for  structured artifacts. And, but AI interactions are unstructured. They're semantic and they're constantly evolving. So the risk is not in a single message. It's the accumulation  of meaning across  a protracted session. So that requires the session aware, semantic inspection that's in line.  And anything else is really just.

06:48
Logging and that's why you AI security you need to consider it to be a wide area network native capability, right? I Your spot on there, and I think if you think about this  if you're asking, know More about this type of topic this really the answer comes down to why AI security must live in the wind This is the architectural pivot point for your organization AI security cannot be off to the side. It cannot be  asynchronous

07:18
It can't be advisory. And mostly because timing matters. Once a prompt reaches inference, it's already been interpreted. Once the agent invokes a tool, the action has already started. Once a model response is returned, it may already contain sensitive synthesis. The only place that consistently sees traffic before the execution completes in the WAN. So,

07:45
Maybe what we do is we kind of walk through why the WAN is uniquely positioned here, Scott, because I know you're having a lot of conversations with clients about this specifically. were talking about this before the show. Yeah, that's starting to come up in nearly every network conversation, especially somebody that's looking to renew, know, upgrade the network and they're considering AI and excuse me. So the WAN, Wide Area Network, already does three critical things. It resolves user identity.

08:15
It decrypts traffic, it enforces policy in line, and that really makes it the natural enforcement plan for AI security, artificial intelligence security. So if you move AI inspection downstream, you're going to lose the timing. you move it upstream, you lose the context.  WAN really sits at that convergence point for identity, data movement, and execution. And that's  where the AI policy will naturally have to live.

08:45
And I think for global enterprises, it becomes even more important because  centralized inspection models introduce latency. So if it's  centralized into one point on a global WAN, you're going to see some latency.  importantly now we've talked about sovereignty requirements and governance. You might also have sovereignty violations if you're inspecting at just one centralized point. So just kind of summarize that AI workloads are latency sensitive. uh

09:14
And then if you think about agent workflows, they're chained and they can be chained across the wide area network. uh Inference is just iterative, lots of, you over time. And you just can't  backhaul this traffic halfway across the world for inspection. Enforcement has to be distributed across the WAN uh to  meet this new paradigm. So, you know, policy  at the same time has to remain unified. So this is, it's a

09:43
fairly complex, you know, architecture problem. you know, when, when native AI security is, is, uh, looking like,  uh, an answer for a lot of, a lot of clients. Yeah. And I think to that point, it's really also understanding the AI security capability stack that goes into a wider network. So  if AI security lives in the WAN,  you need to think about a few things that must exist there.

10:12
to support this WAN. ah So if you think about it in three layers, AI traffic classification. So this is where the system must understand that a flow represents AI and what role it's playing in  that flow. ah The other one is semantic inspection. So this means ah it must be analyzed, that traffic must be analyzed. So looking for intent, sensitivity, structure, all the things that you were just talking about earlier, Scott.

10:42
Really the third layer is  AI specific policy enforcement. So you're not  just allowing or denying, but redaction of, you know, PII, example, context stripping, tool suppression, rate control, all of these things that would make up that specific policy enforcement kind of for that third layer. So you almost have this three layer sandwich here uh for where AI security lives in the wider network.

11:10
Yes. Yeah. I think the three layer sandwich model is a good reference.  I'll take a number one with fries. Right.  Exactly. Repeat. um And without I think it's a good reference because, without classification, you really  it's  you're kind of blind. You haven't categorized what's going on  without the semantic inspection. You're you're really pretty shallow and you don't really know what is happening. And without policy enforcement, you're just you know, you're just reacting.

11:40
But  one other thing though, think critically enforcement has to be bi-directional. AI output can be just as dangerous  as the input. So,  if a model reconstructs regulated data or generates unauthorized actions that has to be intercepted before downstream propagation.  And this is why AI security can't be solved by  just by browser extensions alone, although that is a component. uh It has to exist at network scale.

12:10
based on the entire scope of AI interactions. Yeah, that's actually a really good point around AI interactions. If you think about it, let's start with artificial intelligent environment that users consume. So again, you're thinking about the interaction that they're consuming in that moment. So most enterprises begin there, right? employees are using AI tools. It's obviously kind of a step one for most organizations.

12:39
What's dangerous is how invisible this usage becomes. think of it this way. AI is embedded into  a lot of areas that we've talked about on this show and today. It's embedded into SaaS platforms. It's integrated into developer environments. It's layered into productivity suites. Blocking a domain doesn't address embedded AI calls. So  we have to keep that in mind. Security must operate based on behavior, not just branding. So  session aware inspection matters.

13:09
semantic  intent matters, identity and device posture uh matters. Because AI usage is now a productivity multiplier, think about it that way, and you cannot shut it down, you must govern it in line within your network. Yeah,  exactly.  And I think another AI interaction type is AI that  an enterprise would build. know,  internal AI systems  when they're

13:39
built from the ground up internally are going to amplify risk by design. So, more complex systems like  training pipelines that aggregate massive data volumes, uh RAG systems, retrieval, generation, we've talked about in a few  episodes.  So, RAG systems that dynamically retrieve your enterprise content, and then they might reach out to an LLM to generate a response. And then you had uh agents that are orchestrating cross-system execution.

14:08
And, just back to rag, think rag in particular really transforms models into, uh, you know, a natural language query engine to give you the answer, to give you some context around your answer. If you don't enforce contextual boundaries at the network layer, you've kind of created a lateral movement paths between data domains. Exactly. And  agentic systems collapse separation of duties. An agent can read, write, call APIs, trigger workflows in a matter of seconds. But.

14:38
each interaction may be authorized individually, ah but the sequence may be dangerous.  the WAN is the only control plane that sees the full workflow.  It's really that, you know, entire tunnel getting from point A to point B. So if you think about it this way, that's where the blast radius must be constrained is within  that core part of the network. Yeah, that's a good way to put it.  And now let's add, you know,

15:05
agentic AI and kind of focusing on that for a second. So agentic AI is where the architectural cracks really become really visible. So agents, don't just answer questions. They autonomously go out and decide, you know, what is the next action? So that transforms security from a, you know, a transaction based event to sequence based near no, you know, no longer asking, uh, is this particular API

15:35
call allowed, you're asking more questions like, is this chain of action aligned  with the enterprise intent? oh I think that requires workflow aware enforcement, stateful analysis, dynamic policy adjustment. And this isn't  traditional identity and access management. It's  also not just endpoint detection and response.  This is  WAN level governance of

16:04
autonomous systems inside of your wide area network. And, and that's why the AI era that we're now in kind of collapses the, old separation between network architecture and AI strategy.  And now they're really inseparable. Yeah. Because, you know, to your point, mean, ensuring that, you know, somebody may have proper access rights, but if they're, their intent is malicious.

16:32
or to cause internal problems. mean, that can be devastating to an organization. And we've talked about on previous episodes, agentic AI in the enterprise is moving lightning fast. Now, if we were to take a look at enterprises networks at a global scale, we start talking about things like you talked about earlier sovereignty, but also latency and elasticity. And global enterprises face,

17:01
those three hard constraints.  And that's going to be probably an area we should probably talk a little bit more because traditionally most organizations when they're  talking about the network, it's mostly latency and cost. uh Obviously latency still plays a  part here, but you know, as you alluded earlier, Scott, sovereignty is a big one and really that elastic load ah is really the third.

17:28
Yeah, just to drill into sovereignty a little bit. I mean, when we say sovereignty in the context of securing AI across a global WAN, we're not just talking about data residency. We're talking about, you know, who has legal authority over data, where it's processed, where it's inspected, you know, what country  and where its derivative meaning can exist.

17:53
And  AI makes sovereignty much more complex than traditional cloud or SaaS ever did.  that's probably a whole,  I think data sovereignty is probably a whole episode in itself  as it relates to security. Yeah, exactly. An AI inspection must occur locally to avoid that performance degradation, but governance must remain globally coherent. Sensitive prompts cannot cross borders just for inspection. So to your point, it's not just about where it's going.

18:23
It has uh a lot of other tentacles to it. So,  yeah. And CIOs care about, you know, end user experience. Yeah, exactly. So it can't, you know, getting back to latency, can't take forever either. So the traffic patterns spike unpredictably as AI adoption grows.  So this requires distributed enforcement nodes with things like centralized policy control. Anything less than distributed enforcement nodes creates blind spots,  policy drift, and

18:52
course network performance issues, which could impact, you know, internal production, but to your point also impact your customers. Yeah. And user. Yep.  Um, so if we were talking about operational AI, you know, security, that's,  you know,  another area that a lot of the listeners are probably interested in and it's architecture. If you think about architecture without operations in theory, AI security requires a few things.

19:21
derived telemetry, so no raw prompt hoarding, uh which can create compliance and privacy nightmares. You need explainable policy decisions,  automated response integration, and really ongoing governance cycles. Just because you put something in place today, it's not a set it and forget it. Everything's changing so fast. So you need to make sure that you have that cadence within your governance committee  to continue to update those policies.

19:49
uh And the policies must evolve as usage evolves across the enterprise. So  whether that's adding applications or just changing how your intent could be sending down the pipe. Yeah. Or think about agents. You really have to,  as the number of agents  kind of explodes across the enterprise, agents have to be reviewed for privilege drift as they're working autonomously.  And then along with security governance, you need to consider

20:19
cost governance.  So it's back to the old story. uh And so, you know, now all that being said, when done correctly, AI security becomes kind of a, you know, an invisible infrastructure.  Users will feel empowered to use their AI tools.  The developers will feel like they're being supported and security feels in control  once you have it, once you have a strategy that addresses all of these concerns. Yeah. So if we were to kind of

20:49
wrap up everything in this episode and kind of the final takeaway, artificial intelligence is a first-class WAN workload. I think the most important insight from today we talked about,  hopefully you take away is AI is not an application category. It's a native WAN workload. It's semantic, stateful, autonomous, uh latency sensitive, and it's globally distributed. Yeah. And if you treat it like

21:17
SaaS, software as a service, you're going to lose control, like all those little areas we talked about. uh But if you anchor security in the WAN, you're going to gain the visibility, you're going to gain  preventative enforcement, uh global strategy and operational durability. Yeah. And with the explosive growth of AI,  the wider network is no longer passive transport that many of us

21:46
you know, have, have dealt with for 20 plus years. Yeah. This is a huge change. Complete change and a complete mindset set change. And it's a good opportunity for anybody that runs networks within an organization. It's, it's the opportunity for you to upskill yourself. Combine that networking skill with security skills, understand AI. Exactly. It's, the enforcement fabric for reasoning systems. And that is the architectural shift for this AI era. Yeah. That's good.

22:16
Good closing. So if you're listening to this and you're realizing that your AI strategy and your WAN strategy are a little disconnected, feel free to ping Gary or Mia on LinkedIn and ping us anytime. Yeah, we've both been designing global networks for a few decades now, and we're both happy to talk anytime about  wide area networking, especially when it comes to AI security. And please share this episode with anyone you know that is responsible for global networking.

22:45
might be thinking about re-architecting their environment, especially as Scott noted earlier, if you're in the benchmarking phase of repricing and ah taking a look at what your new  global network may look like. Thank you for joining the Macro AI podcast. We appreciate all the listeners. Feel free to share with your network and until next time, we'll see you soon.  Thank you.