Securing Agentic AI: The OWASP Approach

Show Notes

Agentic AI is moving fast. So are the risks.

Mo talks with Steve Wilson (Chief AI and Product Officer at Exabeam and Founder and Co-chair of the OWASP GenAI Security Project) about OWASP’s approach to agentic AI security, including prompt injection, guardrails, and what it means to keep humans in the loop as agents scale.

🔗 OWASP GenAI Project: https://genai.owasp.org

 📘 The Developer’s Playbook for Large Language Model Security (O’Reilly): https://www.oreilly.com/library/view/the-developers-playbook/9781098162191/

🔗 Podcast: https://alice.io/podcast

Follow the show so you don’t miss the next episode.
New episodes every two weeks. Stay curious.

Chapters

• 6:46: Building with AI tools
• 16:29: Why OWASP started GenAI
• 25:19: Guardrails myths
• 31:28: Supply chain lessons
• 38:26: When to scale adoption

Transcript

speaker-0 (00:00.024)
The technological change is accelerating right now. The rate of change in the 90s or the 2000s, 2010s, compare that to the 2020s. These are exponential curves at the rate of change here. So we're gonna need to find things that can move at high speed. And that's always gonna be tricky for the government. So we gotta find ways to have those government agencies support programs that can run at higher speed. And we've had really good collaboration with things like NIST and MITRE.

speaker-1 (00:29.494)
If AI has ever made you stop and think, wait, what is happening? You're not alone. I'm Mo, and I'm a security researcher asking the same questions. On Curiouser and Curiouser, we're having open conversations with experts, researchers, and leaders working at the edge of this space, talking through how AI is taking shape, what's shifting, and how people inside the work are thinking about it as it happens. So join us and listen in as the conversation takes shape.

Welcome back to Curiouser and Curiouser. Really excited about today's episode. I think I say that like every time, but we just have some of the best people that come in. And today is no exception to that. We've got Steve Wilson, who's the Chief AI and Product Officer at Xsabim. And more excitingly, to me at least, the founder and co-chair of the OOPS Gen. AI project. Super exciting to have you here today, Steve. And I've honestly ruined guest intro, so I'm going to let you.

Go and introduce yourself and you've got like an amazing history. So I'm sure everybody would love to hear something

speaker-0 (01:33.23)
Hey, thanks a lot, Mo. Thanks for having me and I won't bore you with my whole life story, but you know, for this purpose, I started my first AI company when I graduated from college in 1992. I've been doing AI projects on and off since then while working on developer tools, large-scale cloud infrastructure. But when ChatGPT came out, it was clear that this was a next step evolution in this AI stuff. And that's when

I put together the first version of what's now called the OWASP Top 10 for large language models. And that became kind of definitive document for how do you approach security with these things. We had a couple hundred people to contribute to that back in 2023, which I thought was amazing. The group has since grown to 22,000 people. We've put out 30 something white papers on different aspects of AI security, everything from

red teaming to see so guides and most recently a new top 10 for agentic applications. In my day job at ExaBeam, I run our product teams and we use GenAI to build advanced cybersecurity agents that we include in our security operations platform. And more recently, we're defining a new discipline we call agent behavioral analytics.

How do I watch what the agents are doing and keep tabs on them, just like I try to do with my employees?

speaker-1 (03:02.702)
No, that's pretty, I mean, it's honestly all pretty exciting. But, I mean, even when just going back to what you first said, did you say 1992 or 1997 when you, I don't know. 92. Okay. So one year before I started not aging you one year before me, but when I started my first AI company, um, um, but, um, no, uh, that's kind of like massive in terms of, uh, the

the shift in tech, So I think even five years ago, AI meant something totally different. And so, I mean, from 1992 to now, you've lived through multiple tech shifts. So what did it feel like seeing AI then, maybe seeing it 10 years ago, and seeing it two years ago to today?

speaker-0 (03:51.854)
I mean, I'll just put it in a nutshell, right? I start this AI company in 1992 and we're, we're trying to build advanced neural networks on my Mac too, with eight megabytes of RAM. And we actually did some cool stuff. We kept ourselves fed for a few years and then the worldwide web happened and we said, his AI stuff isn't ready. We better go figure out the web. We folded up the company.

I sold under a lucky star and I got a job at Sun Microsystems working on Java to learn how the web worked. That was amazing. Fast forward to 2023, I looked around and I said, this AI stuff is amazing. Everything that I'm doing right now is yesterday's news. So quit my job and went and found a new job that was going to put me in a spot where I could do this AI stuff full time. And

You know, I broke some of this down in the book that I wrote for O'Reilly, but when I look at the difference between 1992 and 2024, that's 32 years. That's a really easy computation to do for Moore's law. Things should be 65,535 times as fast. You want to know the difference between the math co-processor in my Mac 2 and an NVIDIA GPU? 143 million times.

And if we're going to train a neural network, we're going to take 10,000 of those and we're going to gang them together. So there's a lot that's changed, changed things in software. We invented transformers. We had to build the internet to give us a place to get enough data to train these things. And we had to build large scale computing infrastructure on top of GPUs. So there's 30 years of full stack innovation that went into that change, but yeah, it's.

It's dramatically different and the acceleration is crazy because it keeps changing faster and faster.

speaker-1 (05:43.374)
Yeah, and you make a couple of like really, really touch on a couple of really good things. But I think one of the biggest important things is like how fast infrastructure has changed. Right. But with all that changing infrastructure, we also have to consider like people have changed too. When you look at product and how product was being thought about in 1992 versus how you think about product now, who you're selling to and kind of your ICTs, it changes how we actually build things. Right. So one of the biggest changes that's happened are people.

and how they actually build software. And you, coming from this software engineering background, have likely seen some of the biggest changes in how people have started to build. So what does that kind of look like, I guess, in your teams, right? So when you look at how you were building before in 1992 and how you're building now and how you're looking at an AI product, what are some of those things that you...

you see as it's kind of coming to fruition, where are the focuses and more importantly, where are the challenges?

speaker-0 (06:46.508)
It's really interesting to look at kind of the cycle we're going through in software engineering. And my dad was what I will call a real engineer. My dad had a PhD in physics and he got his first job at Hewlett Packard when he got out of college, way before HP was making computers. And he and his team built the first ultrasonic imaging machines that, you know, we all see at the hospital these days. So when, when he was teaching me to computer program when I was a kid, he was teaching me engineering.

It's like, no, you've to go off and you plan this, write specification, plan how it's going to work. And you set it all up and you think about it and then you write the code. And it was like this incredible, what we would call waterfall development, but it was this discipline development that happens when you need stuff to work. Then we made this big shift to agile and we said, look, that's just too slow. If I'm to keep up with the market, I got to be able to iterate faster and I'm going to do agile development.

I'm not going to spec everything beforehand. And that led to a set of goodness, but also a set of badness. We stopped thinking about a lot of these architecture things, at least a lot of teams did. We stopped planning in advance. We just said, well, I'm just going to make it up as I go along in some places. it's some parts of software I've really suffered. What's crazy now, though, is while I've continued to be involved in building software, I haven't written code in two decades. At some point, when you go down the management chain,

You hang up your IDE and you say, I'm a manager. I manage people who write code or I help define products. 2025 was a watershed year for me. discovered, you know, discovered ChatGPT could write code that was not trivial. And then I got Cursor and then I got Claude code. And all of a sudden, you know, my, my hobby projects go from being a hundred lines of HTML to 50,000 lines of Python code.

And the amazing thing that I learned through that to tie it back is to make those agents really work. You have to tell them what to do. Really exactly. So you got to sit down and plan what you want and sketch out the architecture, write a PRD maybe. And if you give all that stuff as context to your bots, then they can do real work for you. And so it all just comes around. The more things change, the more they stay the same.

speaker-1 (09:09.454)
I actually got into the same exact problem that you did. And I've not been building software for that long. Far less, as a matter of fact. But when I took about six months to just sit down and say, I'm going to build this project. And I built a project and it was fantastic. And something went wrong within probably like eight hour, eight hour, nine.

And I realized I wasn't using Git and I wasn't, you know, making commits into this project. And I'm like, there's no way I'm going to salvage this. And I was just like, screw it. Right. And that's like hundreds of thousands of tokens just completely gone. And hours of my time that honestly would have taken months before. So I mean, the efficiency is crazy.

But I mean, six months later, I have all these agents that are orchestrated. you said, write a PRD. Well, I have a couple of agents like my little software engineering team alongside me. And I've got my project manager and I've got my product person. I've got people who are actually testing the problem. I've got agents that are testing it as we're going along and building units, unit testing. I've got one to make sure that the microservices are properly structured.

So every single part of these apps that I'm building now are like really, really like good in my opinion. And it's just crazy how we're enabled as people who aren't even like full-time software engineers to go and build our visions just because we understand how software is built. And I think we're actually seeing that a lot in soft just traditional software engineering too. These engineers are picking up these tools and they are going off with it, right?

So whereas it took me six months to figure out that I needed to properly use code management and tracking, they are not even on the same level as me. They're totally beyond. And they're like, no, no, no, we are like using it for tab completions to write insane amounts of code now alongside the code that we're just being kind of guided to build. So I think people are just enabled at every level to do some amazing things. But all that said,

speaker-1 (11:24.086)
you are the chief AI officer as well, right? So how do you see like, how do you see that kind of going into your organization, especially, you know, this chief AI officer role is kind of new just to the industry, right? So it contains a couple of things from like innovation to using AI responsibly within product. But there's also this like interesting synchronization that I've seen with certain organizations and their CCOs and security that the chief AI officer and

Sometimes the product and sometimes the chief security officer are working really closely in tandem. So how does that play out for you in your day to day?

speaker-0 (12:01.1)
Yeah, it's interesting. When I joined ExaBeam a couple years ago, the first things I started doing was pushing Gen.ai into our products. We built the first viable cybersecurity co-pilot, and then we built the first family of cybersecurity agents to help you run your SOC. At the same time, our CEO is saying, how do I get more leverage? I'm reading about this, companies transforming themselves with AI.

and we're putting it in our products, but we don't have a strategy for how we're using it to run our own business. And so he asked me if I would take on this additional role, because everyone knows I'm the AI cheerleader. And we had to start at the beginning. I got together with our CFO, our chief legal officer, our CISO, none of whom were big AI users. Some of them were actively resistant to it.

They're like, this is scary. Why would you use this? I've read bad things happen. You lose your IP, they give you bad answers. Why would anybody want to do this? And so we had to do a lot of education that led to us doing, you know, first baby steps, building an acceptable use policy for these AI tools and, you know, having the CISO invest in doing that and having him understand.

This is not only going to unlock us to use these tools, it's going to allow him to make that safe. And without allowing people to use them, he's just going to be fighting shadow AI. Instead, if we say there's an acceptable use policy, we've blessed some of these tools, he's evaluated these tools, our CFO and our chief legal officer have evaluated the...

data retention policies and data use policies of the company who builds those tools. Now that I have those tools in-house, I can log the data coming out of them. I can put that into compliance. And so we did that and along the way we selected a kind core AI platform. We picked what's now called Google Gemini Enterprise. And that allows us to have, you know, kind of the standard chat bot functionality for everybody in the company, but also

speaker-0 (14:17.064)
anybody at the company can build their own agents now. And so that's unlocking a lot of creativity and leading us to understand the next place where this goes, where every enterprise is going to have more agents than employees pretty soon.

speaker-1 (14:31.082)
That's some pretty good insight, but there's actually something that you said that I feel like was maybe the unblocker for you. And I think it will kind of help us understand where OASP is coming from actually. So you were talking about like kind of like those risks and talking about it with the CISO and one of the big, you know, coming from a application security background and product security, a lot of the friction was never a technical thing. It was usually a language thing, right? There's this language barrier between security first in

the product person and actually getting the thing that you need done and communicating why it's either risky or why they shouldn't do it when this is like a revenue problem as well, right? It's like, we want to do it for our users. Maybe it's convenience. we want to do it to make money because this is an awesome feature. But I found that like, you know, when you're able to communicate in the same type of language or you're able to find some common layer of

of technical communication between these groups, it's a lot easier to get things done. So I also tend to be pretty conservative on risk. And I don't think that necessarily every risk that's introduced by AI is novel and new, right? However, I do think that we need to be able to attribute them to other places. And where does this risk exist? What's the language that we can use to describe this risk? And then how can we also like

put these impacts in a way that all of the stakeholders can understand, right? And this is, in my opinion, where OWASP is just invaluable. So let's take you back a little bit, not so far back to the 1990s, but to when you first started the OWASP GenAI project and those first top tens. What was kind of the, what was the guiding principles behind making that? We're all familiar with the web project, but

I think for LLMs it's quite different.

speaker-0 (16:29.314)
You know, it's one of those, the more things get different, the more they stay the same. But, you know, I was working at an AppSec company and our CTO is this guy, Jeff Williams, who wrote the original web top 10 when it was the only top 10. And, you know, he based a lot of his career on that after that and really became a leader in AppSec. And so,

You know, we fast forward to 2023 and I remember before RSA, working with our marketing department, I'm like, what are we going to say about AI? You know, it was so new, but we knew everybody was going to want to talk about it. And so we started writing some things down. We put together some things for RSA that was fine, but then people knew I was interested in this and people started sending me things. They'd send me a little article about data poisoning or this or that.

You know, there's really a security story here about what needs to happen for these things, because they are novel. Sure, it's software and everything from the web top 10 to what you need to do for cloud computing and everything else. all part of it. It all just stacks up. So it's not completely new and novel. It's just software. It runs on the web. But there were really unique things. And so

I put together sort of a draft version of the top 10. I went to Jeff and said, do you think this is worth doing? And he said, you should go talk to the OWASP guys. So he introduced me to the board and I proposed to put the project together. And what everybody realized is there'd been research done on this. And if you go dig through the research papers and the university research, there's pieces, there were piece parts, but there was no place that there was a guide.

where you could go. want to learn about the security risks of large language models. so, you know, going back to that agile discussion, we said, you know, NIST or, you know, MITRE or something, they're going to take a year, two years to put out guidance on a new thing like this. We're a bunch of open source nerds. We can work quick. So we got together, we said, we're going to do it in six weeks. We're going to run three, two weeks sprints.

speaker-0 (18:45.986)
Here's what we're going to do in sprint one, sprint two, sprint three. At the end of sprint three, we're shipping this thing, right? It's time boxed and tons of people read that. it again, balloons to hunger for more and more and more information on this, as this becomes the defining trend of the 2020s. But I think that the thing about OWASP, the thing that's really different than the big security organizations is that it can move so fast.

But it's well respected enough. 2025 was an interesting year. I went to Davos for World Economic Forum, spoke at the UN. OASP has kind of become, when people want to talk about AI security, it's somebody who has to be at the table.

speaker-1 (19:35.298)
And it's just like having that seat at the table is like super important too. It's not like for me, a lot of this stuff for AI has become a quality issue as well. And AI and having a great product in the age of AI is all about also having trust, right? There's a lot of data on the line and it's really important to be able to keep up with these kinds of like, like have these types of standards alongside you.

But when things are moving so fast, it's like, my gosh. So like when you mentioned NIST and MITRE, I'm like, man, government organizations, they move pretty slow. Like they aren't really very lean and OASP fills that gap really well, where it's like, we've got a project, we have a timeline, we'll get it out, we'll iterate out loud in the community, right? So even when there isn't a formal standard completed, there's at least some guidance ready to go.

just in draft that people can kind of go iterate, see how it works, come back, say, oh, no, this doesn't actually work like this. We should update, right? Like I know when we were working on the, the, the gender, the agentic gen AI piece, it was kind of interesting to see, like, it was very async. So a lot of it was happening in a Google doc, but like people were coming back and updating like, oh, actually let's change this definition a little bit here. Change this a little bit here. So it was pretty interesting to see how these things form over time. And

One of the big things actually, when we talk about it, is MITRE lost funding for a part of the time last year, right? So, like, what does that kind of, I don't know if you remember that moment, but there was a lot of like fear and uncertainty, right? Because MITRE was not just a, it's not just a US thing, right? The world kind of looks at these standards, right? And then it kind of informs a lot of people on how they do things.

So how do you feel about like kind of like this dependence almost on the standards? And like, I think it changes the light of how important these things are to people.

speaker-0 (21:35.234)
Look, I think at the bottom of it, MITRE, CISA, NIST, all these things are incredible resources and goodness that have delivered tons of value to the industry. At the same time, we have to evaluate the models of how do we support these things. They're completely bottoms up things like the way that we built some of this stuff at OWASP. But we also found like

man, there's a set of things we could do if we had more resources. So even in our own little OWASP group, we've gone out and gotten corporate sponsors who donate their time and energy into the group so we can have more resources and more support and do events and spread the word. you know, government in some ways, when, you know, it's the thing with the most money and the most influence, and it's the thing that could get baked into regulations, nobody's going to write a law around the OWASP top 10.

should they? But I would say the thing that we know is that technological change is accelerating right now. You know, the rate of change in the 90s or the 2000s, 2010s, compare that to the 2020s. You know, these are exponential curves at the rate of change here. So we're going to need to find things that can move at high speed. And

That's always going to be tricky for the government. So we got to find ways to have those government agencies support programs that can run at higher speed. And we've had really good collaboration with things like, know, NIST and MITRE, which is great. So maybe that's the model going forward.

speaker-1 (23:19.714)
Like you said, there's not only is there lot of collaboration, but like they just need to be able to support these things. know, I think it's again, something that OASC can do because of the community, but there's not a lot of support that comes from external places when you look at like kind of these, these, these government focused standards or these government centric ones, right? Like they asked for experts to come in and give opinions, but typically takes a long time to get all this done. So the agility piece.

is definitely it hurts a little bit, but I also think by the time they come out, they are really, really, really well structured and they provide this like very strong framework for something like OAuth that can like kind of plug in and be like, hey, NIST says this. we can actually, this is how you would go and do this thing or MITRE recommends these things or we see these things in MITRE, right? Like the, here are some of the maturity framework stuff. This is how you can actually use OAuth.

to think about your maturity pieces. So they really do have this very nice synergy. Kind of going higher up in level of when we look at kind of the, like not only the dependence of each organization on each other, but how leaders are kind of like depending on these standards. I think there's also maybe an over-indexing on the technology piece, right? Where now people are saying, because we have these standards and we have

we have ways to go and implement, we should go and implement. But there's also a lot of misconceptions about AI safety and guardrails in general and how they can be implemented. And maybe we think a little bit too much of using AI without maybe thinking of securing it or what it takes to secure it all the way. And maybe we over-index on some of the security mechanisms that are out to actually protect your AI, right? So what do you think are some of those

biggest misconceptions that are out about AI security and safety right now.

speaker-0 (25:19.726)
I think it's been an interesting shift over the last, let's call it 24 months. You you go back to 2023, early 24, a lot of CISOs were just taking a stance that said, nah, keeping this out. I'm going to my Zscaler, I'm finding the category that says Gen. AI and I'm turning it off. And I'm like, they're like, phew, solve that problem. Last year, you know, in my job at ExaBeam,

We talked to a lot of CISOs and I had CISOs come to me going, I can't do it anymore. I can't keep it out. I'm getting pressure from my boss. I'm getting pressure from the board. They're going to roll this out and I need a security strategy and the security strategy is not regulated out of existence. It's not going to hold water anymore. There's too much apparent benefit to it.

All sorts of good arguments to have about the difference between good ROI and bad ROI with these tools, but people are going to do it now. It's not optional. And so they're looking for strategies and they're saying, okay, I got this batch of tools. Do I need new tools? We all know there's a new startup every five minutes that's saying they're going to solve agentic security. We've been through multiple generations of them at this point. There was a whole first generation of them that I will call the guardrails tools.

And I think, I mean, a lot of these companies, several of them, their founders worked on the first version of the top 10 with me and went off and started these companies. They built the first sets of guardrails. They grew their company with some sales and some customers, and they've already sold them out to bigger cybersecurity companies. And now people are coming in behind saying, you know what, maybe that's not enough. And I think that's what we've seen is

If you say my cybersecurity strategy for securing this AI is I'm going to use AI to secure the AI. It's what I call it's the turtles all the way down problem. It's like, well, what's the best way to screen for prompt injection? You can't do it with a regular expression. It's not like looking for SQL injection. The only thing it comes to is well, I need to use natural language processing. So I should probably use a large language model. So I'm going to say,

speaker-0 (27:41.58)
The thing that I'm trying to screen for prompt injection, I'm gonna use another thing just like it, which is also vulnerable to it. And I'm gonna stack those and that's gonna solve the problem. It's not. And what we see from, whether it's OpenAI, Anthropic, Google, it doesn't matter. They've all come out and they said, prompt injection, hallucinations, these are durable, these are endemic to the way that we built these things.

So get used to it and plan for it. And the analogy I can draw is when people say like, my God, if those are vulnerable to that, how can I trust them to do any work in my organization? And all I can say is, you know who else is prone to hallucinations and prompt injection? Every employee you have. We just call it phishing and we call it compromised credentials and we call it

malicious insiders and we have all sorts of different names for it, but it's exactly the same and our humans can be deceived, our humans exfiltrate data. So we wrapped them in a bunch of security tools of different ilks and we build things like insider threat programs. And the next thing that we're gonna add to the insider threat programs is our agents. And we're gonna have to learn from how we deal with very imperfect humans to deal with very imperfect, very fast AIs.

That's going to be the next step in this evolution.

speaker-1 (29:10.604)
Yeah, I mean, it's funny how human in the loop and like humans on the front line have just all come full circle, right? So you mentioned phishing and you mentioned, yeah, what's your organization's best defense? So the humans, also, they also happen to be the weakest link in your organization's defense, right? It's the same thing that happens with AI when you implement these guardrails or you are doing all these things. The easiest way to get through them is a human. And it's either you've got a human in the loop that's watching, that's making sure that

Drift isn't happening that knows what is actually going on, you know, to make sure you have transparent systems that are all reporting and informing properly so that when a human does need to make a decision, it's a lot easier, right? You reduce the amount of fatigue that they're going to experience in reviewing all these tools and outputs. The other...

The other half of that is just like red teaming and actually testing and making sure you are doing human business logic, kind of like buzzing or like penetration testing, right? Making sure you're going and you're attacking your apps and you're actually putting them in real world scenarios. And again, this is like something that we need more of, but there's just been a lot of... I think there's just been a lot of passing the buck and saying, hey, like...

I think this can be done better elsewhere. This can be done better outside. And sometimes that's true. Sometimes that's not. And what I mean by outside is kind of the organization saying, you know what, this is really difficult. So let's just go and depend on some of these default configurations. Right. And like you said, let's just go and turn off the gen AI here. Right. And that should be good enough, but that's always never the case, almost never the case that your defaults are good enough.

So making sure that you're really paying attention to some of these default configurations, making sure you've got the comprehensive program all the way around is super important. And back to OOS, that's kind of like one of the fundamentals and foundations of like building these really, really great programs. So I guess as we like kind of think about where we've come full circle, it always seems like it comes back to speed and people just, again,

speaker-1 (31:28.386)
the technology is moving faster than we can anticipate. And when we think about that, I'm like, mean, over just this weekend, right? Out of nowhere, what was it called? Multbot, right? Claude bot eventually got rebranded to Multbot. It comes out and everyone is shocked. It had been around for months before, right? And people have been playing around with it. But it's like, as soon as it got some real virality, people were like, my gosh, what do we do?

And to have this kind of like full circle moment when, when we were actually starting to look at skills a couple of months ago, the first thought was like, this is supply chain security, right? If you look at it, even, I think maybe two or two years ago, cursor had like this issue where you were able to go and get like skill files from outside of your organization. And then it was going and making calls to other places and out of nowhere you had RCD, right?

It's a supply chain problem and it's been around. So I mean, like I had this little tool that was like, oh, look at this supply chain, look at the skills file and tell me if there's anything weird in it, right? All of a sudden this became super important and it was like these basic cleanliness things that we just kind of overlooked because of AI, all of a sudden came back to play. So when we were looking at like, I guess these like normal defenses that we already have available.

What do feel like is the most overlooked?

speaker-0 (32:59.522)
Boy, there's a lot to unpack there. So the first thing when you look at something like Cloudbot, I mean, this has happened before, this will happen again. I mean, was, go all the way back to 2023 and you see the first examples of where somebody shipped one of these agent toolkits and everybody started slapping together agents that were running around on the web using their credentials to do who knows what. And everybody was all excited about them for about

a few weeks until everyone realized how terrifying this was and it went back down.

around. I would say, first and foremost, you got to take some personal responsibility or corporate responsibility for what you are going to deploy. when I think about this, again, if I'm talking to consumers, it's like, okay, we got to really talk about what's safe on the internet. And we go back to

you know, consumers are not good at this and there's all sorts of ways that they get ripped off already. But if you're talking to businesses, you're like, all right, go back to the first principles. You can't block out AI, but you can move at a measured pace where you allow things in and on your network that you have done some inspection of.

speaker-1 (34:14.648)
You

speaker-0 (34:27.085)
Some of these second order bits where you let in a tool that's going to bring in other content and things like that. I mean, we have plenty of places where we deal with that today, you know, just maybe a little bit slower. But in our software development shops, you know, everybody rummages around GitHub and brings down stuff and we built a supply chain security, you know, industry around managing that kind of stuff. And we got that from

Log4j and SolarWinds and all these other things. CloudBot's teaching us about a new layer of things like that that I think the providers need to get better at. If we're gonna have consumers able to use agents and grab skills and things like that, then this stuff needs to be managed more like the App Store on your phone. I I think the Apple App Store is an amazing example of a supply chain

that is mission critical, full of innovative, weird stuff that's pretty open, that is locked down and pretty secure. And so I think the providers of some of these things, you're gonna have to find places where they're able to wrap some of that stuff so that the normies can get at it and use some cool stuff. For the people who are developing software and living at the edge and trying the latest stuff,

just don't have your rose colored glasses on while you're doing that. Do this in safe places, do it in sandboxes, figure out how this stuff's gonna work while you stay on the edge. Have a laptop that's a burner that's not full of your credentials for everything else while you figure out how this stuff works. this Claude thing went from nothing to something to actively breached in about 72 hours.

You weren't going to be noticeably behind the curve if you took a little more time to poke at this and see what's really under the covers there. Yeah.

speaker-1 (36:27.754)
It's, it's, there's this weird like FOMO that people have, like as if the technology is going to disappear tomorrow just because it shows up today and things are moving so fast. And it's, it's really interesting to watch that kind of happen. And it's like every, every adoption of something new AI that's come out in the last couple of years, it's come out and then a week within a week, something bad happens.

And then we have to roll things back and it's like, hang on, hang on, hang on. Hold on for a second. This is a little too fast for us. And then we go, we make a standard and then we say, okay, well, this is how we're going to deploy it safely. You know, don't just try it. Go and, you know, play with it in this sandbox that we've made for you. It's going to be really interesting. I think as, as we continue down this cycle, because it's not sustainable and I've

made a grim prediction or like a grim kind of like statement that like 2026 is the year we need an AI incident like a really big one to kind of like set everything straight, you know, like we just need our big breach moment. But I think before we head off, I'd rather leave on a happier note. So because there is a lot of potential in this space. And the last thing we want to do is make people think that they shouldn't be adopting this.

As matter of fact, they should be really, really, really fast because it's going to benefit everyone at the end of the day. So as this space kind of matures, what, and when I say space, I'm not just AI, but like the guidance that we provide people in AI. So as we continue to mature in this place, in this space, what do you think kind of signals, this is ready for adoption. this is ready for.

kind of your organization to roll this out at a larger scale. Rather than just saying, let's just adopt it early and see what happens.

speaker-0 (38:26.926)
I think the first thing is understand what you want to get done. So many times I see people rolling out these projects saying, oh, it's neat technology. Let's figure out where we can apply it. And we'll just start using it. We'll sort that out later. And then you come back with these statistics where MIT says 95 % of the projects failed. And I'm like, 90 % of them probably didn't even have a goal when they started. just, people played around and.

ran out of energy at some point. It's funny, people assume when they watch what I've done at OWASP or they read my book that I'm probably the big caution guy. Like, I'll be very measured, careful with the AI stuff. I am not, I'm the world's biggest AI maximalist. I use this stuff every day. And, know, at ExaBeam, have, you know, so many big enterprise customers and

We built a set of AI agents into our product. We put them in and turn them on by default with access to versions of people's cybersecurity data. And, you know, for the most part, people would assume I would say, don't do that. But what we had to do is say, what are the use cases we could put these to that are safe and valid with eyes open about what they are good at and what they are not good at?

And I think so often people look at these things and it just looks like something that can do anything. You can build a demo that looks like anything is possible, but these new AIs are great at things we could never do before. Speaking English, speaking Japanese, writing Python code. We didn't have software that could do these things well at all. Summarize a document. Science fiction a few years ago.

But you know what they're terrible at? Arithmetic, following instructions, repeatable automation. They're awful at all those, just like people. There are reasons people have calculators and spreadsheets and stuff and you don't do that in your head because you're awful at it. There's reasons you have calendars to remind you what you do to every day because you won't remember. And so I think that the thing that I see most is people trying to put these things into places where you could

speaker-0 (40:53.026)
just know that's probably not a good use case for this. On the other hand, if I can go optimize it for it to do what it's good at and restrict it from even trying to do the things that it's bad at, I can make some really great use cases. And so we built these cybersecurity agents into our core platform and customers tell me they're three to five times faster than they used to be.

turning everybody in the sock into a team leader rather than an individual contributor. That's value. But when people start saying, I'm building the autonomous sock and I'm going to automate all the humans out of the loop and we're just going to run this with a bunch of AI agents, I'm like, you're crazy. We're nowhere near that and it's not a good idea and it won't be in the foreseeable future.

speaker-1 (41:41.934)
I have some thoughts about the autonomous stock and moving the analysts out and saying, just empower your best people to do more. We created a training gap, but I think that's a story for another day. I know that we're getting close to time and I wanted to say one first. Thank you so much for giving us the time today to just chat. I wish we honestly had more because

There is so much more that we could talk about and a lot of exciting things that are just happening. And you're just a wealth of trough of information as I would like to say. So thank you so much for giving us some of your time today. Where can people find you? Where are you going to be at? I definitely know you are going to be at RSA just with us too. We're also going to be there. So where else can we find you?

speaker-0 (42:31.768)
Hit me up on LinkedIn. I post about this kind of stuff regularly. So just search for Steve Wilson ExaBeam or Steve Wilson OWASP. You'll find me right away. Send me a connection request. Love that chat. You can also look at my book, the Developer's Playbook for Large Language Model Security from O'Reilly. And I'm virtual Steve on Twitter.

speaker-1 (42:56.878)
Okay, sweet. And then, you know, we're both part of the OAS project, so I guess where can people come and find us?

speaker-0 (43:05.598)
So for my bit in particular, we've got genai.oasp.org. That's got all the stuff we're doing related to top 10 lists and agentic security and red teaming guides and all that good stuff. It's all free. And that's also got information if you want to join, you want to contribute, we want to participate. Love to have you.

speaker-1 (43:27.34)
And I think we're literally the same URL. We're also genai.oas.org. So you come there and that's kind of where all of our agentic stuff is. And I think we've also got the Slack channel, right? We've got a couple of different Slack channels going on. So anybody in the community can just come and join. And it's always a good time. Steve, thank you again so much. It has been a pleasure having you here. Thanks for having me. If this episode helped, through the noise.

Like or subscribe so you don't miss what's next. Thanks for spending time with us. Until next time, stay curious.