Join Jackie Bow, the Technical Lead of Threat Detection Engineering at Anthropic, and Kane Narraway, who heads the Enterprise Security Team at Canva, as they dive deep into the dual-edged sword of AI in security. Jackie reveals how AI, specifically Claude, revolutionizes threat detection by breaking traditional barriers. In contrast, Kane emphasizes the risks tied to AI integrations, arguing that many challenges mirror existing vulnerabilities. Together, they explore innovative threat modeling strategies while balancing the need for strong security with the power of AI.
36:02
forum Ask episode
web_stories AI Snips
view_agenda Chapters
auto_awesome Transcript
info_circle Episode notes
insights INSIGHT
AI Amplifies Existing SaaS Risks
AI adds multiple layers of risk, increasing the attack surface and overall risk threshold in security environments.
These risks are mostly extensions of existing SaaS vulnerabilities but worsen the security challenge.
volunteer_activism ADVICE
Harness AI Creativity in Security
Use generative AI models like Claude to gain greater visibility and control in threat detection, breaking free from black-box tools.
Allow AI to hallucinate creatively within boundaries to uncover investigative paths humans might miss.
volunteer_activism ADVICE
Focus on Access and Integrations
Focus AI threat modeling on access methods and integrations, as these introduce the highest risks.
Prioritize securing data access and authorization to mitigate risk when AI interacts with enterprise systems.
Get the Snipd Podcast app to discover more snips from this episode
Is generative AI a security team's greatest new weapon or its biggest new vulnerability? This episode dives headfirst into the debate with two leading experts on opposite sides of the AI dragon. We 1st published this episode on Cloud Security Podcast and because of the feedback we received from those diving into all things AI Security, we wanted to bring it to those who haven't probably had the chance to hear it yet on this podcast.
On one side, discover how to leverage and "tame" AI for your defense. Jackie Bow explains how Anthropic uses its own powerful LLM, Claude, to revolutionize threat detection and response. Learn how AI can be used to:
Build investigation and triage tools with incredible speed.
Break free from the "black box" of traditional security tools, offering more visibility and control.
Creatively "hallucinate" within set boundaries to uncover investigative paths a human might miss.
Lower the barrier to entry for security professionals, enabling them to build prototypes and tools without deep coding expertise.
On the other side, Kane Narraway provides a masterclass in threat modeling the new landscape of AI systems. He argues that while AI introduces new challenges, many are amplifications of existing SaaS risks. This conversation covers the critical aspects of securing AI, including:
Why access, integrations, and authorization are the biggest risk factors in enterprise AI.
How to approach threat modeling for both in-house and third-party AI tools.
The security challenges of emerging standards like MCP (Meta-Controller Protocol) and the importance of securing the data AI tools can access.
The critical need for security teams to adopt AI to keep pace with modern engineering departments.
Questions asked:
(00:00) Intro: Slaying or Training the AI Dragon at BSidesSF?(02:22) Meet Jackie Bow (Anthropic): Training AI for Security Defense(02:51) Meet Kane Narraway (Canva): Securing AI Systems & Facing Risks(03:49) Was Traditional Security Ops "Hot Garbage"? Setting the Scene(05:57) The Real Risks: What AI Brings to Your Organisation(06:53) AI in Action: Leveraging AI for Threat Detection & Response(07:46) AI Hallucinations: Bug, Feature, or Security Blind Spot?(08:55) Threat Modeling AI: The Core Challenges & Learnings(12:26) Getting Started: Practical AI Threat Detection First Steps(16:42) AI & Cloud: Integrating AI into Your Existing Environments(25:21) AI vs. Traditional: Is Threat Modeling Different Now?(28:34) Your First Step: Where to Begin with AI Threat Modeling?(31:59) Fun Questions & Final Thoughts on the Future of AI Security