The Cybersecurity Defenders Podcast #220 - Defender Fridays: AI on the edge with David (DWIZZLE) Weston, Corporate Vice President, Enterprise and OS Security at Microsoft
15 snips
Jun 13, 2025 David Weston, Corporate Vice President of Enterprise and OS Security at Microsoft, dives into the cutting-edge intersection of AI and cybersecurity. He discusses the complexities of securing AI within Windows, reflecting on historical lessons like ActiveX. The chat highlights the crucial balance between security and extensibility in AI models, along with transformative innovations in endpoint security, such as ENTRA ID. Weston emphasizes the importance of collaboration in the cybersecurity landscape and invites listeners to actively engage with AI advancements for a safer digital future.
AI Snips
Chapters
Transcript
Episode notes
David Weston's Broad Security Role
- David Weston has a broad security role at Microsoft covering multiple operating systems and vulnerability testing.
- His background includes early pen testing and working on Microsoft Defender for Endpoints, giving him a full-stack defense perspective.
AI Shifts OS Security Paradigm
- Microsoft is transforming OS security around AI capabilities like MCP to enable new interaction paradigms.
- This shift introduces new threat models including remote code execution risks from AI integrations.
Learning from ActiveX Mistakes
- Lessons from ActiveX's pitfalls guide Microsoft's approach to securing MCP extensibility.
- ActiveX failed as a security model due to developer misuse; MCP aims to avoid these mistakes with better guardrails.