Cloud Security Podcast

chevron_right

AI is already breaking the Silos Between AppSec & CloudSec

whatshot 4 snips

Nov 4, 2025

In this discussion, Tejas Dakve, a Senior Manager of Application Security at Bloomberg Industry Group, and Aditya Patel, a seasoned Security Architect, dive into how AI is reshaping the security landscape. They tackle the collapse of silos between AppSec and CloudSec, emphasizing the inadequacy of traditional security models against AI-generated threats. Topics include the necessity for continuous threat modeling, the emergence of 'T-shaped engineers,' and the pivotal role of automation in enhancing security practices. Join them as they explore the future of security in an AI-driven world!

01:11:37

forum

Ask episode

web_stories

AI Snips

view_agenda

Chapters

menu_book

Books

auto_awesome

Transcript

info_circle

Episode notes

insights

INSIGHT

Security Can’t Be A Gatekeeper

AI has massively increased code speed and volume, making traditional security gates impossible to maintain.
Security must shift from gatekeeping to enabling safe developer innovation.

volunteer_activism

ADVICE

Make Threat Modeling Continuous

Treat threat modeling as a continuous, living process rather than a one-time activity.
Run periodic red teaming and automated threat scans focused on AI-specific vectors.

volunteer_activism

ADVICE

Provide Secure Paved Roads For Developers

Build paved-road solutions so developers get secure defaults and tests with one click.
Automate model reviews and integrate legal/compliance checks into the request flow.

Get the Snipd Podcast app to discover more snips from this episode

AppSec Program Leadership and Backgrounds

02:50 • 2min

chevron_right

What AI Use Cases Are Emerging in the Cloud?

04:22 • 3min

chevron_right

How AI Is Used in Products and Its AppSec Impact

07:08 • 2min

chevron_right

Why Traditional Security Models Fall Short with AI

09:14 • 6min

chevron_right

Operational Approaches: Paved Roads and Guardrails

14:57 • 3min

chevron_right

What Is Agentic AI and How Does It Differ?

18:05 • 6min

chevron_right

How Do AppSec and CloudSec Share Responsibility for Agents?

23:36 • 2min

chevron_right

How Should We Threat-Model Agentic AI Systems?

25:54 • 2min

chevron_right

Can Threat Modeling Be Automated and Continuous?

27:35 • 2min

chevron_right

Should Security Use AI for Detection and Remediation?

29:17 • 2min

chevron_right

How to Prioritize Vulnerabilities at AI Scale

31:44 • 3min

chevron_right

Cloud Posture: Balancing Velocity and Restriction

34:30 • 3min

chevron_right

How Do AppSec and CloudSec Collaborate Effectively?

37:02 • 1min

chevron_right

Developing T‑Shaped Security Engineers

38:16 • 3min

chevron_right

Secure-by-Design for AI-Native Applications

40:49 • 4min

chevron_right

Maturity Roadmap: From Acceptance to Governance

45:05 • 4min

chevron_right

How Should Security Roles and Skills Evolve with AI?

49:16 • 13min

chevron_right

Advice for Newcomers Entering Security Today

01:01:56 • 2min

chevron_right

Personal Reflections and Non‑Work Contributions

01:03:45 • 7min

chevron_right

Where to Find the Guests Online

• Mentioned in 175 episodes

Range

Why Generalists Triumph in a Specialized World

David Epstein

In this book, David Epstein examines the success of generalists in various fields, including sports, arts, music, invention, forecasting, and science. He argues that generalists, who often find their path late and juggle multiple interests, are more creative, agile, and able to make connections that specialists cannot. Epstein uses stories and research studies to show that wide sampling and late specialization can be more valuable than early specialization, especially in complex and unpredictable environments. He also discusses the distinction between 'kind' and 'wicked' learning environments and the importance of balancing specialization with range for long-term success.

The silos between Application Security and Cloud Security are officially breaking down, and AI is the primary catalyst. In this episode, Tejas Dakve, Senior Manager, Application Security, Bloomberg Industry Group and Aditya Patel, VP of Cybersecurity Architecture discuss how the AI-driven landscape is forcing a fundamental change in how we secure our applications and infrastructure.

The conversation explores why traditional security models and gates are "absolutely impossible" to maintain against the sheer speed and volume of AI-generated code .

Learn why traditional threat modeling is no longer a one-time event, how the lines between AppSec and CloudSec are merging, and why the future of the industry belongs to "T-shaped engineers" with a multidisciplinary range of skills.

Guest Socials -⁠ ⁠⁠⁠⁠⁠⁠⁠Tejas's Linkedin + Aditya's Linkedin

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠

If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠

Questions asked:

(00:00) Introduction(02:30) Who is Tejas Dakve? (AppSec)(03:40) Who is Aditya Patel? (CloudSec)(04:30) Common Use Cases for AI in Cloud & Applications(08:00) How AI Changed the Landscape for AppSec Teams(09:00) Why Traditional Security Models Don't Work for AI(11:00) AI is Breaking Down Security Silos (CloudSec & AppSec)(12:15) The "Hallucination" Problem: AI Knows Everything Until You're the Expert(12:45) The Speed & Volume of AI-Generated Code is the Real Challenge(14:30) How to Handle the AI Code Explosion? "Paved Roads"(15:45) From "Department of No" to "Department of Safe Yes"(16:30) Baking Security into the AI Lifecycle (Like DevSecOps)(18:25) Securing Agentic AI: Why IAM is More Important than the Chat(24:00) The Silo: AppSec Doesn't Have Visibility into Cloud IAM(25:00) Merging Threat Models: AppSec + CloudSec(26:20) Using New Frameworks: MITRE ATLAS & OWASP LLM Top 10(27:30) Threat Modeling Must Be a "Living & Breathing Process"(28:30) Using AI for Automated Threat Modeling(31:00) Building vs. Buying AI Security Tools(34:10) Prioritizing Vulnerabilities: Quality Over Quantity(37:20) The Rise of the "T-Shaped" Security Engineer(39:20) Building AI Governance with Cross-Functional Teams(40:10) Secure by Design for AI-Native Applications(44:10) AI Adoption Maturity: The 5 Stages of Grief(50:00) How the Security Role is Evolving with AI(55:20) Career Advice for Evolving in the Age of AI(01:00:00) Career Advice for Newcomers: Get an IT Help Desk Job(01:03:00) Fun Questions: Cats, Philanthropy, and Thai Food

Resources discussed during the interview:

Amazon Rufus: (Amazon's AI review summarizer)

OWASP Top 10 for LLMs

STRIDE Threat Model: (Microsoft methodology)

MITRE ATLAS
Cloud Security Alliance (CSA) Maestro Framework
CISA KEV (Known Exploited Vulnerabilities)

Book: Range: Why Generalists Triumph in a Specialized World by David Epstein
Anjali Charitable Trust

Aditya Patel's Blog

Home Top podcasts Popular guests Top books