Unsupervised Learning

A Conversation with Bar-El Tayouri from Mend.io

May 6, 2025

Bar-El Tayouri, Head of AI Security at Mend.io, specializes in the intersection of application and AI security. He discusses the challenges traditional AppSec faces in the AI era, emphasizing the need for comprehensive risk assessment and mitigation strategies. The conversation dives into innovative threat discovery techniques, including simulating dynamic attacks and the importance of security integrated into development workflows. Tayouri also highlights the evolving landscape of identity management and security in multi-agent systems, urging a reevaluation of existing governance practices.

45:53

Creator website

Episode guests

Bar-el Tayouri

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The integration of AI components into applications complicates traditional security measures, necessitating a comprehensive understanding of the entire technology stack.

Companies must adapt old security principles like identity management to safeguard AI systems while promoting innovation and reducing vulnerabilities.

Deep dives

Excitement for Technological Advancements

A strong enthusiasm for emerging technologies drives professionals within the tech industry, particularly in network and application security. Many find inspiration in the disruptive nature of startups, where the potential for innovation challenges established corporations. The desire to harness new tools often stems from a persistent curiosity, prompting continuous exploration and learning. These advancements not only open new opportunities but also encourage a proactive approach to security in the evolving landscape.

Intro

2min

Navigating the Tech Landscape

7min

Navigating AI Security Challenges

23min

Navigating Threats in AI Security

6min

Comprehensive Risk Assessment and Mitigation in Software Development

3min

Navigating AI and Security Challenges

4min

Elevating AI Security: Strategies and Insights

2min

➡ Get full visibility, risk insights, red teaming, and governance for your AI models, AI agents, RAGs, and more—so you can securely deploy AI powered applications with ul.live/mend

In this episode, I speak with Bar-El Tayouri, Head of AI Security at Mend.io, about the rapidly evolving landscape of application and AI security—especially as multi-agent systems and fuzzy interfaces redefine the attack surface.

We talk about:

• Modern AppSec Meets AI Agents
How traditional AppSec falls short when it comes to AI-era components like agents, MCP servers, system prompts, and model artifacts—and why security now depends on mapping, monitoring, and understanding this entire stack.

• Threat Discovery, Simulation, and Mitigation
How Mend’s AI security suite identifies unknown AI usage across an org, simulates dynamic attacks (like prompt injection via PDFs), and provides developers with precise, in-code guidance to reduce risk without slowing innovation.

• Why We’re Rethinking Identity, Risk, and Governance
Why securing AI systems isn’t just about new threats—it’s about re-implementing old lessons: identity access, separation of duties, and system modeling. And why every CISO needs to integrate security into the dev workflow instead of relying on blunt-force blocking.

Subscribe to the newsletter at:
https://danielmiessler.com/subscribe

Join the UL community at:
https://danielmiessler.com/upgrade

Follow on X:
https://x.com/danielmiessler

Follow on LinkedIn:
https://www.linkedin.com/in/danielmiessler

Chapters:

00:00 - From Game Hacking to AI Security: Barel’s Tech Journey
03:51 - Why Application Security Is Still the Most Exciting Challenge
04:39 - The Real AppSec Bottleneck: Prioritization, Not Detection
06:25 - Explosive Growth of AI Components Inside Applications
12:48 - Why MCP Servers Are a Massive Blind Spot in AI Security
15:02 - Guardrails Aren’t Keeping Up With Agent Power
16:15 - Why AI Security Is Maturing Faster Than Previous Tech Waves
20:59 - Traditional AppSec Tools Can’t Handle AI Risk Detection
26:01 - How Mend Maps, Discovers, and Simulates AI Threats
34:02 - What Ideal Customers Ask For When Securing AI
38:01 - Beyond Guardrails: Mend’s Guide Rails for In-Code Mitigation
41:49 - Multi-Agent Systems Are the Next Security Nightmare
45:47 - Final Advice for CISOs: Enable, Don’t Disable Developers

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.