CISO Series Podcast I'm Worried That We're Not Worried About the Right Worries With AI
13 snips
Dec 9, 2025 
Danny Jenkins, CEO of ThreatLocker and a champion of practical security models, dives into the pressing concerns surrounding AI in cybersecurity. He warns against building AI solutions without clear problems, advocating for a shift from ROI to risk reduction in security discussions. Jenkins emphasizes the importance of fundamental controls over complex systems, arguing that many breaches stem from basic misconfigurations. He also highlights the need for default-deny strategies and effective communication to build stronger security teams, blending technical skills with clear communication.
AI Snips
Chapters
Transcript
Episode notes
Focus On Real-World AI Risks
- Noise from lab-based AI attack research can drown out real enterprise risks.
- Focus on practical threats like prompt injection, supply chain compromise, and weak access controls.
Don’t Deploy AI Without A Problem
- Figure out the problem before deploying AI and avoid 'AI for AI's sake.'
- Use AI only when it clearly solves a defined business or security problem.
Sell Risk Reduction, Not ROI
- Stop pitching ROI as the primary measure for security; frame asks as risk reduction instead.
- Present security investment as insurance that prevents existential business consequences.