CISO Series Podcast We're All for a Responsible AI Rollout as Long as It Goes as Fast as Possible
Sep 2, 2025
Jennifer Swann, CISO at Bloomberg Industry Group, dives into the shifting landscape of cybersecurity, highlighting the need to prioritize addressing basic misconfigurations over traditional vulnerability tracking. She discusses trust in open source software and its community validation, underscoring the importance of evaluating quality training data in AI. The conversation also touches on the complexities of managing vulnerabilities and the significant impacts of data poisoning in AI, all while balancing the excitement of innovation with necessary security measures.
AI Snips
Chapters
Transcript
Episode notes
Broaden Vulnerability Definition
- Jennifer treats any issue that introduces risk as a vulnerability, not just CVEs.
- Prioritize by exploit likelihood using context-aware frameworks to reduce noise.
Prioritize By Exploit Likelihood
- Prioritize findings by contextual exploitability rather than raw quantity.
- Use exploit prediction scoring to focus remediation on likely-to-be-exploited issues.
Enforce Open Source Guardrails
- Build and use an SBOM to know what open-source components exist in your environment.
- Use dependency scanning and repository firewalls to block untrusted packages before pull.