AI Security: Thomas Bryant on Shadow AI, NHIs, and AI Defense

AI Security: Patricia Titus on Shadow AI, Non-Human Identities, and AI Defense

AI security is not showing up as one clean problem.  It is showing up across governance, risk, productivity, identity, API security, and defense.  In this episode of ClearTech Loop, Jo Peterson talks with seasoned CISO Patricia Titus, about shadow AI, non human identities, AI agents, APIs, and what AI defense means when organizations are trying to move quickly without losing control. Patricia brings more than 25 years of cybersecurity leadership experience across public and private sectors, including financial services, technology, and government.   Patricia’s take is practical: shadow AI is both an IT and security issue, but it is also a governance, risk, and productivity problem. If organizations want employees to use AI responsibly, the approved path has to be easier than the workaround.   What You’ll Hear in This Episode  * Jo and Patricia discuss:  * Shadow AI as a governance, risk, productivity, and security issue  * Why visibility has to come before control  * How CISOs and CIOs can create approval lanes that are easier than going rogue  * Why AI agents are becoming a new control plane  * How non human identities, service accounts, bots, and APIs are changing the access conversation  * Why AI defense is less about novelty and more about applying fundamentals at a new scale and speed  Key Insight  * AI defense is not just about buying new tools.  * It is about understanding what AI connects to, what data it consumes, how agents behave, and whether the organization can prove access is controlled.  * That makes this episode especially relevant for CIOs, CISOs, IT leaders, security leaders, and enterprise teams trying to manage AI adoption inside real environments.  Timestamps  00:00 Introduction to Patricia Titus  01:34 ClearTech Loop hot take format and AI security focus  02:25 Shadow AI as both an IT and security problem  03:03 Visibility, safe paths, and enforceable guardrails  05:17 AI agents as a new control plane  06:06 Why emerging AI agent behavior creates new concerns  08:46 Jo on executive awareness and evidence  10:33 Non human identities and how CISOs and CIOs are enabling them  12:34 Least privilege, zero trust, and proving agents are turned off  14:27 APIs as part of the non human identity conversation  15:25 AI defense as fundamentals at a new scale and velocity  16:12 Closing thoughts  Guest Bio  Patricia Titus is a seasoned Chief Information Security Officer. She is a global cybersecurity executive with more than 25 years of experience leading security organizations across financial services, technology, government, and other highly regulated sectors.  She has held C level and executive positions at Booking Holdings, Markel Corporation, Freddie Mac, Symantec, Unisys, and the TSA. Patricia also serves on the Board of Directors for Black Kite and on advisory boards for several organizations focused on cybersecurity, technology, and risk.  Her work focuses on resilience, risk management, AI driven security, business alignment, and helping organizations understand how cyber risk affects operations and leadership.  Resources  * If Every User Needs an Identity, Why Don’t Our APIs? by Patricia Titus https://abnormal.ai/blog/user-identity-apis [https://abnormal.ai/blog/user-identity-apis?utm_source=chatgpt.com]  * Preparing for AI Regulation: What CISOs Can Do Now by Patricia Titus https://abnormal.ai/blog/preparing-for-ai-regulation-what-cisos-can-do-now [https://abnormal.ai/blog/preparing-for-ai-regulation-what-cisos-can-do-now?utm_source=chatgpt.com]  * Building a Culture of Proactive Threat Defense by Patricia Titus https://abnormal.ai/blog/building-a-culture-of-proactive-threat-defense [https://abnormal.ai/blog/building-a-culture-of-proactive-threat-defense?utm_source=chatgpt.com]  * Season 1 ClearTech Loop https://www.buzzsprout.com/2248577 [https://www.buzzsprout.com/2248577]  Follow  Follow ClearTech Loop for more conversations on AI security, cybersecurity leadership, AI governance, cloud security, risk, and enterprise technology strategy.  🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/playlist [https://youtu.be/byUzDwQV-DY] 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/ [https://www.linkedin.com/newsletters/7346174860760416256/]

ClearTech Loop Special Edition: Rethinking CDN Pricing with AWS CloudFront

Cloud pricing can look simple until the bill arrives.  In this ClearTech Loop Special Edition, Jo Peterson talks with Cristian Graziano, Principal Product Manager at Amazon Web Services, about AWS CloudFront flat rate plans and why predictable pricing matters for teams delivering internet facing applications.  Cristian explains how CloudFront helps accelerate and secure applications, why customers often combine CDN, WAF, DDoS protection, DNS, logging, and monitoring, and how flat rate plans are designed to make that model easier to understand, approve, and manage.  In this episode  Jo and Cristian discuss:  * What AWS CloudFront does   * Why CDN pricing can get complicated   * How CloudFront flat rate plans simplify pricing   * Why predictable monthly costs matter for developers, business units, SMBs, and enterprise teams   * How AWS is making security part of the starting point   * Why WAF, DDoS protection, bot controls, and security visibility matter for internet facing applications   Featured quote  “Security is included by default.” Cristian Graziano, Principal Product Manager, AWS  About the guest  Cristian Graziano is a Principal Product Manager at Amazon Web Services. His work focuses on the customer experience for AWS CloudFront, including onboarding, console experience, and pricing.  🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/playlist [https://youtu.be/byUzDwQV-DY] 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/ [https://www.linkedin.com/newsletters/7346174860760416256/]

AI Security Starts with Education: James McQuiggan on Shadow AI, NHIs, and AI Defense

AI security is not only about policies, tools, and controls. It is also about education.  In this episode of ClearTech Loop, Jo Peterson talks with James McQuiggan, founder and CISO of Apparent Security, about shadow AI, non human identities, and what AI defense means as organizations try to keep up with real world AI adoption.  James brings the lens of an educator to the conversation. His perspective keeps coming back to how people learn, how they adopt new tools, and why security teams need to guide safe AI use instead of relying on blocking or policy alone.  In this episode  Jo and James discuss:  * Shadow AI as the next version of shadow IT  * Why AI adoption is happening faster than governance and training  * How CISOs and CIOs can create safer paths for employees using AI  * Why non human identities create new access and data flow risks  * How AI defense includes defending with AI, defending against AI enabled attacks, and protecting AI systems themselves  Timestamps  00:00 Introduction to James McQuiggan and the episode theme  02:32 Shadow AI as the next version of shadow IT  06:17 Why education matters in AI policy and rollout  07:34 Training, micro learning, and helping users work safely  10:05 Non human identities, access, and data flow  12:27 What AI defense means in practice  15:00 Final thoughts and closing  Guest Bio  James McQuiggan is founder and CISO of Apparent Security. He is a threat intelligence strategist, cybersecurity educator, and practitioner with more than 25 years of experience across critical infrastructure, human risk management, and security leadership.   Resources  * AI and the Boardroom: Bridging Innovation and Security by James McQuiggan: https://blog.knowbe4.com/ai-and-the-boardroom-bridging-innovation-and-security [https://blog.knowbe4.com/ai-and-the-boardroom-bridging-innovation-and-security?utm_source=chatgpt.com]  * National Institute of Standards and Technology Cybersecurity Framework: https://www.nist.gov/cyberframework [https://www.nist.gov/cyberframework]  Follow  Follow ClearTech Loop for more conversations on AI security, cybersecurity leadership, AI governance, and enterprise technology strategy.  🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/playlist [https://youtu.be/byUzDwQV-DY] 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/ [https://www.linkedin.com/newsletters/7346174860760416256/]

AI Security: Shadow AI, Non Human Identities, and AI Defense (Rock Lambros)

AI is already inside your environment.  The problem is most organizations don’t fully see where or how it’s being used.  In this episode of ClearTech Loop, Jo Peterson sits down with Rock Lambros, CEO of RockCyber, to break down what’s actually happening with shadow AI, non human identities, and AI defense as adoption moves faster than governance.  Why This Matters  This isn’t a future problem.  Teams are already:  * Using AI tools outside of approved environments   * Creating machine and agent identities at scale   * Relying on security models that were never designed for this level of automation   That gap between adoption and control is where risk is showing up.  What You’ll Hear in This Episode  * Why shadow AI is a governance issue, not just a security problem   * How non human identities are scaling beyond what most organizations can manage   * What AI defense actually means beyond vendor messaging   * Where organizations are most exposed right now   Key Insight  AI security isn’t breaking because organizations aren’t trying.  It’s breaking because the systems meant to manage risk are moving slower than the systems creating it.  About the Guest  Rock Lambros is CEO and Founder of RockCyber and a contributor to the OWASP GenAI Security Project. His work focuses on AI governance, agentic security, and helping organizations understand how AI changes the attacksurface.  Resources  OWASP GenAI Security Project: https://genai.owasp.org/ [https://genai.owasp.org/] AAGATE Framework: https://www.rockcybermusings.com/p/aagate-governing-the-ungovernable-operationalizing-nist-ai-rmf-agentic-ai [https://www.rockcybermusings.com/p/aagate-governing-the-ungovernable-operationalizing-nist-ai-rmf-agentic-ai] Governing the Ungovernable: https://aicybermagazine.com/governing-the-ungovernable/ [https://aicybermagazine.com/governing-the-ungovernable/]  🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/playlist [https://youtu.be/byUzDwQV-DY] 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/ [https://www.linkedin.com/newsletters/7346174860760416256/]

AI Security: Todd Smith on Shadow AI, NHIs, and AI Defense

What does AI security actually look like inside real organizations?  In this episode of ClearTech Loop, Jo Peterson talks with Todd Smith, SVP and Director of Customer IAM and Threat Intelligence at Ameris Bank, about shadow AI, non human identities, and what AI defense looks like in environments where identity, fraud, and security are tightly connected.  They unpack why shadow AI is both an IT and security issue, why blocking AI tools is not a long term strategy, and how organizations are trying to bring more visibility and control to environments where AI adoption is already happening across teams.  Todd explains how shadow AI creates real risk through data leakage, IP exposure, and regulatory pressure, especially when employees turn to unapproved tools to move faster. The conversation also highlights the role of training, as organizations shift from simply restricting behavior to helping employees understand how to use AI safely.  The discussion then moves to non human identities, where Todd describes the operational challenge of managing identities that do not follow a clean lifecycle. These identities can accumulate over time, often without clear ownership, creating a growing need for discovery, cleanup, and better control moving forward.  From there, Jo and Todd explore AI defense from a practical standpoint. Instead of starting with external threats, the conversation focuses on understanding what is happening inside the environment first, including how AI interacts with data, identity, and access. That internal visibility becomes the foundation for any broader defense strategy.  This episode is especially relevant for CIOs, CISOs, security leaders, and identity leaders working through the realities of AI adoption, governance, and risk in enterprise environments.  Timestamps  00:00 Introduction to Todd Smith and episode context  01:40 Shadow AI: IT problem, security problem, or both?  04:50 Discovery, visibility, and managing shadow AI  07:55 Security as the “Department of Education”  10:45 Non human identities and lifecycle challenges  13:20 AI defense: starting inside the environment  Guest Bio  Todd Smith is SVP and Director of Customer IAM and Threat Intelligence at Ameris Bank. His work spans identity, fraud, threat intelligence, and AI security in financial services environments. He has held leadership roles across Ameris Bank, SoFi, Barclays, Citi, and the FBI, focusing on identity, cyber fraud, and intelligence driven security operations.  Additional Resources  * National Institute of Standards and Technology AI Risk Management Framework: https://www.nist.gov/itl/ai-risk-management-framework [https://www.nist.gov/itl/ai-risk-management-framework]  * National Institute of Standards and Technology Cybersecurity Framework (CSF): https://www.nist.gov/cyberframework [https://www.nist.gov/cyberframework]  * MITRE ATT&CK Framework: https://attack.mitre.org/ [https://attack.mitre.org/]  * Season 1 ClearTech Loop: https://www.buzzsprout.com/2248577 [https://www.buzzsprout.com/2248577]  Follow ClearTech Loop  Follow ClearTech Loop for more conversations on AI security, cybersecurity leadership, AI governance, and enterprise technology strategy.  🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/playlist [https://youtu.be/byUzDwQV-DY] 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/ [https://www.linkedin.com/newsletters/7346174860760416256/]