Decoding the AI Rosetta Stone: Inside the OWASP AI Exchange

Decoding the AI Rosetta Stone: Inside the OWASP AI Exchange

Is AI governance dead, or was it never actually alive? In this episode of Cybersecurity Refined and Feral, Candy and Cailin tackle the "elephant in the room"—Artificial Intelligence. While organizations are rushing to deploy AI at breakneck speed, the security guardrails are often left in the dust. To help us navigate this "Wild West," we are joined by two industry titans: Aruneesh Salhotra, a fractional CISO and global community builder, and Rock Lambros, CEO of RockCyber and author of The CISO Evolution. Our guests pull back the curtain on the OWASP AI Exchange, a groundbreaking open-source project that serves as the "Rosetta Stone" for AI security. We move beyond the hype of GenAI to discuss how this framework provides over 300 pages of practical guidance for securing analytical, discriminative, and agentic AI systems. In this episode, we discuss: - The Evolution of OWASP: How a foundation built for web apps is adapting to the AI era. - Beyond the Top 10: Why the AI Exchange is a comprehensive framework rather than just a list of vulnerabilities. - The "Agentic" Threat: What happens to security when AI starts taking tangible actions instead of just answering questions. - Data Security on Steroids: Why AI governance is fundamentally rooted in "bagging and tagging" your data. - Global Impact: How the project is feeding directly into international standards like the EU AI Act. Whether you are a CISO trying to explain AI risks to the board or a developer looking for actionable controls like the "Periodic Table of AI Security," this episode provides the map you need to move from "feral" chaos to "refined" resilience. Resources Mentioned: - OWASP AI Exchange: http://www.owaspai.org - Connect with Aruneesh Salhotra: https://www.linkedin.com/in/aruneeshsalhotra/ - Connect with Rock Lambros: https://www.linkedin.com/in/rocklambros/

The "Hard Truth" of a SOC 2: Business Necessity or Total Waste of Money?

Is a SOC 2 attestation a vital proof of security or just a "rubber stamp" to keep procurement happy? In our latest episode of Cybersecurity Refined and Feral, Candy Alexander and Cailin join industry expert Rob to uncover the "Hard Truth" about the ROI of compliance. We dig into the messy reality of audits, including: - The Cost of Doing Business: Why SOC 2 is often the non-negotiable entry fee for selling to large enterprises. - The "Magic Genie" Myth: Why GRC tools won't save you if you haven't made the philosophical shift to prioritize security every day. - Operational Awareness: How the audit process actually teaches engineering and operations teams what they are supposed to be doing. - The Power of Risk Assessments: How simply writing down your risks creates a "persuasion effect" that helps management prioritize security. Whether you are a startup founder looking for a framework or a CISO navigating the "point-in-time" audit grind, this conversation is for you.