The Pluralsight Podcast
Everyone is selling AI security — so when the threats are AI-generated and never look the same twice, can the tools built to match known attacks even see them? In this episode of The Pluralsight Podcast, Zack Korman — co-founder of AI-native security startup Embroidery and former CTO — argues that the answer is no, and that most of what's being sold to close that gap doesn't work the way the marketing claims. Zack spends much of his time proving, hands-on, what AI agents can be tricked into doing, which makes him unusually clear-eyed about what actually protects an organization and what just looks like it does. From a law degree to leading security tech and product teams, he's built a following on a simple habit: cutting through the hype to find what's real. We dig into why defending against AI-driven attacks requires AI-native detection, and why a system prompt is not a security control — you can't write your way to safety with a stern enough prompt when an agent is running with credentials it should never have had. We also take a hard look at what leaders are getting wrong right now: assuming they have visibility into their AI agents when the audit logs barely exist, handing agents their own operator credentials instead of least privilege, and trusting vendor claims that fall apart the moment you follow the incentives behind them. Topics covered: * Why AI-driven threats outpace signature-based detection — and what AI-native detection actually requires * The Microsoft Copilot audit-log gap and why most organizations have far less visibility than they think * How to tell genuine AI security from "AI-washed" tools and vendor hype * How to weigh risk when deploying AI agents — and what responsible deployment looks like * How to build and lead a security team ready for the AI era Chapters: 00:01:14 Welcome & Why a Skeptic Founded an AI Security Company 00:04:25 "Also Me Being Mad" 00:07:00 What AI-Native Threat Detection Actually Means 00:11:10 An AI-Native Threat in Practice: Hide the Vulnerability 00:13:42 "Our Product Uses AI": Marketing Claim vs. Reality 00:16:21 The Microsoft Copilot Audit-Log Discovery 00:20:10 Visibility, Confidence, and Evaluating Agentic AI 00:24:43 The Limits of Sandboxing 00:26:50 Pulling Back the Curtain on the Vendor Space & MCP 00:31:12 Running Agents in Production & What a Ready Team Looks Like 00:34:29 Where Veteran Security Leaders Fit in an AI-First World 00:36:49 Skills, Hiring, and Where to Start 00:43:01 Rapid Fire 00:45:15 What Zack Is Building Toward & Closing Takeaway Stay up to date on everything happening in cloud, AI, and security — subscribe to our weekly newsletter at https://www.pluralsight.com/technews/ [https://www.pluralsight.com/technews/] Connect with Zack Korman: LinkedIn: https://www.linkedin.com/in/zacharyakorman/ [https://www.linkedin.com/in/zacharyakorman/] YouTube: https://www.youtube.com/@ZackKorman [https://www.youtube.com/@ZackKorman] X: https://x.com/ZackKorman [https://x.com/ZackKorman] Questions or comments? podcast@pluralsight.com www.pluralsight.com [http://www.pluralsight.com/]
12 episodios
Comentarios
0Sé la primera persona en comentar
¡Regístrate ahora y únete a la comunidad de The Pluralsight Podcast!