In this week's enterprise security news,
- Knostic raises funding
- The real barriers to AI adoption for security folks
- What AI is really getting used for in the wild
- Early stage startup code bases are almost entirely AI generated
- Hacking your employer never seems to go well
- should the CISO be the chief resiliency officer?
- proof we still need more women in tech
All that and more, on this episode of Enterprise Security Weekly.
Security Weekly listeners save $100 on their RSAC Conference 2025 Full Conference Pass! RSA Conference will take place April 28 to May 1 in San Francisco and on demand. To register using our discount code, please visit securityweekly.com/rsac25 and use the code 5U5SECWEEKLY! We hope to see you there!
Adrian Sanabria
- FUNDING: Crogl, armed with $30M, takes the wraps off a new AI ‘Iron Man suit’ for security analysts
- FUNDING: Knostic Nabs $11 Million to Eliminate Enterprise AI Data Leaks
- MARKET: Security, Funded #184 – Zero Trust for AI
Actually, this week, I want to focus on something not related to funding in Mike Privette's Security, Funded newsletter. Every issue, he runs some polls. This past week, he asked readers, "what's holding back AI in cybersecurity?"
The answer was overwhelmingly that vendors struggle to make AI fit into real workflows. Tied for second was buyers aren't convinced AI actually helps, and security leaders & practitioners don't fully trust AI decisions
- AI TRENDS: The Anthropic Economic Index
- AI TRENDS: A quarter of startups in YC’s current cohort have codebases that are almost entirely AI-generated
I actually think this might be a good thing. Bear with me as I explain.
From talking to folks who have been using AI to write code, it's great for prototyping, or maybe even building an MVP, but don't expect it to scale very far.
Which is kind of perfect, given that many startups find that the code that got them from pre-Seed to Series A won't get them much further without a major redesign/rearchitect/refactor.
This is often because it won't scale to serve that new customer that is truly massive, or the market fit they discovered was different, requiring a bit of a pivot that the MVP wasn't designed for.
Since the MVP is inevitably going to be thrown away ANYWAY, why not use AI to generate most of it?
- CYBER INCIDENTS: Developer Convicted for Hacking Former Employer’s Systems
- HACKS: One pixel attack
I don't expect to see this as an attack from any financially-motivated attacker, but maybe an anti-AI hactivist?
The larger concern, however, are just corrupted images being incorrectly categorized by AI. I wonder if this extends to face verification? I'm guessing not, since that requires an enrollment image that it is comparing against.
But for surveillance cameras using this technology (e.g. Ring cameras), if I have a big enough pimple, will AI cameras think I'm a moose, or a Xerox machine?
The paper is here.
- SQUIRREL: “After carefully watching this video of cats making burgers I’ve come to the conclusion that the billions we’ve spent on AI is money well spent”
- ESSAYS: The CISO as Business Resilience Architect
A lot of interesting questions to ponder in this essay.
- SQUIRREL: “hmm maybe we do need more women in tech”
haha this is just a joke right
