Risky Bulletin Podcast Summary
Episode Overview
Podcast: Risky Bulletin (Risky Business)
Episode Title: Sponsored: Prowler uses AI how AI works best
Date: November 9, 2025
Host: Casey Ellis
Guest: Tony Delafuente (Prowler Security)
This episode focuses on the practical and principled role of AI in cloud security, particularly in cloud security posture management (CSPM). Tony Delafuente, co-founder of Prowler Security, discusses how AI is integrated into Prowler’s open source toolset to add value, not as a gimmick, but as a genuine enhancement to rule-based security checks across multi-cloud environments.
Key Discussion Points & Insights
1. AI’s True Value in Cybersecurity
- Avoiding AI Hype: Prowler is deliberate in applying AI where it genuinely improves outcomes, instead of just "sprinkling AI fairy dust."
- Quote: “We want to make sure AI is adding value, not just for the sake of using AI as we see on every product.” — Tony Delafuente [01:11]
- Main Uses for AI:
- Providing context and augmenting information.
- Generating plans and dashboards based on findings.
- Making security findings more actionable and understandable.
2. The Architecture: Rule-Based and AI-Augmented
- Rule-Based First: At its core, Prowler relies on checks — deterministic pieces of code that review cloud settings via provider APIs. This ensures reliable, repeatable, and consistent results.
- Quote: “A Prowler check or a Prowler rule is a piece of code Python that... tells you, hey, this is good, this is bad, or this is a threat, this is a vulnerability, whatever.” — Tony Delafuente [04:12]
- AI as a Layer on Top: AI is used to make sense of and act on results, rather than to replace rule-based detection.
- AI excels at: Summarizing, contextualizing, generating remediation plans, and making information consumable by humans or systems.
- Contrast with other uses: In vulnerability discovery or red teaming, where “fuzzy” probabilistic logic is helpful, but not in configuration validation (which requires precision).
3. Multi-Cloud Complexity & Consistency
- Cloud Provider Variability: Each provider’s APIs behave differently, with inconsistent outputs and authentication.
- AI Limitations: Purely AI-generated CSPMs can't overcome this inconsistency yet — rule-based checks remain essential for reliability.
- Quote: “There is no way to do that now. It's not really consistent because there are not one to one mapping between cloud provider Endpoint or API Endpoint with an MCP tool…” — Tony Delafuente [07:57]
4. Community & Open Source Benefits
- Open Source Ethos:
- The foundation of Prowler is openness, which allows any large language model (LLM) to learn from Prowler’s documentation and checks.
- Community contributions add new checks as cloud environments evolve.
- Movement Beyond CSPM: Tony reframes Prowler as part of the broader "open cloud security movement," not just another CSPM tool.
- Quote: “We call it a movement because I truly believe, and we truly believe, that open cloud security will allow the cloud to keep growing in adoption.” — Tony Delafuente [11:36]
5. Efficiency: Rule-Based vs. LLM/AI-Driven Approaches
- Speed Comparison:
- LLM-based systems retrieving cloud misconfiguration information can take 10–15 minutes and may deliver unreliable data.
- Prowler’s approach takes less than a minute for the same tasks, with deterministic results.
- Quote: “If you do that with something like Prowler... that takes a minute, 30 seconds, a minute.” — Tony Delafuente [16:13]
- Reliability & Repeatability:
- AI can sometimes obscure failures in data collection, while deterministic checks surface issues transparently.
6. Integration and Extensibility
- Prowler MCP (Multi-Cloud Platform):
- Enables practitioners and developers to quickly add support for new providers or create custom checks.
- Integrates with tickets (e.g., JIRA) and supports programmatic extensions.
- Lighthouse AI:
- Prowler’s AI-powered chatbot is available both in their SaaS (Prowler Cloud) and via open source on GitHub.
- Compatible with OpenAI, AWS Bedrock, and custom LLMs for automation and security analysis.
Notable Quotes & Memorable Moments
-
On the value of AI augmentation (01:11):
“We want to make sure AI is adding value, not just for the sake of using AI as we see on every product.” — Tony Delafuente -
On the limits of AI today (07:57):
“There is no way to do that now. It's not really consistent because there are not one to one mapping between cloud provider Endpoint or API Endpoint with an MCP tool…” — Tony Delafuente -
On open source as a cloud enabler (11:36):
“We call it a movement because I truly believe, and we truly believe, that open cloud security will allow the cloud to keep growing in adoption.” — Tony Delafuente -
Efficiency in practice (16:13):
“If you do that with something like Prowler... that takes a minute, 30 seconds, a minute.” — Tony Delafuente -
On the self-sustaining nature of open contributions (10:19):
“The open source foundation of Prowler allows any LLM to understand. You give an LLM. Okay, this is the developer guide. Do this and it's a perfect scenario.” — Tony Delafuente
Timestamps for Important Segments
| Timestamp | Segment | |------------|------------------------------------------------------------------------------------------| | 00:27 | Introduction to AI's current role in CSPM & Prowler’s approach | | 01:46 | Practical applications of AI in augmenting context and value in findings | | 04:06 | Rule-based checking explained — why it's still central | | 05:55 | The distinction between deterministic checks and AI’s fuzzier abilities | | 09:20 | Open source community, continual growth, and LLM compatibility | | 11:33 | Framing open cloud security as a movement, inclusive of all cloud adoption stages | | 14:58 | Direct comparison of LLM-driven vs rule-based efficiency | | 17:35 | How to get involved: MCP, Lighthouse AI, open source SaaS and integrations | | 18:30 | Flexibility in LLM/AI integration (not vendor-locked) |
How to Get Involved & Final Thoughts
- Try Prowler’s MCP and Lighthouse AI: Available via prowler.com and on GitHub.
- Lighthouse AI: Functions as a chatbot/security analyst, supporting connection to multiple LLMs for automation.
- Community Contributing: Active encouragement for testing, building new checks, and collaborating on the project.
- Open Movement: Prowler positions itself at the forefront of an open, community-driven wave making cloud security more accessible, adaptable, and responsive.
This episode is highly recommended for security practitioners, developers, or anyone interested in the real use-cases of AI in cloud security, especially with an open source community ethos and a focus on meaningful, reliable advancements.
