Sponsored: Prowler uses AI how AI works best

Risky Bulletin Podcast Summary

Episode Overview

Podcast: Risky Bulletin (Risky Business)
Episode Title: Sponsored: Prowler uses AI how AI works best
Date: November 9, 2025
Host: Casey Ellis
Guest: Tony Delafuente (Prowler Security)

This episode focuses on the practical and principled role of AI in cloud security, particularly in cloud security posture management (CSPM). Tony Delafuente, co-founder of Prowler Security, discusses how AI is integrated into Prowler’s open source toolset to add value, not as a gimmick, but as a genuine enhancement to rule-based security checks across multi-cloud environments.

Key Discussion Points & Insights

1. AI’s True Value in Cybersecurity

Avoiding AI Hype: Prowler is deliberate in applying AI where it genuinely improves outcomes, instead of just "sprinkling AI fairy dust."
- Quote: “We want to make sure AI is adding value, not just for the sake of using AI as we see on every product.” — Tony Delafuente [01:11]
Main Uses for AI:
- Providing context and augmenting information.
- Generating plans and dashboards based on findings.
- Making security findings more actionable and understandable.

2. The Architecture: Rule-Based and AI-Augmented

Rule-Based First: At its core, Prowler relies on checks — deterministic pieces of code that review cloud settings via provider APIs. This ensures reliable, repeatable, and consistent results.
- Quote: “A Prowler check or a Prowler rule is a piece of code Python that... tells you, hey, this is good, this is bad, or this is a threat, this is a vulnerability, whatever.” — Tony Delafuente [04:12]
AI as a Layer on Top: AI is used to make sense of and act on results, rather than to replace rule-based detection.
- AI excels at: Summarizing, contextualizing, generating remediation plans, and making information consumable by humans or systems.
- Contrast with other uses: In vulnerability discovery or red teaming, where “fuzzy” probabilistic logic is helpful, but not in configuration validation (which requires precision).

3. Multi-Cloud Complexity & Consistency

Cloud Provider Variability: Each provider’s APIs behave differently, with inconsistent outputs and authentication.
AI Limitations: Purely AI-generated CSPMs can't overcome this inconsistency yet — rule-based checks remain essential for reliability.
- Quote: “There is no way to do that now. It's not really consistent because there are not one to one mapping between cloud provider Endpoint or API Endpoint with an MCP tool…” — Tony Delafuente [07:57]

4. Community & Open Source Benefits

Open Source Ethos:
- The foundation of Prowler is openness, which allows any large language model (LLM) to learn from Prowler’s documentation and checks.
- Community contributions add new checks as cloud environments evolve.
- Movement Beyond CSPM: Tony reframes Prowler as part of the broader "open cloud security movement," not just another CSPM tool.
  - Quote: “We call it a movement because I truly believe, and we truly believe, that open cloud security will allow the cloud to keep growing in adoption.” — Tony Delafuente [11:36]

5. Efficiency: Rule-Based vs. LLM/AI-Driven Approaches

Speed Comparison:
- LLM-based systems retrieving cloud misconfiguration information can take 10–15 minutes and may deliver unreliable data.
- Prowler’s approach takes less than a minute for the same tasks, with deterministic results.
  - Quote: “If you do that with something like Prowler... that takes a minute, 30 seconds, a minute.” — Tony Delafuente [16:13]
Reliability & Repeatability:
- AI can sometimes obscure failures in data collection, while deterministic checks surface issues transparently.

6. Integration and Extensibility

Prowler MCP (Multi-Cloud Platform):
- Enables practitioners and developers to quickly add support for new providers or create custom checks.
- Integrates with tickets (e.g., JIRA) and supports programmatic extensions.
Lighthouse AI:
- Prowler’s AI-powered chatbot is available both in their SaaS (Prowler Cloud) and via open source on GitHub.
- Compatible with OpenAI, AWS Bedrock, and custom LLMs for automation and security analysis.

Notable Quotes & Memorable Moments

On the value of AI augmentation (01:11):
“We want to make sure AI is adding value, not just for the sake of using AI as we see on every product.” — Tony Delafuente
On the limits of AI today (07:57):
“There is no way to do that now. It's not really consistent because there are not one to one mapping between cloud provider Endpoint or API Endpoint with an MCP tool…” — Tony Delafuente
On open source as a cloud enabler (11:36):
“We call it a movement because I truly believe, and we truly believe, that open cloud security will allow the cloud to keep growing in adoption.” — Tony Delafuente
Efficiency in practice (16:13):
“If you do that with something like Prowler... that takes a minute, 30 seconds, a minute.” — Tony Delafuente
On the self-sustaining nature of open contributions (10:19):
“The open source foundation of Prowler allows any LLM to understand. You give an LLM. Okay, this is the developer guide. Do this and it's a perfect scenario.” — Tony Delafuente

Timestamps for Important Segments

| Timestamp | Segment | |------------|------------------------------------------------------------------------------------------| | 00:27 | Introduction to AI's current role in CSPM & Prowler’s approach | | 01:46 | Practical applications of AI in augmenting context and value in findings | | 04:06 | Rule-based checking explained — why it's still central | | 05:55 | The distinction between deterministic checks and AI’s fuzzier abilities | | 09:20 | Open source community, continual growth, and LLM compatibility | | 11:33 | Framing open cloud security as a movement, inclusive of all cloud adoption stages | | 14:58 | Direct comparison of LLM-driven vs rule-based efficiency | | 17:35 | How to get involved: MCP, Lighthouse AI, open source SaaS and integrations | | 18:30 | Flexibility in LLM/AI integration (not vendor-locked) |

How to Get Involved & Final Thoughts

Try Prowler’s MCP and Lighthouse AI: Available via prowler.com and on GitHub.
Lighthouse AI: Functions as a chatbot/security analyst, supporting connection to multiple LLMs for automation.
Community Contributing: Active encouragement for testing, building new checks, and collaborating on the project.
Open Movement: Prowler positions itself at the forefront of an open, community-driven wave making cloud security more accessible, adaptable, and responsive.

This episode is highly recommended for security practitioners, developers, or anyone interested in the real use-cases of AI in cloud security, especially with an open source community ethos and a focus on meaningful, reliable advancements.

Risky Bulletin Podcast Summary

Episode Overview

Key Discussion Points & Insights

1. AI’s True Value in Cybersecurity

Avoiding AI Hype: Prowler is deliberate in applying AI where it genuinely improves outcomes, instead of just "sprinkling AI fairy dust."
- Quote: “We want to make sure AI is adding value, not just for the sake of using AI as we see on every product.” — Tony Delafuente [01:11]
Main Uses for AI:
- Providing context and augmenting information.
- Generating plans and dashboards based on findings.
- Making security findings more actionable and understandable.

2. The Architecture: Rule-Based and AI-Augmented

Rule-Based First: At its core, Prowler relies on checks — deterministic pieces of code that review cloud settings via provider APIs. This ensures reliable, repeatable, and consistent results.
- Quote: “A Prowler check or a Prowler rule is a piece of code Python that... tells you, hey, this is good, this is bad, or this is a threat, this is a vulnerability, whatever.” — Tony Delafuente [04:12]
AI as a Layer on Top: AI is used to make sense of and act on results, rather than to replace rule-based detection.
- AI excels at: Summarizing, contextualizing, generating remediation plans, and making information consumable by humans or systems.
- Contrast with other uses: In vulnerability discovery or red teaming, where “fuzzy” probabilistic logic is helpful, but not in configuration validation (which requires precision).

3. Multi-Cloud Complexity & Consistency

Cloud Provider Variability: Each provider’s APIs behave differently, with inconsistent outputs and authentication.
AI Limitations: Purely AI-generated CSPMs can't overcome this inconsistency yet — rule-based checks remain essential for reliability.
- Quote: “There is no way to do that now. It's not really consistent because there are not one to one mapping between cloud provider Endpoint or API Endpoint with an MCP tool…” — Tony Delafuente [07:57]

4. Community & Open Source Benefits

Open Source Ethos:
- The foundation of Prowler is openness, which allows any large language model (LLM) to learn from Prowler’s documentation and checks.
- Community contributions add new checks as cloud environments evolve.
- Movement Beyond CSPM: Tony reframes Prowler as part of the broader "open cloud security movement," not just another CSPM tool.
  - Quote: “We call it a movement because I truly believe, and we truly believe, that open cloud security will allow the cloud to keep growing in adoption.” — Tony Delafuente [11:36]

5. Efficiency: Rule-Based vs. LLM/AI-Driven Approaches

Speed Comparison:
- LLM-based systems retrieving cloud misconfiguration information can take 10–15 minutes and may deliver unreliable data.
- Prowler’s approach takes less than a minute for the same tasks, with deterministic results.
  - Quote: “If you do that with something like Prowler... that takes a minute, 30 seconds, a minute.” — Tony Delafuente [16:13]
Reliability & Repeatability:
- AI can sometimes obscure failures in data collection, while deterministic checks surface issues transparently.

6. Integration and Extensibility

Prowler MCP (Multi-Cloud Platform):
- Enables practitioners and developers to quickly add support for new providers or create custom checks.
- Integrates with tickets (e.g., JIRA) and supports programmatic extensions.
Lighthouse AI:
- Prowler’s AI-powered chatbot is available both in their SaaS (Prowler Cloud) and via open source on GitHub.
- Compatible with OpenAI, AWS Bedrock, and custom LLMs for automation and security analysis.

Notable Quotes & Memorable Moments

On the value of AI augmentation (01:11):
“We want to make sure AI is adding value, not just for the sake of using AI as we see on every product.” — Tony Delafuente
On the limits of AI today (07:57):
“There is no way to do that now. It's not really consistent because there are not one to one mapping between cloud provider Endpoint or API Endpoint with an MCP tool…” — Tony Delafuente
On open source as a cloud enabler (11:36):
“We call it a movement because I truly believe, and we truly believe, that open cloud security will allow the cloud to keep growing in adoption.” — Tony Delafuente
Efficiency in practice (16:13):
“If you do that with something like Prowler... that takes a minute, 30 seconds, a minute.” — Tony Delafuente
On the self-sustaining nature of open contributions (10:19):
“The open source foundation of Prowler allows any LLM to understand. You give an LLM. Okay, this is the developer guide. Do this and it's a perfect scenario.” — Tony Delafuente

Timestamps for Important Segments

How to Get Involved & Final Thoughts

Try Prowler’s MCP and Lighthouse AI: Available via prowler.com and on GitHub.
Lighthouse AI: Functions as a chatbot/security analyst, supporting connection to multiple LLMs for automation.
Community Contributing: Active encouragement for testing, building new checks, and collaborating on the project.
Open Movement: Prowler positions itself at the forefront of an open, community-driven wave making cloud security more accessible, adaptable, and responsive.

wavePod

Powered by Wave AI

Summary

Risky Bulletin Podcast Summary

Episode Overview

Key Discussion Points & Insights

1. AI’s True Value in Cybersecurity

2. The Architecture: Rule-Based and AI-Augmented

3. Multi-Cloud Complexity & Consistency

4. Community & Open Source Benefits

5. Efficiency: Rule-Based vs. LLM/AI-Driven Approaches

6. Integration and Extensibility

Notable Quotes & Memorable Moments

Timestamps for Important Segments

How to Get Involved & Final Thoughts

Summary

Risky Bulletin Podcast Summary

Episode Overview

Key Discussion Points & Insights

1. AI’s True Value in Cybersecurity

2. The Architecture: Rule-Based and AI-Augmented

3. Multi-Cloud Complexity & Consistency

4. Community & Open Source Benefits

5. Efficiency: Rule-Based vs. LLM/AI-Driven Approaches

6. Integration and Extensibility

Notable Quotes & Memorable Moments

Timestamps for Important Segments

How to Get Involved & Final Thoughts