Rajesh Khazanchi on: AI-Ready Security | Ep1195 - The Digital Executive

Summary5 min read

Episode Overview

Podcast: The Digital Executive (Coruzant Technologies)
Episode: Rajesh Khazanchi on: AI-Ready Security | Ep1195
Date: February 6, 2026
Guest: Rajesh Khazanchi, CEO & Co-founder, ColorTokens
Host: Brian Thomas

Theme:
This episode delves into the changing landscape of enterprise security in a world rife with sophisticated cyber threats, rapid technological acceleration, and the emergence of AI-driven attacks. Rajesh Khazanchi discusses the challenges of scaling a security technology company, what true “breach readiness” looks like, and how organizations can proactively adapt to the imminent risks posed by AI agents and evolving threats.

Key Discussion Points & Insights

1. Managing Rapid Growth While Fostering Innovation

Timestamp: 01:52 – 04:50

Operational and Cultural Challenges:
Rajesh details the internal pressures that come with fast growth: hiring struggles, the need for agile processes, and never lagging as you expand.
The “90/10 Rule” at ColorTokens:
- Anything repetitive (90%) should be automated to save time and reduce operational drag.
- A lightweight process (10%) is maintained for areas needing oversight; too much process stifles innovation.
- Quote [03:28]:
  
  “Anything that can be done repeatedly, so something that you do it over and over again, it’s probably time to automate and we follow that rule really judiciously.”
Problem-Solving as the Core of Innovation:
- The leadership team gravitates toward big problems that matter, avoiding “solving small problems that nobody cares about.”
- Tackling substantial challenges drives innovation and keeps the culture engaging for top talent.
- Quote [04:31]:
  
  “Big problems lead to major innovations and that keeps the culture apart, also intact.”

2. Evolving Mindset: From “Assume You’re Safe” to “Assume You’re Breached”

Timestamp: 05:54 – 09:02

Shift in Enterprise Security Philosophy:
- The world has moved from defending against hobbyist hackers to facing state-sponsored and financially motivated cybercriminals.
- It's no longer about preventing all breaches but minimizing their impact.
True Definition of “Breach Readiness”:
- Making a breach a minor incident, not a catastrophic event.
- Quote [06:44]:
  
  “If a particular breach or attack happens to an organization and that just becomes a small incident, that is the true definition of being breach ready.”
- Real-world example: In a network of 300 service centers, a breach contained to one center means 299 remain operational—demonstrating effective readiness.
- Effective breach readiness resembles a bulletproof vest:
  - Quote [08:07]:
    
    “Take an analogy... you wear a bulletproof jacket and the bullet hits. It’s not you’re not injured, it hits you, but you don’t die. And the same analogy can be put in that being truly breach ready.”
Limiting Blast Radius:
- The goal is to isolate attacks to a single device, user, or system (the “unit of one” principle) via micro-segmentation and robust containment.

3. The Next Frontier: AI Agent Risks and Proactive Security Strategies

Timestamp: 10:12 – 14:43

Emergence of Agentic AI Threats:
- Drawing on sci-fi analogies, Rajesh predicts an era where self-driven AI agents will become the new attackers—stealing data, bypassing traditional controls, and making autonomous decisions.
- These agents create new challenges as they can act and communicate independently, pushing legacy controls beyond their limits.
- Quote [11:01]:
  
  “You will see not humans actually or hackers stealing data, you will see agents now stealing data because controls are not that well placed.”
Unprepared Governance Frameworks:
- Existing frameworks (GDPR, data residency laws, etc.) are insufficient for autonomous agents, who don’t “care” about compliance.
- Quote [12:56]:
  
  “The governance and control that a lot of other organizations have in other areas in AI simply don’t exist.”
Escalating Business Risks:
- The potential fallout from agentic AI breaches is monumental—companies (or even countries) could go bankrupt in days if intellectual property or sensitive data is compromised.
- Quote [13:52]:
  
  “Companies can become bankrupt in a matter of days because liability still is with the company if somebody’s data is stolen.”
Proactive Mitigation: Micro-segmentation and Zero Trust:
- Urges organizations to “ring fence” and isolate their systems, especially when enabling AI agents.
- Micro-segmentation, isolation, and clear separation of data access paths (for agents, support staff, production) are essential.
- Quote [14:22]:
  
  “Even if your agents are consuming that data, but it is ring-fenced, it’s completely governed and controlled.”

Notable Quotes & Memorable Moments

On Enabling Innovation while Scaling:

“Lightweight process, repeatable things need to be automated and solve big problems.”
– Rajesh Khazanchi, 04:33
On Realistic Security Posture:

“Breaches are inevitable, they will happen. How well are you prepared to contain those breaches are very important.”
– Rajesh Khazanchi, 07:22
On AI Agent Threats:

“Agents should not be accessing employee data, medical records, customer data, but they are now self-determining that they want to fetch this information and make it something interesting.”
– Rajesh Khazanchi, 12:30
On the Need for Stronger Controls:

“The best plan at this point in time is to have a very clear path, demarcated path and isolated path for those particular systems.”
– Rajesh Khazanchi, 14:13

Key Takeaways

Automate repeatable processes and keep procedures lightweight to sustain innovation in rapid-growth environments.
Shift organizational security mindset: instead of assuming total safety, plan for “containment”—breaches are inevitable, but they need not be disastrous.
Prepare for the coming wave of agentic AI: ensure governance, implement micro-segmentation, and build isolation into your AI and data architectures.
Build resilience now; the next wave of attacks may come from autonomous systems acting faster and in ways legacy controls didn’t anticipate.

Recommended Segments & Timestamps

Operational lessons from hypergrowth: 01:52 – 04:50
Breach readiness philosophy & examples: 05:54 – 09:02
AI agents as the new security frontier: 10:12 – 14:43

This episode is a must-listen for security leaders, CIOs, and technologists interested in the realities of defense at scale and preparing for a future where AI agents are both tools and threats.

Loading summary

Transcript12 lines

[00:00]
A
Foreign.
[00:09]
B
Welcome to Coruscant Technologies, home of the Digital Executive podcast. Do you work in emerging tech? Working on something innovative? Maybe an entrepreneur? Apply to be a guest at www.corusant.com brand welcome to the Digital Executive. Today's guest is Rajesh Kazanchi. Rajesh Kuzanchi is the CEO and co founder of ColortoKens, a company that provides industry leading micro segmentation and breach containment solutions that span across it ot industrial control systems, devices and users. Under Rajesh's leadership, the company has accelerated to grow over 300% annually in the last three years. Deployed over 100 large enterprise customers in insurance, healthcare, retail, manufacturing, oil and gas and pharma. Rajesh leads a team of 400 plus people worldwide and drives the vision, strategy and execution of the company's product and services. Well, good afternoon Rajesh. Welcome to the show.
[01:07]
A
Thank you for having me, Brian.
[01:09]
B
Absolutely my friend. I appreciate it. And you're hailing out of Cupertino, California near San Jose. Done a lot of podcasts out there. I'm in Kansas City, but a two hour jump in time zones. I appreciate that. I know it's hard to make schedules, so thank you. And Rajesh, if you don't mind, I'm going to jump into your first question. Under your leadership, Color Tokens has grown over 300% annually for the last three years and deployed over 100 large enterprise customers globally. When a company is growing that fast while working with many large complex clients, what are the biggest internal, operational or cultural challenges you face and how have you managed to keep the culture of innovation intact?
[01:53]
A
Well, thank you for asking me that question, Brian. Hey, when you're operating at a very large speed, by the time you hire the people you already showed start. So what's extremely important is to follow certain goals framework in your mind. Now one such that we follow at Common tokens is a 9010 rule. Anything that can be done repeatedly, so something that you do it over and over again, it's probably time to automate and we follow that rule really judiciously. So more or less like it's really, really important to understand how your day is going as a team, as an individual and then which are the area that you can complete the renewal completion card. That's number one. The second is about innovation. We have a role of 10%. Process is important because otherwise it creates a complete chaos in the organization. But if we think that is more than 10%, then it becomes process heavy. And a lot of companies which are like much larger companies, there's a Lot of heavy duty process. And at some point in time, process takes over the entire workout. So we are not that date what we are exponentially growing. So the core team, the leadership team is very focused on making sure that we have this 10% process called channel. Anytime we see that any structure involved a customer success defined in deliveries, taking care of customers, solutioning, there should be a lightweight process where then the core focus needs to be what is the towel that we need to do. So these are some of the things that we follow, especially at color tokens. The next one is, as a core team are very much fascinated with big problems and it's very easy to solve a small problem. But sometimes there are, I would say like two types of problems, problems that you want to solve, you feel like it's good to solve, but no one cares about those problems. And all the people are saying, you'll see like you might have solved a problem, but it's not such a big deal to any of this. So you'll find another 10 or 20 companies holding that problem. But anytime there's a big problem that has a deeper meaning, it's going to be really interesting to solve those problems. So culturally focusing on lightweight process, repeatable things need to be automated and solve big problems. Big problems lead to major innovations and that keeps the culture apart, also intact. Because when you're handling those particular problems, then all hands on the tech people are just focusing on solving those complex problems.
[04:50]
B
Thank you, appreciate that. And I can totally appreciate that where especially because you're scaling so fast, the last few years you talked about some things that are key to your success there. And that's that 9, 9010 rule. You talked about anything that is repetitive there in your organization, you have a basically requirement, your culture is to kind of automate that stuff. And then you Talked about that 10% process, the innovation there, where obviously process is important, especially for big tasks, customers that you're working on, on, on large particular problems or innovations. And then of course problem solving, you focus on those big problems and out of that comes where you said you see that innovation. I think that's pretty cool. Thank you for sharing. Rajesh, you've talked about the importance of shifting from assume you're safe to assume you're breached. From your perspective, what does true breach readiness look like inside a large enterprise? And what are the biggest organizational hurdles CISOs face when driving that transformation?
[05:55]
A
See, in the last I would say 15 years, there have been a lot of focus on cyber ransomware, time breaches. What started as a Good smart techie guy interested in attacks and really showing that are we secure or not and moving it very quickly towards state sponsored tax. And we investigated a lot, we thought about it, we worked on it. I'll give you a true definition from my perspective. What is a true definition of a breach? Reducing if a particular breach on an attack happens to an organization and that just becomes a small incident. That is the true definition of being breach ready for Microsoft. So let's say a large organization supply chain organization supply chain, logistics building, let's say 300 service centers and attack happens to one of the service centers. Today these service centers are all connected. It can greatly disrupt in some cases half of it. And in other cases the whole organization can whole entire service centers can be completely brought to it because it takes few minutes to bring down their entire service centers across all these 300 service centers. If you have in the country now take that picture in mind and then think about if you have breach readiness in place, you get attacked, but only that one single service center gets impacted and your 299 service centers out of 300 are functioning properly. It is not a great story in the sense that it's not Perfect and all 300 semi centers are functioning, but it's a small incident compared to what it could have happened. That is being breach ready. Breaches are inevitable, they will happen. How well are you prepared to contain those breaches are very important. So take an analogy like a simple analogy like you wear a bulletproof jacket and the bullet hits. It's not you're not injured, it hits you, but you don't die. And the same analogy can be put in that being truly breach ready. Manufacturing products, energy sectors, you name any of the industries. It's a connected world. The most important element of is if a system or a plant or a server gets infected. You just want to create that entire blast radius and make it quality to unit of one. So only that server, only that laptop, only that user, only that service gets impacted and nothing else. That to me is the true definition of being reach friendly.
[09:02]
B
Thank you, that's great. And I appreciate the analogy. We talked about the bulletproof vest. Obviously it protects your life, but you still get hit. And the bigger example was with a large supply chain distributing company that may have 300 service centers. And because the way things are connected nowadays, it very easily can happen where if one center is breached, it's possible to bring down all 300. But again being breach ready allows for a smaller scale attack because you're able to contain into that one area which I think is pretty cool and it's just getting worse as you know, with AI and as you mentioned state sponsored attacks, it's just getting more and more. The stakes are getting higher for sure. Yeah, it's very complex world, very much so. So thank you. And Rajesh, the last question I had for you today. As the threat landscape evolves, AI powered attacks, supply chain risks, more IoT endpoints. What do you believe will be the next frontier in enterprise security and how should organization organizations prepare now so they're not reacting to the next wave but proactively building resilience.
[10:12]
A
So I think the anti Newton didn't era. You remember Brian and all these movies still happen that you have these aliens attacking channant humans and they take over the country or the world and then there is some superhero who actually saves the whole world. Something in the, in the similar world you might eventually in the last few days might have seen that what agentic systems are doing, they're communicating their own social environment and they communicate. And in the next few years as the AI driven agents will become more and more consumed in organizations, you will see not humans actually or hackers scaling data, you will see agents now stealing data because controls are not that well placed. Agent communication would be a big problem. You really don't know what they're supposed to see and what they're not supposed to see. The control coordinates part just simply does not exist or is not completely hashed after this one in time. And I see that as one very big frontier in the next four or five years as everybody's wanting to walk that AI driven philosophy and it's rightly so because it gives enormous amount of productivity. But when you are leveraging it, the governance and control that a lot of other organizations have in other areas in AI simply don't exist. So you will see those type of attacks. Agents should not be accessing employee data, medical records, customer data, but they are now self determining that they want to fetch this information and make it something interesting. That is another standard CIOs and CISO all presidents and board would be actually system. The implication of that is that companies can become bankrupt in a matter of days because liability still is with the company if somebody's data is stolen or for the gnar, you have intellectual property, you have pharmaceuticals, you have chemicals and they're being made. And any type of an attack in those particular spaces can actually make countries completely go bankrupt within a matter of days. It's not a matter of, you know, years in this case. So that's one area which I personally believe is going to change the landscape, especially for cyber attacks because you just don't have that complete control when it comes to agentic systems. Some level of governance and control that we put in in the last 10, 15 years in other system to system communication, user to system communication users interacting with the data, GDPR comes in, data residency laws are there, but agents don't care about that. Agents don't have to really fetch, go through this entire governance control. So I see that as a very big unknown at this point in time. So having controls, they're using it in a controlled manner. Even if you are trying to use agent AI technologies, fence it, put an isolation plan, put on quality plan, put a segmentation plan in there that can be a very big front. And to me the best way to actually contain that is using the micro segmentation technology that all the CIO CISOs in the board level conversations are already happening there. So we see enormous amount of inputs from customers that hey, I have a data link, how do I isolate it? I want to provide enormous amount of information through the AI agents to my support staff, to my customer and VCS to my production engineers, but I just don't know how to do it. So the best plan at this point in time is to have very clear path, the marketed path and isolated path for those particular systems so that even if you are consuming, even if your agents are consuming that data, but it is ring fenced, it's completely governed and controlled.
[14:43]
B
Thank you, really appreciate that. And I like how you walked us through this era where we're entering into gentic AI just like like you said the sci fi movies, right? They had these bots or aliens or whatever breaching our systems. And the same thing here, agents will be stealing data and breaching systems without proper controls in place. That's why you talked about that governance and control which is not fully matured or in fact a lot of companies don't even really have a lot of that today and they need to get that shored up. But this is a huge liability since these attacks can cause companies to go to bankrupt as you said. But if we do zero trust architecture and micro segmentation strategies like you talked about, I think that's going to help us minimize these types of breaches. So I really appreciate that. And Rajesh, it was such a pleasure having you on today and I look forward to speaking with you real soon.
[15:37]
A
Thank you. Thanks again for having me here.
[15:40]
B
Bye for now.