The AI Security Crisis No One Is Talking About | The Liftoff with Keith - Liftoff with Keith: Conversations with Super Founders and Growth Experts sharing useful insights

Summary4 min read

Podcast Summary: The AI Security Crisis No One Is Talking About | Liftoff with Keith Newman

Episode Details

Title: The AI Security Crisis No One Is Talking About
Podcast: Liftoff with Keith Newman
Host: Keith Newman, Former Journalist and Silicon Valley Dealmaker
Release Date: August 6, 2025
Guest: Claudio [Last Name], Chief AI Officer at Zscaler

Introduction to AI Leadership and Security Concerns

In this insightful episode of Liftoff with Keith Newman, the host engages in a compelling conversation with Claudio, the Chief AI Officer at Zscaler. The discussion delves deep into the evolving landscape of artificial intelligence (AI), particularly focusing on the intersection of agentic AI systems and emerging security challenges.

The Emergence of the Chief AI Officer Role [00:00 - 00:23]

Keith opens the dialogue by introducing Claudio's role:

"Chief AI Officer. Is this going to be a new title now?" [00:11]

Claudio responds with light-heartedness, hinting at the novelty and significance of the position:

"It's funny because when you merge the words, it becomes Kyle." [00:20]

This exchange underscores the growing importance of AI leadership in modern enterprises.

Agentic AI Systems and Security Challenges [00:35 - 02:25]

Claudio outlines the current state of AI:

"Last year was the year of large language models. This year people are saying like it's the year of agentic AI..." [00:35]

He explains that while large language models (LLMs) have revolutionized AI applications, their integration into agentic systems introduces new security vulnerabilities. For instance, he shares an anecdote about a company that permitted HR to use LLMs without proper safeguards:

"Do people put names of people who work in the company or addresses in the LLMs that they sent outside?" [01:10]

Claudio emphasizes the risks of data leakage through agentic AI, illustrating how indirect queries can inadvertently expose sensitive information:

"...you may be able to leak out that information." [02:25]

Zscaler’s Response and Product Development [03:12 - 04:16]

Keith inquires about the impact of these security challenges on Zscaler's product roadmap. Claudio responds by highlighting Zscaler's proactive initiatives, such as the ZDX Copilot:

"We released the ZDX copilot, which is like an assistant that helps people who have no experience in using our system." [03:23]

He elaborates on how agentic AI transforms user interaction, making systems more intuitive and reducing the learning curve:

"With Agent Ki and those copilots you can basically ask questions in minutes." [03:56]

This innovation not only enhances user experience but also necessitates robust security measures to protect against new vulnerabilities.

Coordination Between AI Infrastructure and Security Teams [04:32 - 05:46]

The conversation shifts to the crucial collaboration between AI infrastructure teams and security professionals. Claudio underscores the necessity for AI and security teams to work in tandem:

"They have to treat security of AI at the same level they treat about the security of their own data." [06:35]

He cites recent concerns about LLMs potentially leaking training data, reinforcing the need for continuous vigilance and adaptive security strategies:

"A new paper showed that if you train an LLM with your internal data, you may be able to extract information from your training data." [05:02]

Global Implications of AI Security [05:56 - 07:14]

Addressing the global perspective, Claudio discusses misconceptions about the universality of security threats:

"Security is something that affects everyone globally." [05:56]

He provides examples of cyber incidents beyond the U.S., such as power outages in Portugal and Spain, attributing them to potential cyber-attacks:

"They thought it could be like a cyber attack." [06:27]

Claudio advises organizations to view AI as a strategic investment rather than a source of fear, advocating for comprehensive security measures:

"Instead of responding to AI out of fear, they have to start thinking about AI, how they're going to respond as a strategic investment." [06:35]

Conclusion and Final Thoughts [07:06 - 07:14]

As the episode wraps up, Keith commends Claudio for his enlightening presentation and encourages listeners to engage with his expertise:

"Great presentation today. I encourage everybody to go hear your talk." [07:06]

Claudio expresses gratitude, reinforcing Zscaler’s commitment to enhancing data security:

"Thank you very much." [07:07]

Key Takeaways

Rise of Agentic AI: While large language models have dominated recent discussions, the focus is shifting towards agentic AI systems that offer more interactive and intelligent capabilities but bring new security challenges.
Data Leakage Risks: Agentic AI can inadvertently expose sensitive information through indirect queries, necessitating advanced safeguards to prevent data breaches.
Zscaler’s Innovations: Products like ZDX Copilot exemplify how AI can enhance user experience while underscoring the importance of integrating robust security measures to protect against emerging threats.
Collaborative Security Approach: Effective AI deployment requires seamless collaboration between AI infrastructure teams and security officers to anticipate and mitigate potential vulnerabilities.
Global Security Awareness: AI security threats are a global concern, and organizations worldwide must treat AI security with the same seriousness as traditional data security to safeguard against widespread vulnerabilities.
Strategic Investment in AI Security: Viewing AI as a strategic asset rather than a source of fear allows organizations to invest wisely in security infrastructure, ensuring long-term resilience against AI-related threats.

Notable Quotes:

"With Agent Ki and those copilots you can basically ask questions in minutes." [03:56]
"They have to treat security of AI at the same level they treat about the security of their own data." [06:35]
"Security is something that affects everyone globally." [05:56]

This episode serves as a crucial reminder of the intertwined nature of AI advancement and security, urging stakeholders to proactively address the emerging risks associated with agentic AI systems.

Loading summary

Transcript31 lines

[00:00]
A
Foreign. Welcome to Infra AI, our little crosstalk session.
[00:10]
B
Okay, thanks a lot.
[00:11]
A
Claudio is the head of AI Chief AI Officer. Chief AI Officer. Is this going to be a new title now?
[00:18]
B
I think it is.
[00:19]
A
I like it.
[00:20]
B
It's funny because when you merge the words, it becomes Kyle.
[00:24]
A
Oh, yeah, that's perfect for you. Well, give me your perspective on where we are today between AI agentic systems and the security challenges you face.
[00:36]
B
Okay, that's a very good question. Last year was the year of large language models. This year people are saying like it's the year of agentic AI and we are moving very fast to build intelligent systems using agentic AI because LLMs have some limitations and those limitations can be lifted when you put systems systems around LLMs. However, there are a lot of security problems that comes with those agentica systems and people are uncovering them and discovering them as we move along.
[01:07]
A
Give us an example of some of these security vulnerabilities.
[01:11]
B
One example is that I was talking to a company a few months ago and the company enabled LLMs in systems was not even a gentki. And I was basically asking this company, do you allow HR to use LLMs? And they said yes. They're seeing an increase in productivity using agent like LLMs. And then I said, do people put names of people who work in the company or addresses in the LLMs that they sent outside? They said yes. I said, no, they should not do that. That's one example. Zscaler. We actually block that information because we have like LLM basically type of firewall that blocks that information. But with Agent Ki, things amplify and amplification comes from information can be correlated. Sometimes you may, for example, suppose that you have your salary and your salary is blocked from access it. But suppose that in an agentic system, I could ask the system, what is the percentage salary increase you had last year and by how much your salary was increased last year. And the system basically answered those two questions to me. And by those two pieces of information, I can obtain your salary even though I could not access your salary directly.
[02:26]
A
It occurs to me that the chief AI officer now needs to be spending more time with the chief security officer because they are not thinking about AI as that vulnerability condition.
[02:42]
B
AI is like a very old topic, but with Agent Ki and large language model is something very new that people still don't understand the consequences. A lot of people, they're starting to use large language models and Agent Ki out of fear of being left behind, but not considering the full consequences of using that and that's what I talk to companies and CEOs and board members to help them understand what they need to protect. What when they started to embrace this new technology.
[03:12]
A
And has this started to impact ZSCALER and what it's developing and its product roadmap? So you've been working on this for years? Of course, but where are the areas that you're concentrating on and solving?
[03:23]
B
So one of the examples that we had last year released the ZDX copilot, which is like assistant that helps people who has no experience in using our system. They could just using natural language to get information and by using that we could assist him or her to get answers more quickly. You have to understand that LLMs and agents, they change the way UI was built before. People need to learn. How long did it take you to learn how to use Excel?
[03:54]
A
A day.
[03:55]
B
A day? No, for me.
[03:57]
A
Oh. Doing things like tables.
[03:59]
B
Yeah. It's like years and years of understanding where to click. And with Agent Ki and those copilots you can basically ask questions in minutes. The system basically detects what you intend to do with your question and start hooking up different parts of the system together to get you the answer you need.
[04:17]
A
Interesting. So Zscaler is now going to play a role in protecting companies. So when you talk to that CISO and you know, are you informing them of where their vulnerabilities are or are they aware of that?
[04:32]
B
Actually most of the people in terms of generative AI, they are basically trying to use them. And a lot of people and a lot of companies, they don't know what is the impact. For example, when they connect corporate database to an agentic system, they don't know what kind of vulnerabilities they have. And then we have to work with them to help secure the access, to help secure the data.
[04:58]
A
How should AI infra teams coordinate with the security teams?
[05:02]
B
I think that that's a very good question. I think this is something that is going on as people learn the new capabilities of agent can AI systems. I'll give an example. Last year, for example, people did not care about LLMs leaking out training data. Then there was a new paper that appeared that showed that if you train an LLM with your internal data, you may be able to extract information from your training data. Even if that data may be confidential, you may be able to leak out that information. And then people start getting afraid of that. So as new papers and new techniques they come, people understand that certain things they were doing before, they cannot do anymore.
[05:47]
A
Claudio, tell me about what's happening in Brazil, in Rio, with AI and security.
[05:56]
B
I think that a lot of people still believe that security is something that affects everyone globally. But sometimes people think that security affects only the U.S. for example, remember last year, the FBI uncovered some hidden bots installed in the US infrastructure. And people said, oh, this only happens in the US but actually when there was a power outage in Portugal and Spain, the first thing that people thought, I don't know if they haven't covered already, like, what's the real reason? But they thought it could be like a cyber attack.
[06:28]
A
So what do you. I bring up your homeland just for fun, but at the same time, what are you recommending to all clients on a national, international level?
[06:36]
B
They have to start thinking about out of. Instead of responding to AI out of fear, they have to start thinking about AI, on how they're going to respond as a strategic investment to companies. And they have to treat security of AI in the same level they treat about security of their own data, because AI exposes that data much more. They expose it before.
[06:57]
A
Yeah. That's fantastic. Well, thanks for sharing this wonderful story. Great presentation today. I encourage everybody to go hear your talk.
[07:06]
B
Thank you very much.
[07:07]
A
Yeah, good luck. I know Z Sailor is in the middle of it and will help keep us all a little safer with our data. Yes.
[07:13]
B
Thank you very much.
[07:14]
A
Thank you, Claudio.