The Security Strategist

As companies speed up their adoption of AI, an old but increasingly serious problem is resurfacing: lack of visibility. In the recent episode of The Security Strategist podcast, Eric Schwake, Director of Cybersecurity Strategy at Salt Security, joined analyst Richard Stiennon to discuss why APIs, which have long been the backbone of modern applications, have become essential for AI-driven businesses.
They particularly dive deep into the critical importance of API visibility and discovery in the context of rising AI integration within enterprises. They discuss the challenges organisations face in securing APIs, the significance of understanding the attack surface, and the role of governance in managing risks.
The conversation also covers the emerging Model Context Protocol (MCP) and its implications for API security, as well as the future landscape of cybersecurity as AI systems become more autonomous. Schwake emphasises the need for CISOs to be proactive in engaging with AI projects to ensure security is prioritised.
If this system isn’t secured, the entire organisation faces risks.
APIs: The Foundation of AI
APIs have been vital to business structures for years, especially with the growth of microservices. However, Schwake argues that AI has changed the scale of the issue significantly.
“We saw a big increase in the number and usage of APIs when microservices became popular,” Schwake explained. “Now, with AI, it’s just 10 times or even 100 times whatever it is for APIs.”
While much of the industry talk has centred on large language models (LLMs), Schwake emphasised that the real actions—and risks—occur one layer below.
“Everything happening is driven by APIs. The AI agents, the MCP servers, the agents communicating with the LLMs—all of it is API traffic.” In essence, AI may represent innovation, but APIs are the mechanisms that enable it.
API is the “Nervous System” Organisations Overlook
As companies rush to implement copilots, agents, and automation, security often takes a back seat. Schwake warned that this creates a dangerous blind spot. “You need to ensure that you’re securing that underlying nervous system of this new world—and that relies on APIs.”
This lack of attention has resulted in a surge of unknown, unmanaged, and “shadow” APIs, many of which were never documented or designed with security in mind. Without continuous discovery, security teams might not even know what they are trying to protect.
“Visibility is a challenge in security. If you don’t have visibility, you can’t see what you’re protecting—you’re essentially out of luck.”
Discovery First, Governance Second
For the Director of Cybersecurity Strategy, API security begins with understanding the attack surface. This principle hasn’t changed in 20 years, but AI has made it more crucial. “With AI, the attack surface on APIs could grow tenfold. If you don’t have a grasp of that attack surface, you won’t be able to protect it.”
After identifying APIs, the next step is governance. This includes finding owners, setting rules, and reducing risks before attackers exploit vulnerabilities. “You want to ensure that there isn’t a big open gap inviting attackers.”
This becomes even more important as AI tools start writing code and generating APIs, raising both speed and...

AI agents are evolving into capable collaborators in cybersecurity, acting as operational players. These agents read sensitive data, trigger workflows, and make decisions at a speed and scale beyond human capability.
Matt Fangman, Field CTO at SailPoint, explains on The Security Strategist podcast that this new power has costs. AI agents have turned into a new, mostly unmanaged identity type. Enterprises are just starting to realise how far behind they are.
In the recent episode of The Security Strategist podcast, guest Fangman sat down with Alejandro Leal, Senior Analyst at KuppingerCole. They talked about the implications of AI agents for identity security and the rapid evolution of AI agents, the challenges of visibility and governance, and the need for operational control in managing these agents.
The conversation highlights the importance of just-in-time permissions, the evolution of identity controls, and strategic moves for CISOs to manage the risks associated with agent-based operations.
AI Agents Creating Brand New Identity Layers
Fangman notes a turning point in the last 12 to 18 months, driven by the fast development of large language models (LLMs). These models gave agents the reasoning and autonomy to change from toys in a sandbox to real virtual workers.
Organizations can now train agents with goals, equip them with tools, and connect them to one another. Since these agents do not tire, slow down, or forget, companies see a chance to grow their workforce without hiring new people.
The issue is: They didn’t establish identity controls for these AI workers.
“They’ve created a brand-new layer of identities,” Matt says, “but without the protections, ownership, or visibility that exist for humans.”
Shadow agents, sometimes numbering in the thousands, operate unnoticed. Identity teams are unaware of them, security teams can’t monitor them, and cloud teams might spot them briefly in a dashboard, thinking they are someone else’s issue. Meanwhile, the agents themselves explore, share tools, and adapt.
It’s a governance gap that keeps widening.
When Leal asks how the industry should respond, Fangman answers: “Start by treating agents like people. Give them roles. Define what they can access. Apply entitlements. Enforce policy.”
When asked for advice for CISOs and what they should do before agents start to overwhelm security programs?
The SailPoint Field CTO recommends beginning with inventory. If an organisation does not know what agents exist, what they access, or what they are doing, nothing else matters. Assigning each agent a corporate identity and tracking its behaviour is the essential foundation for everything that follows.
Takeaways
AI agents are becoming operational actors in business systems.
The lack of visibility into agents creates governance risks.
Just-in-time permissions are essential for managing agents.
Agents are evolving into peer systems within organisations.
Identity management is shifting towards relationships and context.
CISOs need to inventory and track agent behaviour.

As businesses approach the holiday season, security teams feel the pressure while online activity increases. At the same time, AI is quickly changing how attacks are launched and how organisations function daily.
In the recent episode of The Security Strategist podcast, host Richard Stiennon, Chief Research Analyst at IT-Harvest, sits down with Pascal Geenens, VP of Threat Intelligence at Radware, to discuss why CISOs need to rethink their long-held beliefs about attackers, users, and what “web traffic” really means in an AI-driven world.
They talk about the dual nature of AI in cybercrime, the emergence of new tools that facilitate attacks, and the importance of automated pen testing as a defence strategy. The conversation also highlights vulnerabilities associated with AI assistants, such as indirect prompt injection, and emphasises the need for organisations to adopt best practices to safeguard against these threats.
Also Watch: From Prompt Injection to Agentic AI: The New Frontier of Cyber Threats
AI Attacks Lower the Barrier for Cybercrime
Geenens tells Stiennon that AI’s biggest effect on security is not a new type of futuristic attack but rather its scale and accessibility. Tools like WormGPT, FraudGPT, and advanced platforms like Xanthorox AI provide reconnaissance, exploit development, data analysis, and phishing as subscription-based services. For a few hundred dollars each month, attackers can access AI-assisted tools that cover the entire cyber kill chain.
This “vibe hacking” model resembles vibe coding. Attackers describe their goals in natural language, and the AI generates scripts, reconnaissance workflows, or data extraction logic. While these tools have not fully automated attacks from start to finish, they significantly lower the skills needed to engage in cybercrime. As Geenens explains, attackers can now target hundreds or thousands of organisations simultaneously, a task that once required large teams.
Attackers can now afford to fail repeatedly as part of their learning process, while defenders cannot. Even flawed AI-generated exploits speed up scanning, vulnerability detection, and phishing at levels that security teams find challenging to handle. The result is a threat landscape that uses familiar techniques but operates with greater speed and intensity.
Also Watch: How Do You Stop an Encrypted DDoS Attack? How to Overcome HTTPS Challenges
AI Assistants & Browsers Creating Invisible Data Leak Risks
The second, and more alarming, change that the VP of Threat Intelligence emphasises occurs within companies themselves. As organisations use AI assistants and AI-powered browsers, they delegate authority along with convenience. These tools require access to emails, documents, and business systems to be effective, and this access creates new risks.
Indirect prompt injection, shadow leaks, and echo leaks turn normal workflows into potential attack vectors. For instance, an AI assistant summarising emails may unintentionally process hidden commands within a message. These commands can lead the model to inadvertently leak sensitive information without the user clicking any links or noticing anything unusual.
In some cases, the data doesn't even leave the endpoint; it exits directly from the AI provider's cloud infrastructure, completely bypassing established data loss prevention and network monitoring.
Meanwhile, Geenens points to a fundamental shift in traffic...

Industrial enterprises are undergoing significant transformation as connected devices reshape the way they operate. IoT platforms provide new opportunities for automation, predictive maintenance, and more efficient device management. But these benefits come with challenges. In this episode of the Security Strategist podcast, host Trisha Pillay speaks with Bernd Gross, CEO of Cumulocity, about how enterprises can navigate these complexities and scale their operations successfully.
Gross emphasises that the foundation of successful enterprise transformation is having the right data. Organisations need accurate information, clear visibility into device status, and meaningful context to make informed decisions. Without this foundation, even the most advanced platforms cannot deliver their full potential.
Strengthening Security and Lifecycle Management
As the number of connected devices grows, resilient cybersecurity and cloud security are critical. Bernd shares practical insights for protecting enterprise systems while maintaining smooth operations, from managing access to ensuring device integrity across distributed networks. Alongside security, lifecycle management ensures devices are monitored, maintained, and retired efficiently. Organisations that integrate lifecycle management into daily operations see fewer disruptions and higher overall reliability.
Data Strategy and Automation for Smarter Operations
Connected platforms are only as valuable as the data they generate and the processes they support. Bernd explains that a clear data strategy is essential for enriching information, understanding device performance, and driving operational decisions. Automation also plays a key role, allowing enterprises to act quickly, scale efficiently, and maintain control over complex systems. By connecting device management, enriched data, and automated processes, organisations can respond to challenges faster, optimise performance, and create a foundation for long-term transformation.
This episode provides practical guidance for technology leaders looking to improve operational efficiency, strengthen security, and optimise connected platforms. For more insights and resources on connected platforms, visit Cumulocity.
Takeaways
Cumulocity is a leading IoT platform focused on B2B industrial use cases.
Security in connected operations requires both IT and OT security measures.
No open ports towards the internet is a critical security rule.
Device certificates are essential for secure communication.
Lifecycle management is crucial for maintaining connected devices.
On-premise systems may not be as secure as perceived compared to cloud solutions.
Automation can significantly reduce maintenance costs and improve efficiency.
Data enrichment is necessary for effective AI model training.
Many enterprises struggle with the data challenge in AI deployment.
Clear business outcomes should guide IoT and AIoT initiatives.

Chapters
00:00 Introduction to IoT and AIoT Transformation
04:40 Security Challenges in Connected Enterprises
13:01 On-Premise vs Cloud Security Perceptions
17:44 The Value of Automation in Device Management
21:34 Operational Challenges in Deploying AI at Scale
26:11 Transitioning from IoT to AIoT Data Management
31:18 Practical Advice for...

Scaling technology globally is one of the most complex challenges for Chief Technology Officers and enterprise leaders. It requires balancing infrastructure, operations, regulatory compliance, and user trust, all while delivering systems that are reliable, secure, and effective across diverse regions.
In this episode of Security Strategist, host Trisha Pillay explores these challenges with Grant McWilliam, Chief Technology Officer at Aura. They discuss how enterprises can overcome regulatory compliance, technology infrastructure, and operational challenges while delivering trusted, reliable systems globally.
Understanding Regulatory Compliance in Global Scaling
Global expansion introduces different regulatory landscapes, from data privacy laws to communications standards. While some see these as hurdles, they can become strategic advantages: As Grant says, “Regulatory challenges can be opportunities.” He further explains that building a global framework with room for local adaptation, “design globally, implement locally,” ensures compliance while maintaining operational flexibility.
Building Resilient Technology Infrastructure
Reliable technology infrastructure is just as important for platforms operating across regions with varying telecom networks, mapping systems, and technical capabilities. In mission-critical contexts such as emergency response, reliability is non-negotiable, and technology should never limit service. Redundancy, failovers, and multi-region deployments ensure platforms remain responsive under pressure.
Operational Excellence and Trust
Gary notes that operational pressures grow as organisations scale. Teams need to act efficiently while respecting local regulations and cultural contexts. He emphasises: “Trust is essential in emergency response and emergency response must prioritise user needs.” By embedding processes as backups to the backups and adapting technology to local conditions, organisations build resilience and maintain user confidence. He adds, “Collaboration enhances operational efficiency.”
Key Principles for Scaling Cybersecurity Globally
Global standards and local adaptation: Establish frameworks that scale but allow local execution.
Reliability and trust: Ensure mission-critical systems function under any circumstances.
Cultural and operational alignment: Integrate local knowledge and collaboration to make technology sustainable and effective.

Scaling technology globally requires balancing cybersecurity, infrastructure, regulatory compliance, and operational agility. In this episode of Security Strategist, the discussion highlights that success comes from combining technical excellence with strategic empathy, ensuring platforms are trusted, resilient, and effective for every user, in every region.
Takeaways
Scaling technology globally requires navigating regulatory complexity and...