How to Build an AI Security Program from Scratch.

Description

Is your organization an Adopter, a Builder, or a Scaler of AI? And do you have the right security blueprint to match? In this episode, Shannon Murphy (Global Security & Risk Strategist at Trend Micro) joins Ashish to break down the practical realities of securing AI in the enterprise. Shannon explains why 95% of AI projects are failing often due to skipping the "boring" but critical step of governance . S We explore the "AI Security Blueprint" covering the essential building blocks: Data Security Posture Management (DSPM), AI-specific vulnerability scanners, and treating AI agents like identities . Whether you're just adopting Copilot or building a full-scale AI factory, this episode goes through a roadmap for visibility, access control, and risk management in a non-deterministic world. Questions: 00:00 Introduction 01:55 Who is Shannon Murphy? (Trend Micro) 03:00 AI Risk Scenarios: Internal Data Leakage vs. External Attacks 05:15 "Tell Me My Boss's Salary": The Failure of Traditional DLP 06:20 AI Frameworks: NIST AI RMF, OWASP, MITRE ATLAS 08:50 Why 95% of AI Projects Fail (The Governance Gap) 12:30 The AI Security Stack: Do You Need New Tools? 16:00 Building Trust with "Model Cards" 18:30 Adopters, Builders, and Scalers: The 3 Stages of AI Maturity 20:00 The 2025 AI Security Blueprint: Data, AppSec, and Identity 25:40 Risk Ownership: The Role of the AI Governance Committee 30:20 Securing AI Agents: Treating Agents as Identities 32:15 Shift Left is Not Dead: Testing AI Before Runtime 33:45 Milestones for Your AI Security Program 38:50 Fun Questions: Guitar, Las Vegas Food, and Balut -------------------------------------------------------------------------------- 📱Cloud Security Podcast Social Media📱 _____________________________________ 🛜 Website: https://cloudsecuritypodcast.tv/ 🧑🏾‍💻 Cloud Security Bootcamp - https://www.cloudsecuritybootcamp.com/ ✉️ Cloud Security Newsletter - https://www.cloudsecuritynewsletter.com/ Twitter: https://twitter.com/CloudSecPod LinkedIn: https://www.linkedin.com/company/Cloud-security-podcast #cloudsecurity