A Conversation with Bar-El Tayouri from Mend.io
Unsupervised Learning6 Touko

A Conversation with Bar-El Tayouri from Mend.io

➡ Get full visibility, risk insights, red teaming, and governance for your AI models, AI agents, RAGs, and more—so you can securely deploy AI powered applications with ul.live/mend

In this episode, I speak with Bar-El Tayouri, Head of AI Security at Mend.io, about the rapidly evolving landscape of application and AI security—especially as multi-agent systems and fuzzy interfaces redefine the attack surface.

We talk about:

• Modern AppSec Meets AI Agents
 How traditional AppSec falls short when it comes to AI-era components like agents, MCP servers, system prompts, and model artifacts—and why security now depends on mapping, monitoring, and understanding this entire stack.

• Threat Discovery, Simulation, and Mitigation
 How Mend’s AI security suite identifies unknown AI usage across an org, simulates dynamic attacks (like prompt injection via PDFs), and provides developers with precise, in-code guidance to reduce risk without slowing innovation.

• Why We’re Rethinking Identity, Risk, and Governance
Why securing AI systems isn’t just about new threats—it’s about re-implementing old lessons: identity access, separation of duties, and system modeling. And why every CISO needs to integrate security into the dev workflow instead of relying on blunt-force blocking.

Subscribe to the newsletter at:
https://danielmiessler.com/subscribe

Join the UL community at:
https://danielmiessler.com/upgrade

Follow on X:
https://x.com/danielmiessler

Follow on LinkedIn:
https://www.linkedin.com/in/danielmiessler

Chapters:

00:00 - From Game Hacking to AI Security: Barel’s Tech Journey
03:51 - Why Application Security Is Still the Most Exciting Challenge
04:39 - The Real AppSec Bottleneck: Prioritization, Not Detection
06:25 - Explosive Growth of AI Components Inside Applications
12:48 - Why MCP Servers Are a Massive Blind Spot in AI Security
15:02 - Guardrails Aren’t Keeping Up With Agent Power
16:15 - Why AI Security Is Maturing Faster Than Previous Tech Waves
20:59 - Traditional AppSec Tools Can’t Handle AI Risk Detection
26:01 - How Mend Maps, Discovers, and Simulates AI Threats
34:02 - What Ideal Customers Ask For When Securing AI
38:01 - Beyond Guardrails: Mend’s Guide Rails for In-Code Mitigation
41:49 - Multi-Agent Systems Are the Next Security Nightmare
45:47 - Final Advice for CISOs: Enable, Don’t Disable Developers

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Jaksot(532)

Unsupervised Learning: No. 82

Unsupervised Learning: No. 82

Live from London, Gamestop hacked, PowerPoint malware, Chinese Apple Hack, XSS, WWDC summary, FDA approves cancer drug, heroin $51B, ideas, discovery, recommendation, aphorism, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

12 Kesä 201719min

Unsupervised Learning: No. 81

Unsupervised Learning: No. 81

OneLogin, Extortion, Coinbase, Pandemic, Booz, Mobile Apps, Electricity, AI voices, Sheets, Walmart, Karoshi, APIs, discovery, aphorisms, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

4 Kesä 201727min

Unsupervised Learning: No 79

Unsupervised Learning: No 79

WannaCry, Intel leaks, DocuSign phishing, cockpit codes, Delta facial recognition, China vs. CIA, WordPress bug bounty, Marines and drones, HPE R&D, Watts, graduates only making 40K, China's DNA project, honeymoons vs. rings, Sherrif Eli, retirees hoarding money, boo restaurant kiosks, investing in employees, discovery, aphorisms, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

23 Touko 201732min

Unsupervised Learning: No. 78

Unsupervised Learning: No. 78

The WannaCry ransomware worm, the president's EO, Macron hacking, HP backdoors, laptop bans, Amazon releases, Chinese online commerce, CRISPR, Germany and renewable energy, beetles, dental health as social indicator, Reading superpowers, Net Neutrality, serverless, deep learning black box, The Three Body Problem, you can now support the site, The Mechanical Universe, TrueCaller, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

14 Touko 201730min

Unsupervised Learning: No.76

Unsupervised Learning: No.76

Verizon's DBIR report, Chipotle (again), USAF bounty, NSA surveillance hampered, Android hacks, Taser and computer vision, Google fights fake news, Exercise types & mental skills, Perfect pitch recording, Lifecasting, RF X-Ray, discovered links, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

2 Touko 201717min

Unsupervised Learning: No. 75

Unsupervised Learning: No. 75

DoublePulsar in the wild, vigilante IoT worms, Bose listening headphones, PoS hacking sentence, Google ad blocking, best anti-aging exercises, unqualified Indian engineers, , discovered links, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

23 Huhti 201734min

Unsupervised Learning: No 74

Unsupervised Learning: No 74

Shadow Brokers, fingerprinting Netflix traffic, Magneto vuln, Juniper advisories, Amazon speaker tech, Facebook's 100Gbit optical switches, Google Hire, Minecraft currency, a solar-powered water harvester, OWASP Top 10 draft comments, remote SSH, EC2 and NAT firewalls, deep learning is a black box, discovered links, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

17 Huhti 201752min

Unsupervised Learning: No 73

Unsupervised Learning: No 73

Word 0-day, BrickerBot, iOS GIF, Russian arrested, Tizen, OilRig, APT10 MSPs, Dallas sirens, ATM drilling, Watson golf, Uber Italy, AI memory, links, projects, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

10 Huhti 20171h 16min