A Conversation with Bar-El Tayouri from Mend.io

➡ Get full visibility, risk insights, red teaming, and governance for your AI models, AI agents, RAGs, and more—so you can securely deploy AI powered applications with ul.live/mend

In this episode, I speak with Bar-El Tayouri, Head of AI Security at Mend.io, about the rapidly evolving landscape of application and AI security—especially as multi-agent systems and fuzzy interfaces redefine the attack surface.

We talk about:

• Modern AppSec Meets AI Agents
How traditional AppSec falls short when it comes to AI-era components like agents, MCP servers, system prompts, and model artifacts—and why security now depends on mapping, monitoring, and understanding this entire stack.

• Threat Discovery, Simulation, and Mitigation
How Mend’s AI security suite identifies unknown AI usage across an org, simulates dynamic attacks (like prompt injection via PDFs), and provides developers with precise, in-code guidance to reduce risk without slowing innovation.

• Why We’re Rethinking Identity, Risk, and Governance
Why securing AI systems isn’t just about new threats—it’s about re-implementing old lessons: identity access, separation of duties, and system modeling. And why every CISO needs to integrate security into the dev workflow instead of relying on blunt-force blocking.

Subscribe to the newsletter at:
https://danielmiessler.com/subscribe

Join the UL community at:
https://danielmiessler.com/upgrade

Follow on X:
https://x.com/danielmiessler

Follow on LinkedIn:
https://www.linkedin.com/in/danielmiessler

Chapters:

00:00 - From Game Hacking to AI Security: Barel’s Tech Journey
03:51 - Why Application Security Is Still the Most Exciting Challenge
04:39 - The Real AppSec Bottleneck: Prioritization, Not Detection
06:25 - Explosive Growth of AI Components Inside Applications
12:48 - Why MCP Servers Are a Massive Blind Spot in AI Security
15:02 - Guardrails Aren’t Keeping Up With Agent Power
16:15 - Why AI Security Is Maturing Faster Than Previous Tech Waves
20:59 - Traditional AppSec Tools Can’t Handle AI Risk Detection
26:01 - How Mend Maps, Discovers, and Simulates AI Threats
34:02 - What Ideal Customers Ask For When Securing AI
38:01 - Beyond Guardrails: Mend’s Guide Rails for In-Code Mitigation
41:49 - Multi-Agent Systems Are the Next Security Nightmare
45:47 - Final Advice for CISOs: Enable, Don’t Disable Developers

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Upptäck Premium

Prova 14 dagar kostnadsfritt

Skaffa Premium

Avsnitt(532)

NO. 369 | Reddit Hack, Deepfake Scams, Embracing Change…

NO. 369 | Reddit Hack, Deepfake Scams, Embracing Change… Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

13 Feb 202322min

NO. 368 | China Balloons, CustomGPT, 90s++…

NO. 368 | China Balloons, CustomGPT, 90s++…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

6 Feb 202318min

NO. 367 | Hive Ransom, Anti-Google, Software 2.0…

NO. 367 | Hive Ransom, Anti-Google, Software 2.0… The FBI infiltrated the HIVE ransomware group, stopping over $130 million in ransomware attacks Riot had the League of Legends source code stolen by a ransomware group, but they're refusing to pay the $10 million ransom ODIN Intelligence got hacked, resulting in the loss of police raid plans, facial recognition data, and surveillance information The FBI says North Korea was behind the $100 million Horizon Bridge crypto hack And much more! Sponsored by PlexTrac: Streamline your security testing reporting so you can get back to the work that matters! https://plextrac.com/unsupervisedlearningBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

30 Jan 202314min

NO. 366 | T-Breach, Siri++, Conception Ages…

NO. 366 | T-Breach, Siri++, Conception Ages… TOPICS INCLUDE: -T-Mobile has had another security breach, this one affecting at least 37 million accounts -Canary Cards now available to use as credit cards -Hook Malware allows attackers to fully control Android phones -Attackers are now spreading malware through Microsoft OneNote attachments -Many attackers are migrating from Cobalt Strike to the more defender-focused Silver C2 framework -Git patched two critical RCEs …and many more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

23 Jan 202315min

NO. 365 | China's Decline, MicrosoftAI, Creativity Ratio…

China's Decline, MicrosoftAI, Creativity Ratio…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

17 Jan 202311min

NO. 364 | Reality Headset, BingPT, AI+Cyber

NO. 364 | Reality Headset, BingPT, AI+CyberBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

9 Jan 202315min

NO. 363 | NEWS, ANALYSIS, and DISCOVERY SERIES

Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

3 Jan 202313min

NO. 362 | Dependency Scanner, Citrix Attacks, AI Analysis…

Dependency Scanner, Citrix Attacks, AI Analysis…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

19 Dec 202212min

Allt en och samma app

Lyssna på dina favoritpoddar och ljudböcker på ett och samma ställe.

Noga utvalt innehåll

Njut av handplockade tips som passar din smak – utan ändlöst scrollande.

Fortsätt när du vill

Fortsätt lyssna där du slutade – även offline.

Premium

99 kr/ månad

Tillgång till alla Premium-poddar
Reklamfritt premium-innehåll
Avsluta när du vill

Prova 14 dagar gratis

Premium

129 kr/ månad

Tillgång till alla Premium-poddar
Reklamfritt premium-innehåll
Avsluta när du vill
Ett extra konto

Prova 14 dagar gratis

Populärt inom Teknik

Berättelserna och rösterna du älskar att lyssna på

Obegränsad lyssning på alla dina favoritpoddar och ljudböcker

Upptäck Premium