A Conversation with Bar-El Tayouri from Mend.io
Unsupervised Learning6 Maj

A Conversation with Bar-El Tayouri from Mend.io

➡ Get full visibility, risk insights, red teaming, and governance for your AI models, AI agents, RAGs, and more—so you can securely deploy AI powered applications with ul.live/mend

In this episode, I speak with Bar-El Tayouri, Head of AI Security at Mend.io, about the rapidly evolving landscape of application and AI security—especially as multi-agent systems and fuzzy interfaces redefine the attack surface.

We talk about:

• Modern AppSec Meets AI Agents
 How traditional AppSec falls short when it comes to AI-era components like agents, MCP servers, system prompts, and model artifacts—and why security now depends on mapping, monitoring, and understanding this entire stack.

• Threat Discovery, Simulation, and Mitigation
 How Mend’s AI security suite identifies unknown AI usage across an org, simulates dynamic attacks (like prompt injection via PDFs), and provides developers with precise, in-code guidance to reduce risk without slowing innovation.

• Why We’re Rethinking Identity, Risk, and Governance
Why securing AI systems isn’t just about new threats—it’s about re-implementing old lessons: identity access, separation of duties, and system modeling. And why every CISO needs to integrate security into the dev workflow instead of relying on blunt-force blocking.

Subscribe to the newsletter at:
https://danielmiessler.com/subscribe

Join the UL community at:
https://danielmiessler.com/upgrade

Follow on X:
https://x.com/danielmiessler

Follow on LinkedIn:
https://www.linkedin.com/in/danielmiessler

Chapters:

00:00 - From Game Hacking to AI Security: Barel’s Tech Journey
03:51 - Why Application Security Is Still the Most Exciting Challenge
04:39 - The Real AppSec Bottleneck: Prioritization, Not Detection
06:25 - Explosive Growth of AI Components Inside Applications
12:48 - Why MCP Servers Are a Massive Blind Spot in AI Security
15:02 - Guardrails Aren’t Keeping Up With Agent Power
16:15 - Why AI Security Is Maturing Faster Than Previous Tech Waves
20:59 - Traditional AppSec Tools Can’t Handle AI Risk Detection
26:01 - How Mend Maps, Discovers, and Simulates AI Threats
34:02 - What Ideal Customers Ask For When Securing AI
38:01 - Beyond Guardrails: Mend’s Guide Rails for In-Code Mitigation
41:49 - Multi-Agent Systems Are the Next Security Nightmare
45:47 - Final Advice for CISOs: Enable, Don’t Disable Developers

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.

Avsnitt(532)

NO. 361 | GPT++, Apple Security, CISA Cuba…

NO. 361 | GPT++, Apple Security, CISA Cuba…

GPT++, Apple Security, CISA Cuba…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

12 Dec 202212min

NO. 360 | NEWS, ANALYSIS & DISCOVERY SERIES

NO. 360 | NEWS, ANALYSIS & DISCOVERY SERIES

Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

5 Dec 202213min

Erkang Zheng of JupiterOne | SPONSORED INTERVIEW SERIES

Erkang Zheng of JupiterOne | SPONSORED INTERVIEW SERIES

In this standalone episode we’re doing a sponsored interview with Erkang Zheng of Jupiter One. So JupiterOne is a special company to me. I just built a vuln management program at Robinhood based around them, and I believe so much in their vision that I’m looking to actually become an advisor. I mention this because when I fanboy for something, like Apple, or whoever, I want you to know that I’m fanboying and/or have a relationship with them. Or that I want to. The interview here talks mostly about concepts, however, and not so much specific features. But I just wanted to mention my orientation to the company prior to starting. I’m speaking with Erkang Zheng who is the founder and CEO of the company, and as you can hear we have a similar take on many of the problems currently in security. So with that, here’s Erkang Zheng. — Start a JupiterOne Account for FreeBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

3 Dec 202227min

NO. 359 | THE NEWS, ANALYSIS & DISCOVERY SERIES

NO. 359 | THE NEWS, ANALYSIS & DISCOVERY SERIES

Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

28 Nov 20229min

Scott Kuffer of Nucleus Security | SPONSORED INTERVIEW SERIES

Scott Kuffer of Nucleus Security | SPONSORED INTERVIEW SERIES

In this standalone episode we’re doing a sponsored interview with Scott Kuffer, co-founder and COO of Nucleus Security. I was already excited by this vendor just based on the research I did to allow them to be a sponsor, but the conversation with them really made me think they’re approaching the vulnerability management problem the right way. Namely, by tackling a lot of the non-technical problems using technical solutions rather than obsessing over vuln prioritization. If you are in the VM space or are about to be in it, you will love this conversation. And with that, here’s Scott Kuffer with Nucleus Security.Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

28 Nov 202247min

NO. 358 | NEWS, ANALYSIS, & DISCOVERY SERIES

NO. 358 | NEWS, ANALYSIS, & DISCOVERY SERIES

Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

22 Nov 202214min

NO. 357 | NEWS, ANALYSIS, & DISCOVERY SERIES

NO. 357 | NEWS, ANALYSIS, & DISCOVERY SERIES

NSA Languages, GPT-4 Hype, Chinese AirDrop…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

14 Nov 202212min

NO. 356 | NEWS, ANALYSIS & DISCOVERY SERIES

NO. 356 | NEWS, ANALYSIS & DISCOVERY SERIES

Sponsored by JupiterOne: jupiterone.com/unsupervisedlearning Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.

7 Nov 202211min

Populärt inom Teknik

uppgang-och-fall
rss-racevecka
elbilsveckan
rss-badfluence
bilar-med-sladd
bosse-bildoktorn-och-hasse-p
market-makers
skogsforum-podcast
rss-veckans-ai
natets-morka-sida
rss-technokratin
rss-laddstationen-med-elbilen-i-sverige
hej-bruksbil
garagehang
mediepodden
solcellskollens-podcast
rss-uppgang-och-fall
rss-snacka-om-ai
developers-mer-an-bara-kod
ai-sweden-podcast