Gen AI Threat Modeling vs. AI-Powered Defense:

Is generative AI a security team's greatest new weapon or its biggest new vulnerability? This episode dives headfirst into the debate with two leading experts on opposite sides of the AI dragon. We 1st published this episode on Cloud Security Podcast and because of the feedback we received from those diving into all things AI Security, we wanted to bring it to those who haven't probably had the chance to hear it yet on this podcast.

On one side, discover how to leverage and "tame" AI for your defense. Jackie Bow explains how Anthropic uses its own powerful LLM, Claude, to revolutionize threat detection and response. Learn how AI can be used to:

• Build investigation and triage tools with incredible speed.

• Break free from the "black box" of traditional security tools, offering more visibility and control.

• Creatively "hallucinate" within set boundaries to uncover investigative paths a human might miss.

• Lower the barrier to entry for security professionals, enabling them to build prototypes and tools without deep coding expertise.

On the other side, Kane Narraway provides a masterclass in threat modeling the new landscape of AI systems. He argues that while AI introduces new challenges, many are amplifications of existing SaaS risks. This conversation covers the critical aspects of securing AI, including:

• Why access, integrations, and authorization are the biggest risk factors in enterprise AI.

• How to approach threat modeling for both in-house and third-party AI tools.

• The security challenges of emerging standards like MCP (Meta-Controller Protocol) and the importance of securing the data AI tools can access.

• The critical need for security teams to adopt AI to keep pace with modern engineering departments.

Questions asked:

(00:00) Intro: Slaying or Training the AI Dragon at BSidesSF?(02:22) Meet Jackie Bow (Anthropic): Training AI for Security Defense(02:51) Meet Kane Narraway (Canva): Securing AI Systems & Facing Risks(03:49) Was Traditional Security Ops "Hot Garbage"? Setting the Scene(05:57) The Real Risks: What AI Brings to Your Organisation(06:53) AI in Action: Leveraging AI for Threat Detection & Response(07:46) AI Hallucinations: Bug, Feature, or Security Blind Spot?(08:55) Threat Modeling AI: The Core Challenges & Learnings(12:26) Getting Started: Practical AI Threat Detection First Steps(16:42) AI & Cloud: Integrating AI into Your Existing Environments(25:21) AI vs. Traditional: Is Threat Modeling Different Now?(28:34) Your First Step: Where to Begin with AI Threat Modeling?(31:59) Fun Questions & Final Thoughts on the Future of AI Security

Resources

BSidesSF 2025 - AI's Bitter Lesson for SOCs: Let Machines Be Machines
BSidesSF 2025 - One Search To Rule Them All: Threat Modelling AI Search