Name: Why AI Needs Cyber Security Urgently?
Start: 2020-10-20T04:00:00Z
End: 2020-10-20T04:00:35.000Z
Location: BrightTALK
Rating: 4.5

CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org.  Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

Security teams are drowning in data. Alerts, findings, metrics, dashboards — all technically “useful,” yet often failing to answer the most important question: what actually matters right now, and why? As artificial intelligence becomes more accessible across security programs, many organizations are experimenting with AI-driven tooling in the hope that it will bring clarity. But used inefficiently, AI can often amplify existing problems rather than solving them.

This discussion explores how AI is reshaping data-informed security decision-making — not as a silver bullet, but as a force multiplier that depends heavily on human judgment, context, and intent. We’ll examine why most AI in use today more closely resembles advanced machine learning than true autonomous intelligence, and why outcomes are still largely driven by the quality of inputs, assumptions, and program maturity.

Through an operational and security lens, the speakers will unpack how teams can move from raw signal volume to meaningful narratives that support better prioritization and risk decisions. We’ll discuss common failure modes, including over-reliance on automation, misinterpreted insights, and resistance from skeptical stakeholders. The conversation will also address how organizations can responsibly incorporate AI into existing security workflows without compromising trust, transparency, or accountability.

To ground the discussion, we’ll walk through a practical vulnerability management example, illustrating how an AI assistant can help surface recommendations that improve efficiency and decision quality — while still keeping humans firmly in control of outcomes. Ultimately, this session aims to help security leaders separate signal from noise, hype from value, and automation from understanding as they navigate an evolving AI landscape.

From Noise to Narrative: How AI Is Reshaping Data-Informed Security Decisions

AI agents are rapidly becoming the most powerful “users” inside the enterprise. They provision infrastructure, move data, and call APIs with broader and more persistent access than human employees, yet they operate outside traditional safety nets. Unlike human access, there is currently no clear ownership, no certification process, and no accountability model for these machine identities.

In this session, we examine how agentic AI has quietly broken the assumptions identity governance (IAM/IGA) was built on. We will explore:

-The Velocity Gap: Why traditional controls fail at machine speed.
-Inherited Risk: How AI agents bypass oversight by inheriting "ghost" permissions.
-The Auditor’s Dilemma: The uncomfortable question CISOs will soon face from boards: “Who approved this access, and who is accountable for what the AI actually did?”.

Your AI Agents Have More Access Than Your Employees. No One Is Accountable

As AI adoption accelerates across organizations, traditional security approaches focused solely on license management and non-human identities are missing the bigger picture. This webinar explores a comprehensive framework for AI security that recognizes the full spectrum of AI identities in your environment, from AI users and builders to AI agents, and provides actionable strategies for discovery, protection, and defense.

We'll examine how AI security can be looked at through an identity security lens and demonstrate how runtime intelligence reveals dramatically more AI usage than static configuration approaches. Attendees will learn practical methodologies for inventorying their complete AI footprint, identifying risky access patterns, and implementing high-fidelity detection capabilities that enable faster SOC response.

Key Takeaways:
- Understand the three critical categories of AI identities: users, builders, and agents
- Learn why runtime detection reveals 5x more AI activity than static license tracking
- Discover how to identify shadow AI usage and over-privileged AI identities
- Implement a governance framework aligned with NIST AI security guidelines
- Build detection strategies that go beyond traditional NHI approaches

AI Users, Builders, and Agents: Securing the Next Generation of Identities

AI adoption in the cloud is surging, with over 70% of organizations using managed AI services—but security risks are growing just as fast. This latest report uncovers key trends, including the rapid rise of DeepSeek, widespread AI experimentation, and critical security gaps that organizations must address now.

AI Series: The State of AI in the Cloud

The cloud has redefined what is possible in technology, enabling organizations to move faster, scale effortlessly, and innovate without boundaries. Yet the cloud’s defining qualities of speed, scalability, and elasticity have outpaced traditional security models that were built for static, on-premises environments rather than dynamic digital ecosystems. The next phase of cloud security requires a mindset shift that embraces the cloud’s speed, scale, and ephemeral nature as the foundation of a more adaptive and intelligent defense strategy. 

This session explores the next stage in the evolution of cloud security, moving from fragmented visibility and static configuration checks toward real-time insight, automated investigation, and adaptive response. Attendees will learn how automation and AI can help teams embrace the ephemeral nature of the cloud, gaining clarity and control without slowing innovation. 

Participants will gain practical insight into assessing cloud security maturity, identifying visibility gaps, and understanding how intelligent automation enables security teams to analyze activity across thousands of assets, reconstruct events within minutes, and make faster, more confident decisions. We will also discuss how different layers of security, including posture management, threat detection, and incident response, work together to deliver a unified, adaptive approach to securing modern environments. 

The session will inspire participants to view the cloud’s dynamic nature as an opportunity to transform it into an ally in defense, rather than a source of endless complexity.

Redefining Cloud Security in the Era of AI and Automation

Security operations are entering a new era, where AI doesn’t just automate tasks, but understands context, collaborates, and learns. The foundation of this evolution is the Agentic System: a connected network of AI entities designed to make coordinated decisions in complex environments.

In this session, we’ll break down what an agentic system truly is—from its core components to how they operate in a dynamic security operations center. We’ll explore the architecture behind agentic personas, skills, tools, and memory, and show how their interplay leads to faster, smarter, and more predictive defense.

Through practical examples and security-specific use cases, you’ll see how agentic systems are transforming the way teams detect, analyze, and respond to threats, and how to start thinking about building agentic principles into your own environment.

Key Takeaways:
- What defines an Agentic System and why it represents a new model for SecOps
- What makes up an agentic persona and how they can collaborate for a greater outcome.
- How skills, tools, and memory operate in real-time as an agentic system and why this beats standalone automation.
- The outcomes agentic systems can deliver — speed, precision, foresight, and scalability
- Real-world examples of how agentic architectures are reshaping modern security operations

The Anatomy of an Agentic AI System: Understanding the Architecture Behind Faster, Smarter, and Predictive Security

The Cloud Security Alliance recently released the first independent benchmark study of AI agents in the SOC. With 148 analysts across two investigation scenarios, the study delivered hard evidence on how AI makes analysts faster, more accurate, and more consistent.

Hear from CSA CEO Jim Reavis, former Robinhood CISO Caleb Sima, and Dropzone AI CEO Edward Wu as they unpack the results for SOC leaders deciding how to adopt AI today.

What you’ll learn:

• What the data really shows about AI-augmented analysts’ performance in accuracy, speed, and consistency
• Where AI delivers the most value in the SOC today, from Tier 1 triage to Tier 2 investigations
• How analysts felt about AI after hands-on use—and why 94% said their opinion of AI improved
• What SOC leaders should do next to turn research insights into operational advantage

AI in the SOC: Expert Perspectives on the CSA Benchmark Study

As of May 2024, the Wiz Research team has analyzed over 200 cloud security incidents, identified 65 threat actors, and tracked 155 attack techniques alone. With cloud adoption on the rise, security teams now need to understand the threat landscape to stay ahead of evolving risks. Watch the Wiz Research team's insights in this on-demand webinar, featuring an in-depth look at today’s cloud landscape, the latest industry trends, and the most notable threats, including: 
- Who’s targeting the cloud 
- The top 5 most common cloud threats 
- What your organization should prioritize today

How to Find Your Most Critical Risks in the Cloud

MCP servers serve as the backbone that enables AI agents to access the tools, data, and context they need to operate.

By connecting these agents to everything from internal APIs and databases to third-party SaaS systems, MCP turns isolated AI models into fully capable, action-driven agents.

New research by Astrix Security analyzed more than 5,200 open-source MCP servers and surfaced systemic risks:
1. 53% rely on static API keys or PATs
2. Only 8.5% use OAuth applications
3. 79% pass keys via simple environment variables

In this webinar, we will unpack the data, methodology, and what it means for your attack surface.

To help tackle these challenges, Astrix introduces its new open-source MCP Secret Wrapper, a practical way to eliminate hardcoded credentials by fetching secrets from a vault at runtime.

In this session, you will learn how to apply the wrapper for quick wins, how to enforce least-privilege and short-lived access at scale, and how to align with compliance without slowing down your teams.

State of MCP Server Security 2025: What 5,200 Servers Reveal, and the Open-Source Fix You Can Use Today

“What do we actually own in the cloud?” It’s a question security leaders ask every day—yet answers are rarely clear. 

In today’s cloud-driven world, assets, identities, and resources change faster than manual tracking can keep up, creating critical blind spots that attackers can exploit through misconfigurations or overprivileged accounts. For security operations, this speed demands an equally fast response. However, legacy asset management and siloed security tools often fall short, leaving gaps in visibility and costing precious minutes during detection and response.

Join us to see how modern SecOps can outpace attackers by unifying on-prem and cloud telemetry, identifying exposures inside and outside their firewall, and leveraging agentic AI and automation throughout detection, investigation, and response—ensuring cloud blind spots never become entry points.

Key Learnings:
• Why legacy asset management and manual processes can’t keep up with the speed of cloud
• The real risks behind inaccurate cloud inventories, invisible SaaS assets, and cloud exposures
• How AI and automation enable continuous discovery, faster detection, and smarter response in cloud security operations

Cloud Asset Blind Spots: Closing Gaps Before They're Exploited

You’re juggling multiple endpoints. Your remote workforce is creating security gaps. And identity attacks jumped 442% last year alone. In this webinar, you'll hear from Jason Kikta (CISO/SVP, Product at Automox) and Dmitri Alperovitch (Automox Chairman of the Board, co-founder of Crowdstrike) discuss pressing security concerns and real solutions, like:
- What’s actually happening in the current threat landscape
- How autonomous endpoint management eliminates security gaps
- Where Automox is headed next (Spoiler alert: It’s game-changing.)

State of Cybersecurity: A Reality Check

Every day, another AI “agent” for security operations emerges: a playbook runner, a data enricher, a script executor. But stitching together a few task-specific bots doesn’t solve the complex problems facing the SOC—it exacerbates them. On the other side, there’s this promise of an “Autonomous SOC” leveraging agents, but these generic systems don’t have the best understanding or oversight about your environment.

In this webinar, we’ll explore a more effective evolution: Autonomous, role-based, agentic AI personas. Join ReliaQuest President of Field Operations Colin O’Connor, ReliaQuest CTO Joe Partlow and guest speaker Forrester Principal Analyst Allie Mellen for a forward-looking conversation that cuts through the noise to uncover how agentic teammates reframe what’s possible for AI in the SOC. 

In this webinar, you'll learn:
• What distinguishes a task-based agent from a true teammate—and why that matters 
• The architecture of a hybrid human + AI SOC (and what it’s not: autonomous) 
• How to evaluate when to use agentic teammates—and when not to 
• What a future-ready operating model looks like in live use-case walkthroughs

The Case for Agentic Teammates: Moving Beyond Task Bots

The 2025 Identity Automation Crisis: What 500+ Leaders Exposed
Enterprises have never had more identity tools—SSO, password managers, privileged access controls, and governance platforms. On paper, the identity stack looks mature. But beneath the surface, a critical problem persists: the last mile of identity still runs on manual execution.

The new 2025 Identity Automation Gap Report, based on insights from 500+ IT and security leaders, shows just how wide the gap really is:
• 58% of former employees keep access to systems after leaving
• 41% still share passwords manually (yes, spreadsheets)
• Fewer than 4% of enterprises have fully automated core identity workflows

Join Matt Chiodi, CSO at Cerby, and Aaron Turner, Faculty at IANS, as they unpack what the data reveals and share practical ways to:
• Spot and close your biggest identity blind spots
• Extend automation to disconnected apps (without ripping out your stack)
• Turn manual execution into automated protection that’s secure, scalable, and resilient

The 2025 Identity Automation Crisis: What 500+ Leaders Exposed

The transformative power of AI is undeniable, yet unlocking its full potential requires enterprises to secure their enterprise data to safely scale AI systems. Building trustworthy AI Assistants and Agents necessitates a comprehensive understanding of your organization's data landscape – especially unstructured data – coupled with fine grained access controls to protect against accidental leakage of sensitive data, clever cyber attacks and inappropriate internal access.

Join Nikhil Girdhar from Securiti and Shanmugam Kandaswamy from AWS  as they discuss how to apply Securiti DSPM to accelerate the safe deployment of enterprise AI assistants and agents with Amazon Q Business. Gain technical insights on how to establish proactive data security and governance, and mitigate emerging AI risks, such as OWASP Top 10 for LLMs.

Attendees will learn how to:

• Create comprehensive Data+AI mapping with full data lineage and provenance
• Prevent unintended data access by users of AI Assistants by enabling stronger data access controls
• Mitigate emerging AI risks such as prompt injections and sensitive data exposure
• Improve the efficacy of AI responses by minimizing redundant, obsolete, and trivial (ROT) data

From Data to Deployment: Safeguarding Enterprise AI with Security and Governance

Conquering Cloud Security Pain Points addresses the critical security challenges enterprises face in the cloud. The agenda includes a discussion of the promise versus the reality of cloud security and a deep dive into six key pain points. The session will also present strategic approaches to overcome these challenges, such as fostering unified visibility and control, implementing consistent policy enforcement, and streamlining security change workflows. The presenter, David Geffen, CMO at AlgoSec, will also cover achieving continuous compliance, bridging the cloud security expertise gap, and embracing proactive risk prevention. The presentation concludes with key takeaways and next steps for a holistic security strategy.

Conquering Cloud Security Pain Points

Securing your organization is no longer just an IT issue; it's a financial necessity. This webinar explores how identity security can help companies reduce global cyber losses by billions. We'll discuss how these findings are reshaping corporate budgets and influencing how insurers assess risk.

Key Takeaways
• Financial Impact: Learn how strong identity security directly reduces your financial exposure to cyber threats.
• Evolving Threats: Discover how the changing the threat landscape and the security strategies needed to combat it.
• Actionable Advice: Get practical guidance on where to start with identity security and how executives can use this data to justify critical investments.

Join us to learn how to turn identity security from a cost into a competitive advantage.

From Risk to ROI: The business case for identity security

Generative AI tools like ChatGPT are rapidly being adopted across enterprises to drive efficiency, but they come with real and immediate security implications.

Recent studies show that 15% of employees are pasting data into GenAI tools, and 1 in 3 are unknowingly sharing sensitive information. These behaviors create a new layer of risk: inadvertent data leaks, compliance violations, and exposure of confidential assets.

As a result, most organizations face a blunt choice: block GenAI entirely or allow it unchecked. Neither option is valid in today’s world. But GenAI security and productivity shouldn’t be an “either-or” choice.

In this webinar, LayerX security leaders will break down how to secure GenAI usage without sacrificing its value. You’ll get a clear understanding of how these tools are being used, what risks they create, and what practical steps you can take to mitigate them.

Register for this webinar to learn:
• Industry Insights: See how and where GenAI is being used across the enterprise—by whom, for what, and how often.
• Risk Breakdown: Learn what kinds of sensitive data are being exposed, and what that means for your security and compliance posture.
• Protective Actions: Walk away with specific policies, controls, and tools to reduce risk while enabling safe GenAI adoption.
• Real World Lessons: Hear how leading security teams are addressing these challenges in real-world environments.

Whether you’re a CISO, a security architect, or part of the compliance team, this session will give you clear, actionable guidance to secure your organization’s GenAI usage—before it becomes a problem.

Register now and take control of GenAI security before it takes control of you.

Preventing GenAI Data Leakage: Enabling Innovation Without Compromising Security

This webinar offers cloud network security experts an in-depth look at the paradigm shift from traditional perimeter-based security to a modern application-centric approach. Discover why conventional data center security models, relying on static policies and firewalls, are ill-suited for the dynamic nature of cloud environments, which are characterized by the explosive growth of IaaS, PaaS, and SaaS. We will explore the critical challenges posed by vanishing perimeters, lack of visibility into cloud environments, and the complexities of securing highly dynamic resources like VMs, containers, and microservices. The session will detail the core principles of application-centric security, including achieving granular visibility into application dependencies, implementing Zero Trust frameworks with verification and validation checkpoints, and leveraging microsegmentation for enhanced isolation. Furthermore, learn how automation and orchestration are essential for consistent policy enforcement, faster response times, and increased efficiency in managing cloud security at scale across diverse multi-cloud and hybrid infrastructures.

The Evolution of Cloud Network Security: From Silos to Service-Centricity

Join fellow CISOs for this panel discussion about Cloud Security strategy in 2020 and beyond.  Where should you place your bets (and your budget)? How can you protect your organization from the new threats? And perhaps, most importantly, what do you say to the CEO who comes looking to you for cloud security answers?

This session is moderated by Ken Low, Cybersecurity Industry Leader and Former Chairman, APAC Executive Council, CSA.

Panelists include:
Subhajit Deb, CISO, Dr. Reddy’s Laboratories,
Alex Ng, Director, Insyghts Security, 
Md. Noordin Yusuff Marican, Global CISO, Circle.Life,

The Current & Future of Cloud Security Strategy

We review what Certification means, in the most important
criterion for a business, sales.  How does a Certification Program
achieve this?  And what are the costs, not just direct.  How should an
Organisation begin this process, what to look out for, and what do you
get at the end?  We also review the differences of the CSA STAR with other Cloud Security programs.

Watching the STARs

With most office workers working from home due to Coronavirus pandemic, computer virus attacks on home computers are now a major issue facing the world. In this talk, we discuss the history of computer virus, cyber threat and why enterprises can be insecure due to having a false sense of cyber security. We also discuss how computer users can get infected by computer virus and what they can do about it.

Coronavirus, Computer Virus, Cyber Threats: A False Sense of Security

With more and more emphasis on cloud computing, the traditional enterprise perimeter is being redefined.  This means enterprises must think differently when considering cybersecurity protection.  The panel will explore changes enterprises should consider for risk management.

This session will be moderated by Bob Flores, Founder and CTO of Applicology Inc. Panelists include:
Satyavathi Divadari, ​​ Chairman, CSA Bangalore Chapter
Sandip Kumar Panda, Co-Founder & CEO, Instasafe
Keith Prabhu, Chairman, CSA Mumbai Chapter.

There is no more enterprise perimeter.  Now What?

As the threat landscape and cybersecurity risks are an ever present threat in 2020, it is clear that measures have to be taken to be more mindful of what end users, people, applications and IOT device connections we allow through the virtual network defences into the platform and software services. As malware continues to evolve, accidental misconfigurations grow with application complexity, and new forms of operations hacking emerge, and the top three attack vectors were Phishing (31 percent), Scan and Exploit (30 percent) and Stolen Credentials (source IBM X-Force), it is clear that Identity Management and Access Control require attention to ensure they effectively protect data centre resources. It is clearly time for a new approach to identity services allowing or denying access, particularly for insecure network connections.

Zero Trust and Identity as a Service

Security has become of paramount importance in recent times, especially due to the advent of cloud computing and virtualization. With so many devices in the mix, users have the choice of working from anywhere they want. The rapid increase in global IP traffic have challenged network service providers to scale and improve infrastructure to meet this new demand. We explore the merits and performance of Software Defined Perimeters to withstand DDoS attacks in multiple network implementations including hybrid cloud applications, network function virtualization and software defined networks.

SDP & 'Black-Cloud' Protection

Secure Access Service Edge (SASE) has become one of the hottest topics in the IT industry. Fueled by cloud services, the rise of BYOD and fast tracked by the new reality of remote working, direct-to-cloud platforms radically disrupt the economics of traditional IT security. By 2024, Gartner predicts that 40% of companies will adopt a SASE architecture. 

But what exactly is SASE and will it make enterprise data more secure? How will organizations secure their data in a cloud-first world when the user and information are completely outside the enterprise boundary? This presentation cuts through the hype to explain the fundamentals of SASE, and how it compares to typical network and cloud security architectures. It will cover real-world use cases for securing SASE, and the benefits of moving to a cloud-first SASE platform.

SASE Economics: The New Frontier of Cloud Security

Since 2010, the CSA Top Threats report has revealed major security concerns in cloud computing from top industry professionals. John shares how the report can be used to protect against the latest attacks and high profile breaches of the past year. Leveraging the latest Deep Dive attack model, popular breaches are broken down into the threats, risks, and vulnerabilities that were exposed. Critical mitigations and controls are also shared to make sure your organization is prepared for these types of attacks.

Modeling Against the Top Threats in Cloud

For the last 3+ years ISACA has been conducting member surveys around the world on State of Cybersecurity. The latest report based on survey conducted in Q4 2019 focuses on the threat landscape, the measures security professionals employ to keep their enterprises safe, and key trends and themes in the practice of security. 

This presentation will focus on Cloud security specific findings and analyse key threats and defense strategies being employed in areas of audit, risk management, security and governance of Cloud programs.

State of Cybersecurity 2020: Cloud Security Threats and Security Practices

As organisations lift and shift workloads into the cloud they are required to not only protect themselves from external threats but also from internal disruptions such as multi cloud deployment sprawl, de-centralised management of these cloud services and the most damaging lack of centralised security and visibility.  As we lean forward into cloud the talks of today are visionary and theoretical, Mickey will aim to give you tactical methods to disrupt your own organisation from risky cloud deployment practices and actionable advice to prevent adversaries from taking advantage of harmful cloud practices.

Disrupting yourself and your Adversaries in the cloud

Cloud Security Alliance APAC Virtual Summit

Traditionally, cyber security systems have been adding AI capabilities to detect unknown malware, zero day attacks and to analyse logs to detect abnormalities to discover frauds, insider attacks and denial of service malfunctions. However, these sophisticated AI systems are themselves attackable via Adversarial Examples. For instance, one could bypass an email anti-phishing system, physical camera monitoring or IoT control systems to subvert and evade the enterprise security monitoring infrastructure. Thus, this presentation addresses the evolution of AI robustness cum security, what would be best practices and design principles to operate AI securely, how to measure how strong the AI model would be and what are the common knowhow in this area of Adversarial Attacks. Importantly, we would need to know how to defend future Smart Nation and strategic AI systems well and be able to manage the fast developing AI risks and vulnerabilities.

Why AI Needs Cyber Security Urgently?

Cloud Security

Cyber Security

Malware

Artificial Intelligence

Risk Management

Vulnerabilities

Enterprise Security

Cyber Attacks

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Why AI Needs Cyber Security Urgently?

Presented by

About this talk

Cloud Security Alliance: CloudBytes