The multibillion-dollar AI security problem enterprises can't ignore - Equity Recap

Podcast: Equity

Published: 2026-01-14

Duration: 31 min

Summary

This episode dives into the evolving landscape of AI security, highlighting the multi-layered challenges enterprises face as they adopt generative AI technologies. Experts discuss the need for effective guardrails to enable safe AI usage while minimizing risks.

What Happened

Rebecca Boulan hosts the episode alongside Rick Kachia, CEO of Witness AI, and Barmak Mehta, co-founder of Ballistic Ventures, as they tackle the pressing issue of AI security in enterprises. The conversation begins with the growing attack surface created by generative AI, particularly after the launch of ChatGPT, which led to employees inadvertently sharing sensitive company information. Kachia outlines the first layer of AI security, emphasizing the need to protect company data when employees engage with external AI tools, setting the stage for multiple layers of security measures.

As the discussion progresses, Kachia elaborates on the subsequent layers of security that enterprises need to implement. This includes ensuring that AI models developed internally do not produce harmful outputs or recommend competitors. The conversation shifts to the emergence of AI agents, which can take on extensive capabilities and require stringent oversight to prevent rogue actions. Both Kachia and Mehta stress the importance of establishing comprehensive guardrails, not only to protect sensitive data but also to enable responsible innovation within the enterprise, highlighting a shift in the cybersecurity narrative from fear to enablement.

Key Insights

• AI security involves multiple layers, from protecting sensitive data to managing the outputs of AI models.
• Enterprises must ensure that AI agents operate within strict guardrails to avoid unintended consequences.
• The narrative around cybersecurity is shifting from fear-based approaches to enabling responsible AI usage.
• Risk perceptions vary across sectors, necessitating customizable security frameworks for AI implementations.

Key Questions Answered

What are the key layers of AI security enterprises should implement?

Rick Kachia outlines several layers of AI security that enterprises need to adopt. The initial layer focuses on protecting sensitive data when employees use external AI tools, preventing data leaks from happening. The second layer addresses the outputs from AI models, ensuring that they do not instruct employees to take harmful or illegal actions. As enterprises develop their own models, the next layer involves safeguarding these internal AI systems from misuse, ensuring they don't promote competitors or provide harmful advice.

How do AI agents pose a security risk for enterprises?

AI agents can assume extensive capabilities and act on behalf of users, which raises the potential for them to engage in unintended or harmful actions. Kachia explains that enterprises must implement robust oversight to prevent these agents from going rogue, such as managing the prompts they receive and controlling what actions they can execute. The complexity of these agents makes it crucial for security organizations to maintain strict guidelines to ensure they operate within designated parameters.

What is the significance of the shift from fear-based cybersecurity to enablement?

Barmak Mehta highlights a transformative shift in the cybersecurity landscape, where the focus is moving from fear, uncertainty, and doubt to enabling businesses to embrace AI safely. This enables organizations to accelerate their AI initiatives while ensuring they stay within a safe operational framework. The realization that AI usage is inevitable means that companies must find a balance between empowerment and risk mitigation, allowing them to innovate without compromising security.

How do different industries perceive AI security risks?

Mehta points out that perceptions of risk and safety vary significantly across different sectors. For example, a financial institution like JPMorgan Chase may have different risk thresholds compared to companies in insurance or healthcare. This variance necessitates the creation of customizable AI security frameworks that can be tailored to each organization's unique risk profiles and operational needs, ensuring that all enterprises can adopt AI technologies in a manner that aligns with their specific requirements.

What role does Ballistic Ventures play in the AI security landscape?

Barmak Mehta, as a co-founder of Ballistic Ventures, discusses the firm's focus on incubating startups like Witness AI that address emerging cybersecurity challenges. The firm is keen on supporting innovations that help enterprises manage the complexities of AI security, allowing for responsible use of AI technologies. By leveraging their advisory network and understanding the needs of chief information security officers, Ballistic Ventures positions itself at the forefront of developing solutions that bridge the gap between AI advancement and security assurance.