Building Your Secure AI Roadmap Meetup Stay safe and join us virtually for our upcoming "Building Your Secure AI Roadmap" Meetup to hear directly from practitioners who are addressing these challenges today — from discovery and risk analysis to runtime monitoring and governance. AI is reshaping security risks across every stage of development and deployment. This session will help you cut through the noise, understand the key risks, and walk away with practical steps to strengthen your AI security posture. Whether you're just starting your AI security journey or looking to mature your program, you'll come away with actionable guidance on aligning innovation with security and governance. What You’ll Learn: 1. How to tackle AI security challenges from planning through runtime 2. Real-world use cases, risks, and solutions from top AI security leaders 3. How to embed AI security into your organization’s DNA 4. Key SAIL Framework principles in action

1. Building Your
AI security Roadmap

2. Agenda
The ”AI sea change"
The Practitioner's panel
Q&A
Securing the new computing paradigm

3. Brandon Dixon, Former Partner AI Strategist, Microsoft
The AI Sea
Change

5. Trends
Observed
Advancements in AI continue
Agent(ic)s are the default
Security is augmenting
Lacking strong fundamentals

6. Trends
Observed
Advancements in AI continue
Agent(ic)s are the default
Security is augmenting
Lacking strong fundamentals

8. Trends
Observed
Advancements in AI continue
Agent(ic)s are the default
Security is augmenting
Lacking strong fundamentals

9. What forms an agent?
Plugins,
Automation,
Code
Execution
Actions
Embeddings,
Graphs, Files,
Data
Knowledge
Short, Long,
Personalization
Memory
Planning,
Reasoning,
Learning,
Verification
Orchestration
Access,
Authorization,
Role,
Governance
Identity

10. Measuring agents
• None
• Assistive agency
• Partial autonomy
• High autonomy
• Full autonomy
Autonomy
• None
• Task
• Job
• Role
• Domain
Scope
• None
• Basic
• Proficient
• Advanced
• Mastery
Scale
• None
• Basic
• Developing
• Complex
• Rich
Personality
• None
• Passive
• Limited
• Moderate
• Fully interactive
Interactivity

11. Trends
Observed
Advancements in AI continue
Agent(ic)s are the default
Security is augmenting
Lacking strong fundamentals

12. Security
for AI
players

13. Trends
Observed
Advancements in AI continue
Agent(ic)s are the default
Security is augmenting
Lacking strong fundamentals

15. The best way to predict the future is to
build with it.
The durable advantage in a shifting landscape is experience. Companies who are experimenting
and adopting AI today will be in the best position to understand how it can transform their
business.

16. Dor Sarig, Co-founder & CEO, Pillar Security
Securing the new
computing paradigm

17. How software
is secured
today
T H E C H A L L E N G E
Are these controls
enough to secure AI?
Plan Threat modeling Deploy SPM
Operate
WAF, RASP
Monitor SIEM, SOC
Test Fuzzing, PT
Build
SCA, SAST

18. AI is changing
the way we
build software,
introducing new
security risks
Vibe Coding
Software
AI
Inference
attacks
Data leakage and
privacy
Insecure model output
Supply chain
risks
Compliance
T H E C H A L L E N G E

19. ISO 27001, SOC2, GDPR, S-BOM
GRC Manager
ISO 42001, NIST AI RMF, EU
AI Act, AI-BOM
AI bias/fairness
Data privacy
Model governance
Role
DAST, SAST, SCA, Fuzzing & PT
Traditional Tools/Controls
PT & Risk Analyst
AI Red Teaming,
Model scanning
Prompt injection
AI Tools/Controls New AI Risks Addressed
Model extraction
Jailbreaking
CSPM, SIEM, Security dashboards
CISO
AI-SPM, Business AI Risks,
AI asset inventory
Strategic AI risks
Shadow AI usage
AI security ROI
IDS/IPS, PAM, Shadow IT discovery
DLP tools, Encryption, Access controls
Pipeline scanners, Container scanners
IT Security
Data Security Engineer
DevSecOps Engineer
Shadow AI discovery, Agent
controls, AI Governance
Sensitive data leakage
Rogue models
Agent compromise
Data & Model integrity,
Differential privacy
Data poisoning
Training data leakage
Model inversion
AI Supply Chain tools, ML
pipeline security
Model tampering
Pipeline poisoning
Model drift
WAF, API Gateway, ADR, RASP
Application Security Engineer
Guardrails, Data Masking
PII Reduction
Data leakage
Data privacy
Application abuse/takeover
Security frameworks, Threat modeling,
Zero-trust design
CSPM, Cloud IAM,
Multi-cloud governance
Security Architects
Cloud Security Engineer
LLM threat modeling,
Secure AI patterns
Unknown LLM vulnerabilities
Unsafe AI system interactions
Architectural blind spots
AI workload isolation, AI
security configs
AI Telemetry & Logging
Resource hijacking
Model & data theft
Security Responsibilities in the AI Age

20. Introducing SAIL
OWASP Top 10 Vulnerability-Oriented
ISO/IEC 42001 Management-System-
Oriented
NIST AI RMF Risk-Management-Oriented
Google SAIF Conceptual framework
Databricks DASF Component-Oriented
SAIL
Framework
Process-Oriented
Comprehensive risk mapping
Process driven framework
Practical guide -
Written by practitioners

21. Introducing SAIL
Comprehensive risk mapping
Process driven framework
Practical guide -
Written by practitioners
70+
AI-specific risks
30+
core AI components
Across 7
Development
phases
Aligned with ISO, OWASP,
NIST, DASF

22. Introducing SAIL
Comprehensive risk mapping
Process driven framework
Practical guide -
Written by practitioners

24. AI Security Maturity
Holistic
Advanced
Intermediate
Developing
Initial
End-to-end, automated & process-driven security ops across the entire AI lifecycle
Context-aware security guardrails, DLP controls, Enforced policies
AI asset risk scanning, Threat modeling, AI red teaming
AI inventory management and foundational security posture
Ad-hoc AI tracking and basic access controls
Security
Posture
Gains
Desired state
Current
state

25. Sandbox
Code/No
Code
Build
Deploy
Operate
Monitor
Test
P
l
a
n
AI Telemetry
Workbenc
h
AI Discovery
Adaptive
Guardrails
AI Red
Teaming
AI-SPM
>prod
//dev
Infuse security
across every
stage of the
AI lifecycle
P I L L A R’S U N I Q U E A P P R O A C H

26. Addressing Critical Questions Around
Companies AI/ML Lifecycle
How and where are
we utilizing AI/ML in
development and
production?
What risks and
compliance gaps
exist in our AI/ML
systems?
How can we mitigate
these risks while
enabling innovation?
Discover Evaluate Protect

27. From Theory
to Reality
The Practitioner's Panel

28. Topic 1: Planning, Policy & Discovery
How are you establishing AI governance and visibility at an organizational
level?
What initial actions or tools helped you understand your AI landscape and
risks?

29. How has your risk strategy evolved to address
unique AI threats?
What are key elements for effective AI red
teaming?
Topic 2: Risk Analysis and Red Teaming

30. What are some of the key initiatives or
technologies your teams are implementing for
runtime security?
How are you approaching the detection of
emerging threats or ensuring the security and
auditability of autonomous AI agents?
Topic 3: Runtime, Monitoring and Governance

31. Q&A

32. Meet us at BlackHat

33. Thank you.