Building Secure AI - A Conversation With Steve Wilson of Exabeam
In this episode, host Paul Roberts chats with Steve Wilson, the Chief AI and Product Officer at Exabeam and co-chair of OWASP’s GenAI Security Project, about how AI is transforming cybersecurity and software development.
EPISODE TRANSCRIPT
Paul Roberts, ReversingLabs: Okay. Hey everybody, and welcome back to another episode of Conversing Labs. This is a regular podcast from the team here at Reversing Labs, where we dig into the latest developments in malware threat analysis, software, supply chain risks, ai, and other pressing topics in the information security space.
I'm your host. Paul Roberts. I'm the editorial director here at Reversing Labs, and I'm thrilled to have with me in the conversing lab studio, Steve Wilson, who is the Chief AI and Product Officer at Exabeam and a which is a leading firm in the TDIR space that's threat detection, investigation, and response. Steve leads Exabeam strategy at the intersection of AI and cybersecurity. They are really on the front edge. He's got more than two decades of experience in enterprise software and security. He's held leadership roles at a bunch of really significant companies. [00:01:00] Sun Microsystems, Oracle, Citrix. I think you've probably heard of those companies.
And he's a driving force behind ops gen, AI security project. Co-chair of the initiative that helped produce the Oasp large language model. Top 10 industry's widely used top 10 for LLM security risks. And in addition to all that, he's the author of an O'Reilly book, the Developer's Playbook for Large Language Model Security, which came out back in, I think it was 2023, Steve.
Steve Wilson, Exabeam: 24.
Paul Roberts, ReversingLabs: Sorry, 2024. My bad. 2024. And he's a frequent speaker on how AI is resha reshaping both the cybersecurity industry as well as cyber defenses, cyber crime, cyber offense. And we're gonna talk about his about that. We're gonna talk about his book and some of the other things that are just on Steve's mind these days.
Steve, welcome.
Steve Wilson, Exabeam: Awesome. Thanks Paul. Appreciate you having me [00:02:00] on.
Paul Roberts, ReversingLabs: It's really great to have you on and thanks for joining us. Highly relevant topics these days. I think just tell us a little bit first about your journey to the cybersecurity industry because, those are always interesting stories, and I know in the beginning of your book you talked about your earliest development experience with your Atari 400.
Which is great. I didn't have an Atari 400, but
Steve Wilson, Exabeam: Yeah, but you're jealous, aren't you?
Paul Roberts, ReversingLabs: yeah. Maybe an ARI 800 would've been even better, but whatever. Yeah. So talk to us about, how you came to how you came to the cyberspace.
Steve Wilson, Exabeam: I've gotten used to since join, really joining the cyberspace full time. When people start these discussions, they say, I've been working in cybersecurity for 30 years, and I'm gonna be honest, that's not me. I have been building software and sometimes hardware platforms for many decades, going back all the way till.
My first PCs with eight kilobytes of RAM and [00:03:00] cassette tapes to store programs on 'em. But, I really came up through things like developer tools, cloud computing. My first real job I tell people other than things I did myself, was working on a very early iteration of the Java developer kit team at Sun Microsystems, and so I built many things that needed to be secure.
But during the pandemic I'd spent, prior to that many years working at these big companies. Oracle, Citrix, these are Fortune 500 software companies, publicly traded. And I decided I wanted to go do a startup. And so I actually wound up at an AppSec startup called Contrast Security.
It's a neat company, neat technology. But one of the biggest things it gave me was when chat GPT came out, I got very interested in it from an AppSec perspective and, contrast, CTO is Jeff Williams, who some of your listeners probably know. [00:04:00] Jeff wrote the first Oasp top 10 back in 2000, I think.
And so I went to him with an idea that we should create one for this new thing. And he was very encouraging. He introduced me to some people on the Oasp board and over the next couple months I wound up putting together that first iteration of the Oasp top 10 for LLMs. I thought maybe I would find 10 people who were interested in doing this.
There were 200 people on the first Zoom call. Hundreds of people contributed to the first version of that list. It's now grown into what we call the Gen AI Security Project at Oasp. We produce something like 46 white papers. There's six or seven subgroups on everything from ai, red teaming to now Ag Agentic, cybersecurity, and, group has about 25,000 members now.
Paul Roberts, ReversingLabs: Unreal. That is a huge audience. And the Oasp top tens and the work that Oasp has done has been, as, [00:05:00] hugely important in kind of shaping our understanding of things like application security risks and best practices and so on.
Do you see it having the same influence in ai.
Steve Wilson, Exabeam: People have always been very receptive and encouraging to that original top 10 list. It was very widely read. At the time we weren't even really tracking downloads for the thing, but I know hundreds of thousands of people read it and I've gone around the world had incredible speaking opportunities and things everywhere from Davos to the United Nations.
Based off that I would say that original top 10. It gave a lot of people a framework for understanding the risks. I also think it was in its own way, very limited. 'cause we didn't understand a lot of things. That's why we came out with the new agentic top 10 in December. So just a few months ago, that's been really well received and it [00:06:00] really expanded the lens.
What I'm thinking about now really is the idea that, to be honest, that original top 10 LLM was very much written through an AppSec lens. And the further I get into using and building real agents and we can talk about what that means, but the less I look at it through an AppSec lens, or at least is AppSec being maybe necessary, but completely insufficient to do what you need to do.
Paul Roberts, ReversingLabs: So you talk, just going back to you, your Atari 400 programming you talk about hey, I was doing AI programming back then to create the, the tron the computer run tron cycle for the single player. You created this tron version for the Atari 400 tron, which is pretty cool.
I remember playing Tron in the, in the arcade and seeing drawn, but it got me thinking. I think we, we tend to think about ai and software intelligence and [00:07:00] AI as a very recent development, LLM AI and post chat GPT and stuff like that. But I think you make a really important point, which is software intelligence in this type of concept is as almost as old as programming itself.
Maybe goes back to the mid 20th century. But maybe for the audience, just give your thoughts or your definition of when we're talking about AI software, what are we really, what are the, what are we really talking about there? It's not just CLO code, it's a much longer kind of tradition and history in the software development space.
Steve Wilson, Exabeam: Yeah. I've always been fascinated by AI and just to flesh out that Tron story, I think I was 10 or 11 years old when Tron came out, and I went and saw it and it was amazing. We're all nerds here, so everybody probably has some kind of soft spot in their heart
Paul Roberts, ReversingLabs: A amazing for 10 year olds. I'm not sure it was amazing for, for grownups, but yes, I totally agree. I had the same impression.
Steve Wilson, Exabeam: In a while, go back and watch it just for fun. 'cause you know what Tron was a cybersecurity program. [00:08:00] He was, Tron was designed to watch for intrusions onto the network and shut them down. And so he was a realtime cybersecurity agent. And I think that was probably my first. Exposure probably for a lot of us to the idea of cybersecurity.
And so much of the interesting science fiction is like that, right? These ideas are not new. You go and look at Neuromancer and people think about cyberpunk alleys in Tokyo. That's a story about hackers and artificial intelligence. Like these go together like chocolate and peanut butter hackers and ai.
But some form of AI has been around for a long time. I think I would differentiate between things like my very simple algorithm for how to drive a light cycle using a collection of if then statements from things driven by machine learning where you expose the things to data and they. Find patterns in that data.
And we've been building things like [00:09:00] that for a very long time. But I think there was a step function change in the last few years that came from three things that had been developing for a long time, and they came together to this amazing jump in capability and it's, there was, there's this.
Exponential curve that we're on that's been building for a long time. It's just the front side of exponential curves look like straight lines until you hit that inflection point when enough things come together. And what we had come together were some changes in software. We knew about neural networks for decades.
I built my first neural networks in c plus with no libraries in the early nineties. But you couldn't get 'em to do much. And one of the reasons was. They didn't have, they didn't have memory, they didn't have short term memory. A bunch of guys at Google invented this thing called the transformer architecture.
In 2017, that is the T in chat, GPT. [00:10:00] And that was, it still is a neural network, but it's a particular architecture of it where the thing has some memory and the ability to have what we call a context window and work on large blocks of data. The other two things in retrospect may be obvious, but we needed large scale cloud computing when I was first building neural networks and I had one little CPU not much you can do with one computer. The other thing is, even if you had a bunch of computers, CPUs are terrible at this stuff. The invention of the GPUI did the math when I wrote my book.
2024 era, GPU from Nvidia had 143 million times the floating point calculations as not my Atari 400, but my, MAC two with a Motorola MACO processor from.
And so you put this together and you've got billions of times the compute with upgraded software capabilities and you put 'em all together and it trips over this line where it passes the touring [00:11:00] test.
Paul Roberts, ReversingLabs: Absolutely. And just to bring this full circle, so you're at Exabeam. You guys are, Exabeam is very established cybersecurity company. And obviously I feel like InfoSec cyber is really. About the cutting edge of AI powered transformation, right? Because we're experiencing it on both sides from the threat actor side as well as from the defender side.
Managing, huge volumes of data and alerts and information has just been a problem that's just been steaming in our industry for. Decades. And suddenly there seemed to be tools for actually handling that. So I wanted to give you just a chance to talk a little bit about, first of all, what Exabeam does, and also from your perspective, how some of these developments in the last five years or so are really getting, re reframing what a company like Exabeam does and what it's capable of.
Steve Wilson, Exabeam: [00:12:00] Yeah, so you know, at the surface. Exabeam is a Gartner magic quadrant leader in what's called the SIM space, which is the security information and event management. And that involves collecting up all your log files and letting you try to do security stuff with them. It's a very broad category. It includes everything from Splunk to what Exabeam is doing.
Traditionally that sim space has been around collecting and searching log files, which is the underpinnings of what people in a security operations center need to do to understand what's been going on their network. The problem is, as you say, the data volumes have just been growing and growing over the last 20 years since that category came into existence.
We long ago surpassed what you can handle with a human doing. Typing in SQL like commands to search through log files, to look for patterns and even what you can do with simple prebuilt rules using those [00:13:00] kind of SQL like statements to look for things in real time or semi real time. Exabeam invented what at the time?
It's a mouthful. They called User and entity Behavior Analytics. But this was the early 20 teens and AI wasn't cool yet. If you invented that today, you would call it, aI for cybersecurity. What they basically did was use machine learning algorithms to baseline all the activity on your network.
We build multiple different machine learning models for every user on the network. Inside your company, we build models. Groups that you sit in, like the finance team, the developer team we build models for your company as a whole and we understand what's normal and what's not normal. And this lets us attack things that you could never attack before.
'cause they're very mushy. Things like insider threats. How do I deal with the fact that someone may have legitimate credentials? That get them on the network, but they [00:14:00] are a disgruntled employee who's planning to steal secrets and sell them, or maybe they're a negligent employee that lost their credentials.
They were compromised and it's now someone impersonating them on the network. So we use these machine learning models to spot that this let us detect a lot of things you couldn't detect before, but there was still a lot of human expertise that went into investigating that. So the thing that we've done the last couple years is layering these generative AI and now ag agentic technologies on top of it.
And today we have. Family of six different agent types that are built into the platform that do everything from automatically investigate potential cybersecurity breaches to evaluate the security posture of your company and help recommend improvements to the management team.
Paul Roberts, ReversingLabs: Because one of the [00:15:00] things we all realized is, detecting a threat or a problem is just a start, right? You then need to follow that up. Figure out if what the scope of it is, and obviously take steps to remove the threat. And a lot of those steps were left to companies to do themselves, and yeah. Yeah. But yeah, absolutely. And, finding these patterns, something AI is very good at, right? But the human brains, especially with hundreds or thousands of alerts flowing at them, for. Hours and hours. Yeah. That's not what our brains were really designed to do.
So you just one of the things you did a couple years ago was to write a book for O'Reilly Media on a developer's playbook for large language model security. Really interesting book. I read it. And talk a little bit about, 2024 really pivotal. Time and the AI space, but talk a [00:16:00] little bit about your thoughts about why you decided to write that and what you were trying to capture.
What you felt needed to be written about or needed to be said that just wasn't out there.
Steve Wilson, Exabeam: The book was a very direct continuation of the OWASP Top 10 work that I did for LLMs. And in fact, it was the success of that, which is why O'Reilly approached me about writing the book. And I really wrote it from say, second half of 2023 through second half of, or first half of 2024 during that period.
I think the real thing was the Oasp top 10. For its time was a really great document, but it was 30 pages long. You could read it on a bus ride. Which is an amazing benefit if what you're trying to do is get a basic handle on the situation and build a mental model. What people were asking for is, Hey some of this kind of makes sense, but is this real?
Do I really need to worry about this? How do I put this into practice? You gave me a list of things to worry about, but you gave me [00:17:00] very little information on what to do about it. So what do I do? So how do we expand on that? And the book. Leans a lot into real life case studies on what goes wrong with these natural language systems.
Goes all the way back to examples that predate chat, GPT. 'cause there was life before chat GPT that showed the way and. Goes deep, not into just, here's an abstract definition of prompt injection, but here's real life cases. Here's screenshots of real hacks that happened. Here's the underpinnings of why that worked, and here's what you could have done to avoid it.
By the end we get into the kind of stuff I really like, which is how do you re-engineer your software development process if you're gonna put these things into the middle of, into the middle of your software, and I really do think that changes the way that we build software in ways that people just haven't been ready to deal [00:18:00] with and are still coming to grips with that I'm not just adding, a static library with some function calls and they're all the same. I'm adding a dynamic thing with very complex behavior that I don't understand. The people who provided it don't really understand. And how do you put some controls around that are gonna let you take advantage of the power that's there?
'cause the power's unquestionable. But how do you do that in a safe, responsible way?
Paul Roberts, ReversingLabs: One of the things you mentioned, one of the big differences with, large language model AI versus traditional, let's say AppSec, right? Or security practices is just what you said, which is the lack of clear understanding on the part of developers or end users of exactly what the AI model is doing and how it's reaching the decisions that it's reaching.
And you talk about in your book the, [00:19:00] that research from Stanford on the, I don't know how you say it, Leon five B. Learning model. That was found to contain that, that was used for AI image generation, but was found to contain a lot of inappropriate images, let's just say that. And that what that result.
Steve Wilson, Exabeam: illegal in almost every jurisdiction in the world.
Paul Roberts, ReversingLabs: And that, that led to developers being like, oh my God, I just trained my tool with this. And it contain these images, what does that mean? And it's a different problem from oh yeah, you got a buffer overflow here and look, this is the problem.
It's gonna come, it's it's a totally different problem of okay, I train this thing with a kind of flawed, data set. What does that actually mean?
Steve Wilson, Exabeam: So
Paul Roberts, ReversingLabs: And that seems to me like it's a, it is just this is a big issue for our industry, which is to try and quantify what that actually means from a risk
Steve Wilson, Exabeam: So this comes to the crux of where [00:20:00] we've been shifting our research a lot on this, which is the more, the smarter that these things get, the more agency that they get, meaning, access to tooling. The more autonomy they have. We're used to thinking of these things as prompt response machines like chat, GPT, the newer interesting fun things coming out now have what we call an agentic loop.
They run all the time, they goal seek. And at this point we've built something different. And we talked a little bit about the. Tricks of or the risks of insider threats on cybersecurity. And we're used to those insider threats, primarily being humans. What do you do when they're not humans anymore?
We talk about, malicious insiders, negligent insiders and compromised credentials with these agents. We gotta start to think about. Malfunctioning agents. Misaligned agents, meaning they were trained or built, [00:21:00] not exactly the way that we wanted, or subverted agents. Maybe somebody has hijacked this thing and is using it as a confused deputy to do its bidding on my network.
And this leads to a whole different con set of considerations. And this is where I said, looking at this through an AppSec lens starts to feel really insufficient. When you view it that way, like I definitely want all the AppSec stuff but I gotta look at it through a bigger operational lens of how do I keep this thing under control at runtime while it's doing its job.
Paul Roberts, ReversingLabs: Absolutely, and so your book came out in 2024, which is not that long ago except when we're talking about AI
Steve Wilson, Exabeam: Yep.
Paul Roberts, ReversingLabs: in which it's basically a century. What, what, between when you publish this and today, what would you identify as here are the biggest changes, so when I do version two of this, book, I'm gonna have to talk about these things because this is what's [00:22:00] really, these are substantial changes between when I publishes and what we're talking about today.
Cloud code probably is one of them.
Steve Wilson, Exabeam: Yeah. The first thing I will point people at if you did at any point read the LLM top 10 and you enjoyed that and you found that useful, your next stop at this point, if you haven't seen it, is the age agentic top 10. So it's some of the same people, although the group is a lot bigger now.
It's an amazing paper. It's still very digestible. Read it on a bus ride, but. It really takes this through a different lens and it maintains a consistency with that original top 10 and it points to those vulnerabilities 'cause they're still there and they're still valid. But it looks at it through a lens of these systems that have.
Goals and long running processes and and gets away from some of the very tactical things. It doesn't focus on prompt injection, it focuses on things like goal hijacking and that very much changes the [00:23:00] situation. But when we look at technologically, what have been the shifts in the underpinnings of technology, I'd say this giant shift started.
A little more than a year ago, and there was this meme floating around the internet that involved asking chat GPT to count the number of letter Rs in the word strawberry, and it would fail. Every time in bizarre ways. And and really what it was reflective of is that all of those original LLMs used what you call system one thinking.
Paul Roberts, ReversingLabs: the answer is three, but.
Steve Wilson, Exabeam: it's just, you get a lot of different answers though. But the way that it, the way that it answered questions was the same way that you pull your hand away from a hot stove. Everything was reflex and the fact that it could write poetry using that kind of system was amazing of the brute force. [00:24:00] Application of that kind of thinking, but it's also why these things hallucinated so badly and all of these other things is that was just not sufficient.
And they had a a project at OpenAI, which they wound up code naming strawberry. But it was the idea to build a reasoning loop in these things. And we all tried to do this early on. My book, talked about it. We talked about, these little prompting loops where you ask it to check its own work and you say break it down step by step and do simple steps at a time, but you had to coax it into doing that and.
What in essence they built was they built those loops and then they used reinforcement learning to make these things good at doing some reasoning on top of it. So now they
Two working. I can make a strategy and I can execute against it. You put that together with some of the reinforcement learning on what it means to write good code and you get Claude code, you get a thing. The, my first experiment with Claude Code, not even [00:25:00] kidding, was or sorry, with AI coding, was I had it write my light cycles game for me, and it wrote it in a single file of HTML and JavaScript. I had to copy it out and I had to paste it. Do a little debugging with chat GPT, but I got it running in minutes.
But as things got bigger, you needed these more ambitious models. And so at some point you wind up with Claude code that will go off and create scaffolding and make plans and work for hours on a goal because it has this loop. But the next place that we have just landed in the last couple months, at least from a mass market perspective, are these always on agentic looping systems like Open Claw and that's gonna break everybody's brain.
Paul Roberts, ReversingLabs: So when you look at when you look at the, you mentioned the the agen o, the O os top 10 for agen applications. One thing I, first of [00:26:00] all, when you read through it some of the, a lot of what's on there sounds pretty familiar too. Just what we've been talking about in application security for a long time, CEEs, okay AAU authentication issues and stuff like that.
One of the things that is, I think is interesting and a little fuzzy, a little trickier to manage, but also of course, interest to us here, reversing labs is supply chain risks around. Agentic ai and we've seen a lot of examples of that. So we wrote about malicious pickle files, that were being used to to compromise folks who were, building, building AI on, on hugging face. We've seen examples of hallucinated dependencies, right? Where the AI will just create a dependency that doesn't really exist as part of the code. But of course, when you do that, you're creating an avenue for a malicious actor to be like, oh, I'm gonna go out and create that package.
Right? And. Put malicious code into it, and then, somebody runs this, [00:27:00] they're gonna be pulling that malicious code in because that hallucinated dependency is now an actual dependency. It's one I control. So just stuff like that. But what what should folks understand about that sort of supply chain aspect of cyber risk with agen applications?
Steve Wilson, Exabeam: So some of the things you talked about pickle files and things like that go back to the first rule, which is when you're getting actual. AI components, machine learning models and things like that, they're opaque. We have no known technologies to scan those for vulnerabilities.
You are simply at the mercy of do you trust
Paul Roberts, ReversingLabs: Do you
Steve Wilson, Exabeam: the source of that? And and that's a very hard question just by itself. And that is in honesty, resulted in me shying away from using, some of these open source models for really mission critical stuff with what we do at Exabeam, I have this whole family of AI [00:28:00] agents that, that process a lot of sensitive data. And I use Gemini because I think Google will do a better job on their supply chain than I will, and I don't take what they're giving me, I run it in their cloud. And I assume that they have done a spectacular job at supply chain management for that because it's too darn complicated.
Paul Roberts, ReversingLabs: And it's
Steve Wilson, Exabeam: where it gets
Paul Roberts, ReversingLabs: intensive and they've got the resources right?
Steve Wilson, Exabeam: Yeah. What was interesting is in the first version of the top 10, we put in a thing about plugins
Chat. Gt shipped this concept of plugins while we were writing the list and everyone looked at it, screamed in horror. 'cause it was a terrible model full of obvious flaws. And, envision now.
Everything that is weird about skills and MCP and all this other stuff written by amateurs who didn't understand anything about cybersecurity. So [00:29:00] we put that in there. What was interesting is Open AI itself didn't even bother to fix it. They just killed it. And so we let that drift off the list.
I. It has come back in spades now, and as we get into these age agentic technologies, what we see are these actual, legitimate, real exploits happening with these much smaller fragments, but fragments of different things that our traditional tools are not used to. Looking at. The first one that raised a ton of alarms is MCP, which is the model context protocol.
It's how you give your agents tooling, but this is a loose standard with no central. No central control. People just publish these, you get them from who knows where they are right in the flow potentially of handling all your credentials and all your other stuff and potentially large amounts of the data that you're processing.
Eh, there's been a lot that's been published recently [00:30:00] about how to think about that better. The other things with things
Paul Roberts, ReversingLabs: there have been malicious MCP attacks that we've
Steve Wilson, Exabeam: Yeah, absolutely. That's, it's very real. With things like open claw, again, open source community wild, wild west does have things like central repositories for things, but there are no gates on what goes in there.
And, somebody went and looked at the skills repository and came up with some estimate that like 50% of the stuff in there was, toxic to malicious. And my own experience with this, I started building my own open claw agent a couple weeks ago and I, like every other good hacker, don't read the manual.
I just install it and start talking to it. And I'm like, Hey, I want you to use the browser. How do you
Paul Roberts, ReversingLabs: on your work computer, by the way.
Steve Wilson, Exabeam: Oh, no we can talk about this. I built a big old sandbox for it, but still I wanna, I want you to talk to the web. I want you to use a browser. How do I do that? It's you need the Chrome plugin.
Go to the [00:31:00] Chrome plugin store. I search for the open clock chrome plugin. There are four of them that all look identical. None of them from the same publisher. Some of them with a lot of stars though, and a lot of downloads.
Paul Roberts, ReversingLabs: Oh yeah.
Steve Wilson, Exabeam: So I go off and do some research and I realize the only way to get this to work properly is there's one that was bundled with it.
You need to load that as an un unpacked, unapproved chrome thing through your own squirrely back door. If you went to the Chrome store, you 100% got a. Really questionable piece of software right in the middle of everything that your agent was trying to do. It's absolutely real. So they're trying to deal with this.
They made a deal with virus total to, to scan the skills repository and things, which is great. It's a step in the right direction. But you
Paul Roberts, ReversingLabs: have come to Reversing Labs, but whatever. I'll let that go.
Steve Wilson, Exabeam: you have to, Google's got probably a [00:32:00] bigger brand name, I don't know. But it's the net of it is you've gotta be really conscious of these supply chain things, whether as an AI user or as a software developer, potentially building some of these into your platforms. It's the supply chain thing is very real.
Paul Roberts, ReversingLabs: And we've written about, and others have as well about just the effort that malicious actors are making to make malicious. Packages look legitimate with, they'll do multiple versions. They'll have, huge numbers of downloads that like, oh hey, all these, 30,000 downloads in two
Steve Wilson, Exabeam: Probably had their AI agent downloaded a bunch of
Paul Roberts, ReversingLabs: Exactly. What you're talking about with the Chrome plugin you, even though our gut is to assume this thing's got 10,000 downloads. This must be the legitimate one. Hold on, right? No. In fact, that might be the opposite, right? That might be evidence that they're using a bot to do that.
But yeah. Really crazy. And of course people have been, there's so much about open [00:33:00] claw, it's amazing capabilities, but also, like you said, total Wild West. In terms of. What exactly it is that you're installing? What, how it might be abused, this is a, an issue that that companies are gonna have to deal with, individuals are gonna deal with and so on.
One of the things you did in your book is develop a framework for companies to plan and. Deploy AI projects. You call it raise responsible artificial intelligence, software engineering, like that good acronym. Can you just give a quick kind of summary of raise what it is and how development organizations might deploy this or apply it.
Steve Wilson, Exabeam: Yeah I won't try to go through all the steps 'cause I honestly don't have them paged in at this point, but I will hit on maybe some of the parts that we haven't talked about here. And a lot of that, and this being written even prior to my joining Exabeam, is how do you move [00:34:00] past just this AppSec idea and think about the operational characteristics of these things in the longer term.
And in particular, when you get these things into runtime, how do you understand how they're behaving and what are you looking for to look for indications of compromise in these things? Whether they're self owning on these situations of just being broken and doing stupid stuff.
And how many times if you're using Claude code, have you had it say, oops, I'm sorry. Deleted all the tests or oops, I'm sorry. I made all the tests pass automatically and forgot to tell you. 'Cause that was convenient for me. A lot about this is really understanding that your systems, if you're gonna make them age agentic and we did talk a lot about this in the book, even though at the time there weren't a lot of these self-running agent systems is if you're gonna have something that's long running and gold directed, you better be [00:35:00] really actively monitoring it all the time.
And so you wanna look at basic things like log files. Log files are not usually the domain of an AppSec team. They're like, that's, oh, that's the SOC team, that's the security operations center. They deal with the log files. With this kind of software, you can't draw those lines. So I think you need to start to think about things like I didn't have a name for it yet in the book, but I do now, which is agent behavior analytics.
And. We talk about user behavior analytics. That's a very well established field now, and most large companies have an insider threat team where they look at how do I understand the behaviors of these things? But, think about it from the perspective of if I've built an agent that's truly a digital worker and.
I've given it I've given it credentials. I've given it a job. I've given it access to some applications. How do I understand what's normal [00:36:00] for that thing? And it's okay, it's normally been doing this, and then all of a sudden it takes a left turn and starts doing something else. And maybe it's the fact that a very low level technical indicator says this thing's processing 10 times as many tokens today as it processed yesterday.
Maybe it's been, maybe it's been hijacked and it's doing something suspicious. Maybe it's a bug. Whatever it is, I probably wanna know about it, and I probably wanna get it on it pretty quick. At the other level, it's maybe it's logging into applications that it didn't log into yesterday. Why?
Why is it doing that? I better go find out. And one of, one of the things I've been writing about lately is I've actually come to hate the term AI agent. It's it means everything and it means nothing at this point. Everything's an AI agent and. The place where we're going with these things like open claw with these agentic always on loops are digital workers.
And if you view it through that [00:37:00] lens, you start to view it less as an AppSec problem. I still have to deal with all that, but you get exposed to all the surface area that you weren't thinking about. How do I log its behavior? How do I look at what systems it's accessing? All of those things that I would do with an employee.
Just short of putting it on the org chart. And I've started to have conversations with my hr VP at work. If I deploy these things that are. Any more like humans, should we put them on the org chart so people can find them? Rather than making them look it up through some weird side channel, should I just say, I have these three AI agents that work for me and here's their jobs?
I don't know. It's getting weird, but I think that's the crux of
Paul Roberts, ReversingLabs: And if they're interacting with other employees
Steve Wilson, Exabeam: Yeah, if you're gonna give it an email address and put it on teams and give it a name thing, things are gonna get weird real fast. So just closing that out, that process, think of it from everything from the front end of that traditional AppSec process, through the [00:38:00] end of watching it, monitoring it, and doing continuous improvement.
Paul Roberts, ReversingLabs: So one of the things that you recommend is two more questions. Is that okay?
Steve Wilson, Exabeam: Yeah.
Paul Roberts, ReversingLabs: One of the things you recommend is for companies to really pay attention to and limit the domain of their ai, to whatever, job you are giving the ai, which makes total sense and most of us are really accustomed to these very generic. AI like chat, PT and cloud code and whatever, that basically have no boundaries on their domains, right? They just are general knowledge ai and we all tend to think about is this applying? Okay, I, got an API, I'm gonna talk to chat GPT or talk to cloud code and whatever, and do what I needed to do.
Talk just a little bit about what it means to what the risks are for having a, really [00:39:00] broadly. Educated, empowered AI model to do some fairly focused tasks within your organization.
Steve Wilson, Exabeam: So I will say some of what I was specifically writing about in the book is a little bit of an artifact of the early versions of these things when you were dealing with things that were pre-chat, GPT-4. It had such small context windows and things like this and it actually had relatively few neurons and it was like, I better really tightly scope that.
I think the amazing thing about today's AI models is, this thing read the internet and internalized large portions of it. So you start from this very broad base of knowledge. So everything is going to have a broad base, but you probably. Unless you're open AI or anthropic your job is not to have this thing be an access point for the sum of all human knowledge.
You are trying to do a job [00:40:00] and. You have this unfair advantage then that you can scope it down tightly and put a lot of that horsepower to more focused uses. And there's two very practical ways that you do this. One is quite simply, an offshoot of what we all started to do with chat.
GPT, you tell it, your job is this, you're doing this. Puts it in a mindset to focus. So it clears out some things, but that's really loosey goosey. The other one is just realizing that you can't trust the data that's in its brain 'cause it's basically a compressed version of the internet with a very lossy algorithm.
So if you really want it to do work, you use a pattern called rag, which is re retrieval augmented generation, which is you pour context into the top of it. When you look at something like Claude Code, it has this very narrow domain of I'm trying to write software, I'm not trying to write poetry. And beyond that, I'm working on [00:41:00] this code base.
And it has access to that code base. And so I'm not trying to program in all programming languages at once. I am working in Python in this code base and here's what I'm working on. So I would say that's really focusing. The other piece of this though, when we talk about agents, the original top 10, how to vulnerability that was aimed at getting people ready for this.
Even though we weren't building a lot of agents yet, we simply called it excessive agency. the idea is don't give this thing more responsibility than it's able to handle quite simply. And a lot of people came from an AppSec view and said, that's just least privilege. Why are you
Paul Roberts, ReversingLabs: the least privilege, right? Yeah. All.
Steve Wilson, Exabeam: But I think in practice it winds up being much different.
Least privilege sends you down this AppSec route that says, okay, I, I'm, I'm doing this with this very particular view on it. And it's not that they're unrelated, they are, but you think about it differently and when you [00:42:00] fast forward to where they're real agents. When I built my Open Claw agent, this was very much something I thought about.
And the default way to deploy open claw for a lot of people is you download it and put it on your laptop and you have it start doing stuff and it's actually incredibly convenient 'cause you're already logged into everything. The downside is it's now logged into everything. And so if it drops all the tables out of your database or it goes crazy on the network, you're the one who went crazy on the network.
This is on you. When I built this, I did what a lot of people see do and people have asked questions, why'd you do this? I went out and I bought a Mac Mini. Why did I do that? 'Cause I like Macintosh's. But the other thing is I wasn't gonna run it on my computer. And when I set that up, I didn't give it any of my credentials.
I didn't log in with my Apple id before I installed the software, I went to Google. I gave it its own Google id. I got a Gmail box, a Gmail calendar. [00:43:00] I gave it its own open AI key, and when I installed it, I poured all this stuff into it. And as a digital worker, it now has its own credentials and I can track its behavior on the network.
Paul Roberts, ReversingLabs: Do you have it doing for you?
Steve Wilson, Exabeam: Ah I made it my, I made it my personal assistant, but as a very real clone of what my secretary at work does. So I delegated read access to my calendar. I don't let it write to my calendar, but it can send me invitations so I have it negotiate with people to book meetings for me.
It will send us both invites. I have it manage my to-do list. I have it manage my kind of morning rollup prepping me for meetings. I've started training it to be my media relations. Agent people will say, Hey, you're gonna be on my podcast. Can you send me a headshot and a bio? [00:44:00] So I just reply.
I put my agent on cc and I say, Hey, lobster bot send the media kit to them and it's got all those files and bundles 'em up and sends 'em off. So there's a lot of things that I'm experimenting with about how do I let this thing be on the internet where people could prompt, inject it in various ways and things while keeping it locked down and avoid its agency getting out of control.
Paul Roberts, ReversingLabs: Yeah I've heard that Mac Minis are a very popular platform for
Steve Wilson, Exabeam: I walk. I walked into the Apple Store two, three weeks ago and said, I want a Mack Mini. And the guy's okay. He goes, oh, we're sold out. There are no Mack Minis within a 40 mile radius of Silicon Valley. I'm like, wow.
Paul Roberts, ReversingLabs: Yeah, that, that says something. Okay. Final question. Anthropic came out with cloud code Security a couple weeks back. Huge kind of. Amazing kind of I would say SaaS [00:45:00] application security testing type tool but very different from what we're used to much more.
Subtle. And as we know, Claco can, Al is already proved itself to be really exceptional at like vulnerability discovery and stuff like that. But we saw a bunch of cybersecurity stocks tumble, even though they weren't really in the application security testing space. It was this kind of, Palo Alto and CrowdStrike huh.
So it was strange. But I thought I'd ask you. What do you what do you think the impact of AI is going to be on our industry, including companies like your own? What do you, where do you see the advantages and also the risks for, InfoSec as we are today?
Steve Wilson, Exabeam: And we could have our whole own one hour discussion on
Paul Roberts, ReversingLabs: Yes. Underst.
Steve Wilson, Exabeam: try to put it in a nutshell and we'll save some of it for another time. My broad guidance is. When you first collide with these alien intelligences, they seem like they can do anything. And I [00:46:00] often tell people it's never been easier to build an amazing demo to get your startup funded.
'Cause you can make a demo that looks like it does anything. I think that philanthropic put more effort than that into this and that it's going to have some uses and it shows the way but broadly. Remember that there are things these LLMs are terrible at. They are terrible at math, terrible at remembering things terrible at processing large amounts of data.
Paul Roberts, ReversingLabs: Counting letters.
Steve Wilson, Exabeam: yeah they're terrible at those. And these are some of the fundamental underpinnings of what you really wanna do with cybersecurity. And so in the AppSec space, am I gonna have this thing scan my code and find all of the bad things that I've done there? Probably not. But I've been a fan for most of the last year [00:47:00] of.
Even using these more primitive general purpose LLMs to supplement what I'm doing in AppSec. In my own work at Exabeam on the security operations side, that is what we did is we said, look, I'm not gonna replace the pipeline that I have that scans terabytes of data that my customers send to me every day.
I need to do that in real time with harder algorithms that work in real time. But I stack ais on top of that to get rid of a lot of the human work. And I will just say with AppSec, we all know we've never had a problem finding vulnerabilities with AppSec tools. That was never the problem.
The problem is how do you build this into your process to make sure less of those vulnerabilities get into the code and more of them get remediated. I think there's a ton of smart people out there who've already been looking at how do you really [00:48:00] provide. The goodness of LLMs on top of AppSec and you get people like Arshan at Pixie who has understood the core of how you do AppSec for years and has been building amazing solutions for, how do you stack LLM technology on top of that?
So I think the idea that there's a free skill pack for, for Claude it's not gonna put all the lawyers outta business immediately. It's not gonna put the AppSec teams outta business immediately. But if I was on an AppSec team or a lawyer, I would be downloading those, really understanding how they could supplement what I do.
'cause if I don't get it, somebody else is gonna be better at doing my job.
Paul Roberts, ReversingLabs: Sure, sure. Embrace change.
Yeah. Steve, is there anything I didn't ask you that you want to say?
Steve Wilson, Exabeam: No, I don't think so. I've really enjoyed being on. If anybody wants to talk further about this stuff go find me on LinkedIn. Just search for Steve Wilson, Exabeam, [00:49:00] connect up with me there. Love to hear you and continue to share what I'm working on and my thoughts.
Paul Roberts, ReversingLabs: And go get a copy of Steve's book and read that too. It will be very very educational. We'll link to it in the blog post that we do with with this. But Steve, I wanted to say thank you so much for joining us on conversing Labs and look forward to talking to you again soon.
Steve Wilson, Exabeam: Thanks a lot. See you Paul.
Learn more about how ReversingLabs can help your company reduce attack surface risks with deep software and file threat analysis to speed release and response.
Get the best of RL Blog delivered to your in-box weekly. Stay up to date on key trends, analysis and best practices across threat intelligence and software supply chain security.
