Enter a Spotify URL in the widget settings to embed content.
Today, we are dropping another episode in our series The AI Control Loop, How enterprises govern the AI they’ve already deployed – sponsored by our friends at Wallarm.
Wallarm is the AI Control Platform for Enterprise AI, protecting every AI workload, API, and application in production, giving CISOs the governance they need and CIOs the speed they demand. Organizations choose Wallarm for a complete inventory of APIs, AI agents, and AI apps, patented AI/ML-based threat detection and blocking that operates at production traffic speeds.
In today’s episode, Craig Thomas, Sr. Solutions Engineer at Wallarm, returns to the show to dive into why runtime behavior is the critical blind spot, and what CISOs should demand if they want to move from policy to control.
Questions
Links
Full Abstract
This episode examines what is actually missing in AI security today. Craig Thomas, Sr. Solutions Engineer at Wallarm, dives into why runtime behavior is the critical blind spot, and what CISOs should demand if they want to move from policy to control.
CIOs and CISOs have moved past debating whether AI security matters. The question now is what to actually do about it, and most organizations are finding that their existing tools answer a different question than the one AI is asking.
Traditional security tools were built around access: who can reach a system, what credentials they present, what traffic looks like at the perimeter. AI shifts the problem to execution: what a system does once it has access, whether that behavior matches what the business intended, and how you know when it doesn’t. Most current tooling has no answer for that. It can tell you what is deployed and what is configured. It cannot tell you what your AI is actually doing at runtime, on whose behalf, or whether any of it violates the policies you thought were in place.
That gap is where most AI security programs stall. There is no shortage of governance frameworks, compliance checklists, and vendor claims. What is missing is operational control: the ability to see AI behavior as it happens, enforce policy at runtime, and produce evidence that holds up when an auditor or a board asks for it. The four capabilities that define a closed AI control loop, discover, observe, enforce, govern, are well understood as a category. Getting all four working together in production is where the real work begins.