A Conversation with Bar-El Tayouri from Mend.io

➡ Get full visibility, risk insights, red teaming, and governance for your AI models, AI agents, RAGs, and more—so you can securely deploy AI powered applications with ul.live/mend In this episode, I speak with Bar-El Tayouri, Head of AI Security at Mend.io, about the rapidly evolving landscape of application and AI security—especially as multi-agent systems and fuzzy interfaces redefine the attack surface. We talk about: • Modern AppSec Meets AI Agents How traditional AppSec falls short when it comes to AI-era components like agents, MCP servers, system prompts, and model artifacts—and why security now depends on mapping, monitoring, and understanding this entire stack. • Threat Discovery, Simulation, and Mitigation How Mend’s AI security suite identifies unknown AI usage across an org, simulates dynamic attacks (like prompt injection via PDFs), and provides developers with precise, in-code guidance to reduce risk without slowing innovation. • Why We’re Rethinking Identity, Risk, and Governance Why securing AI systems isn’t just about new threats—it’s about re-implementing old lessons: identity access, separation of duties, and system modeling. And why every CISO needs to integrate security into the dev workflow instead of relying on blunt-force blocking. Subscribe to the newsletter at: https://danielmiessler.com/subscribe Join the UL community at: https://danielmiessler.com/upgrade Follow on X: https://x.com/danielmiessler Follow on LinkedIn: https://www.linkedin.com/in/danielmiessler Chapters: 00:00 - From Game Hacking to AI Security: Barel’s Tech Journey 03:51 - Why Application Security Is Still the Most Exciting Challenge 04:39 - The Real AppSec Bottleneck: Prioritization, Not Detection 06:25 - Explosive Growth of AI Components Inside Applications 12:48 - Why MCP Servers Are a Massive Blind Spot in AI Security 15:02 - Guardrails Aren’t Keeping Up With Agent Power 16:15 - Why AI Security Is Maturing Faster Than Previous Tech Waves 20:59 - Traditional AppSec Tools Can’t Handle AI Risk Detection 26:01 - How Mend Maps, Discovers, and Simulates AI Threats 34:02 - What Ideal Customers Ask For When Securing AI 38:01 - Beyond Guardrails: Mend’s Guide Rails for In-Code Mitigation 41:49 - Multi-Agent Systems Are the Next Security Nightmare 45:47 - Final Advice for CISOs: Enable, Don’t Disable Developers

Become a Member: https://danielmiessler.com/upgrade

See omnystudio.com/listener for privacy information.