How to secure your AI Agents: A CISOs Journey

Dec 9, 2025

Yash Kosaraju, CISO of Sendbird, shares insights from transforming the company from a chat API platform to an AI agent powerhouse. He introduces the concept of 'Multi-Layer Trust' as a more pragmatic approach than the traditional 'Zero Trust.' The discussion spans critical topics like securing AI interactions, the blurred lines of incident response when AI agents operate across boundaries, and the benefits of embedding security directly into development teams. Yash also emphasizes the importance of empowering employees with enterprise AI tools while maintaining a robust security culture.

54:52

forum

Ask episode

web_stories

AI Snips

view_agenda

Chapters

auto_awesome

Transcript

info_circle

Episode notes

volunteer_activism

ADVICE

Ask Vendors About Data And Training

Always ask AI vendors how they use and retain your data, including for model training.
Require deletion guarantees and lifecycle controls if customer data could be used in training contexts.

insights

INSIGHT

Agent Actions Blur Responsibility Lines

Agents can perform state-changing actions in customer backends, creating new authentication and visibility challenges.
The handoff between platform and customer environments amplifies responsibility and misconfiguration risks.

volunteer_activism

ADVICE

Defend With Multiple Layers

Implement layered controls because individual security controls will sometimes fail.
Build multiple defenses across device, browser, identity, and MFA to catch failures downstream.

Get the Snipd Podcast app to discover more snips from this episode

Yash's background and Sendbird pivot

02:36 • 2min

chevron_right

Challenges moving fast: speed vs security

04:29 • 1min

chevron_right

Embedding security into sprint teams

05:51 • 2min

chevron_right

How AI changes attack paths and data models

07:22 • 2min

chevron_right

Vendor data risks and lifecycle controls

08:59 • 2min

chevron_right

Blind spots: trusting major vendors blindly

11:14 • 1min

chevron_right

Agents vs AI-embedded apps: differing threats

12:34 • 3min

chevron_right

Practical multi-layer trust approach

15:30 • 3min

chevron_right

Trust OS: observability and human oversight

18:20 • 3min

chevron_right

Balancing platform, LLM selection, and contracts

21:25 • 3min

chevron_right

Securing endpoint handoffs and customer integrations

24:06 • 13sec

chevron_right

Redefining incidents for AI agents

24:19 • 3min

chevron_right

Detecting input/output issues without LLM internals

27:06 • 3min

chevron_right

Enabling employees with enterprise AI tools

30:12 • 3min

chevron_right

Security as enabler: culture and collaboration

33:09 • 4min

chevron_right

Key vendor questions and 'paying with data'

36:46 • 4min

chevron_right

Corporate AI accounts and personal use boundaries

40:21 • 3min

chevron_right

Using AI to learn AI and skill development

43:15 • 4min

chevron_right

Supporting AppSec: acknowledge the skills gap

47:19 • 1min

chevron_right

AI CTF: gamified security training

48:35 • 1min

chevron_right

Personal reflections and closing thoughts

Transitioning a mature organization from an API-first model to an AI-first model is no small feat. In this episode, Yash Kosaraju, CISO of Sendbird, shares the story of how they pivoted from a traditional chat API platform to an AI agent platform and how security had to evolve to keep up.

Yash spoke about the industry's obsession with "Zero Trust," arguing instead for a practical "Multi-Layer Trust" approach that assumes controls will fail . We dive deep into the specific architecture of securing AI agents, including the concept of a "Trust OS," dealing with new incident response definitions (is a wrong AI answer an incident?), and the critical need to secure the bridge between AI agents and customer environments .

This episode is packed with actionable advice for AppSec engineers feeling overwhelmed by the speed of AI. Yash shares how his team embeds security engineers into sprint teams for real-time feedback, the importance of "AI CTFs" for security awareness, and why enabling employees with enterprise-grade AI tools is better than blocking them entirely .

Questions asked:

Guest Socials - Yash's Linkedin

If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:

If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Security Podcast⁠

Questions asked:

(00:00) Introduction(02:20) Who is Yash Kosaraju? (CISO at Sendbird)(03:30) Sendbird's Pivot: From Chat API to AI Agent Platform(05:00) Balancing Speed and Security in an AI Transition(06:50) Embedding Security Engineers into AI Sprint Teams(08:20) Threats in the AI Agent World (Data & Vendor Risks)(10:50) Blind Spots: "It's Microsoft, so it must be secure"(12:00) Securing AI Agents vs. AI-Embedded Applications(13:15) The Risk of Agents Making Changes in Customer Environments(14:30) Multi-Layer Trust vs. Zero Trust (Marketing vs. Reality) (17:30) Practical Multi-Layer Security: Device, Browser, Identity, MFA(18:25) What is "Trust OS"? A Foundation for Responsible AI(20:45) Balancing Agent Security vs. Endpoint Security(24:15) AI Incident Response: When an AI Gives a Wrong Answer(29:20) Security for Platform Engineers: Enabling vs. Blocking(30:45) Providing Enterprise AI Tools (Gemini, ChatGPT, Cursor) to Employees(32:45) Building a "Security as Enabler" Culture(36:15) What Questions to Ask AI Vendors (Paying with Data?)(39:20) Personal Use of Corporate AI Accounts(43:30) Using AI to Learn AI (Gemini Conversations)(45:00) The Stress on AppSec Engineers: "I Don't Know What I'm Doing"(48:20) The AI CTF: Gamifying Security Training(50:10) Fun Questions: Outdoors, Team Building, and Indian/Korean Food

Home Top podcasts Popular guests Top books