Risky Business Soap Box: Why AI can't fix bad security products
50 snips
Aug 1, 2025 Josh Kamdjou, CEO of Sublime Security, dives into the intricate world of AI in cybersecurity. He candidly discusses how AI can enhance security while also acknowledging its limitations. The conversation highlights the critical balance between AI and human oversight, emphasizing that no AI can compensate for poor product design. They explore the challenges and innovations in email security, including the evolution of real-time detection systems and the complexities of automating incident responses, complete with humorous anecdotes about AI mishaps.
AI Snips
Chapters
Transcript
Episode notes
DSL Enables Autonomous Detection
- Sublime uses a domain-specific language (DSL) to encode complex, customizable email attack detections.
- This DSL is ideal for AI agents to autonomously improve detection efficacy based on environment context.
Agentic AI Fits Alert Triage
- AI agents handle alert triage well due to lower volume and tolerance for some latency.
- Real-time high-volume detection is too costly and slow for agents to address effectively.
Use Human Review for Uncertainty
- Design AI security agents to render "unknown" verdicts when not confident.
- Always require human review for uncertain cases to avoid misclassification risks.