EP274 AI, Zero Trust and Secure by Design Walk into a Bar...

Guest:

• Grant Dasher, ex-CISA, ex-Google, Distinguished Engineer, Google (again)

Topics:

• Why is the "Secure-by-Design" movement gaining so much momentum now, and is it a response to the failure of "bolted-on" security, or just a natural evolution of cloud maturity?
• In a future Secure-by-Design world, is identity the only perimeter that actually matters anymore? Or is this a cliche?
• As we move toward a world of autonomous agents, how does our approach to machine identity need to change? Are we just talking about more complex Service Accounts, or do we need a fundamental shift in how we authorize "intent"
• What is your advice to people who want to move fast and cannot wait for Secure by Design / Default AI to be decided by consensus or IETF, NIST or OASIS committee?
• We love the argument that modern AI agents are effectively repeating the mistakes of 1960s payphones - mixing the data plane and the control plane. What is your rebuttal? How do we build "Agentic Security" that doesn't fall for 60-year-old traps?
• Customers are torn between their Zero Trust implementations and their AI adoption. Is Zero Trust now "legacy," or is it the prerequisite for everything we're trying to do with AI agents?
• Is there Zero Trust for AI? Is this a fake buzzword or technical reality?

Resources:

• Video version
• EP256 Rewiring Democracy & Hacking Trust: Bruce Schneier on the AI Offense-Defense Balance
• EP133 The Shared Problem of Alerting: More SRE Lessons for Security
• EP85 Deploy Security Capabilities at Scale: SRE Explains How
• Google SRE books
• "Atomic Accidents" book (yes, really)