- Companies are rushing AI agents into production with unchecked access to data and infrastructure, CrowdStrike VP Chris Stewart warned
- Threat actors are exploiting the gaps at speeds that would have been impossible just a few years ago, Stewart said at the recent VAST Data customer conference
- But AI is also the best tool defenders have, said the CrowdStrike man
In their haste to deploy AI quickly, companies are failing to take basic security precautions, exposing themselves to threats, said Chris Stewart, CrowdStrike VP of technology and cloud ecosystem.
"We need to apply the same discipline and accountability to AI as the human workforce," Stewart said during a keynote Q&A at the VAST Data customer conference, VAST Forward, in Salt Lake City, Utah, last week.
Organizations are giving AI agents complete access to their data and infrastructure, without fencing or controls, under pressure from their boards of directors to deploy AI before their competitors do, Stewart said.
Instead, organizations need to find the balance between innovation, security and governance, Stewart said.
AI needs to follow the core principles of security: Least privilege, clear definition and continuous oversight. You wouldn't hire a human employee and give them complete access to the whole organization, its infrastructure and data. Organizations need to apply the same discipline to their AI agents, Stewart said.
Be careful with your AI digital army
"One way we look at AI agents is, literally, they're becoming digital employees. They have access to information, they interact with systems and increasingly they can take action on behalf of the enterprise," Stewart said.
He added, "As you're building out this digital army or digital employees, they should only have access to what they actually need to do their job. Behavior needs to be monitored on a regular continuum, and permission should always be reviewed, just like you would with a high-privilege employee."
Organizations need to apply the principle of zero trust to AI agents, just as they do with employees. Never assume the agent (or employee) can be trusted just because they are inside the perimeter, Stewart said.
Stewart's Q&A followed a warmup conversation with comedian and actor Joel McHale, star of the sitcom "Community" and the new movie "Scream 7." Stewart spiced his own discussion with jokes.
"We are a 15-year-old cybersecurity company, probably most famous for breaking the internet two years ago," Stewart said, kicking off his Q&A. He was referring to July 2024 Internet outage caused by a bad CrowdStrike software update that bricked millions of Microsoft machines worldwide. "We're an 11,000-person startup that runs fast with scissors," he added. CrowdStrike innovates because it is pushed, he said.
Who is responsible for security?
Stewart had another joke in answer to the question of who is responsible for cybersecurity in the organization: "Like everything in the world, it's best described by a meme," Stewart said. "Does everyone know the Spider-Man meme where they're pointing at each other?"
Security responsibility is shared by the CIO, who owns the platforms; chief information security officer; chief data officer; chief technology officer, and business units. Security needs to be cross-functional and highly coordinated. Organizations need to break down fiefdoms and protect the entire infrastructure. To that end, CrowdStrike partners with Nvidia, CoreWeave, Hewlett Packard Enterprise, VAST and others to secure the entire stack.
VAST debuted the CrowdStrike partnership as one of several announcements at its conference last week. VAST will embed CrowdStrike's enterprise-grade threat detection and automated response capabilities. Also, VAST launched PolicyEngine and TuningEngine to help organizations control and refine AI. The overall theme was that VAST is seeking to help enterprises deploy AI that's "secure, trusted and self-learning."
And John Mao, VAST VP of global business development, said enterprises are finally realizing AI is a "big-dollars game" and are writing big checks accordingly.
AI threatens, but can it also empower defenders?
AI presents new challenges for organizations. Attendees at the VAST conference are in the forefront of moving AI from the sandbox, tire-kicking, prototype stage, into production systems, said Mao, who provided the Q portion of Stewart's Q&A.
"AI is expanding the attack surface. But more importantly, it's empowering and accelerating the adversary," Stewart said. "Threat actors are leveraging AI to automate next-level reconnaissance, generate convincing phishing and social engineering and attacks like we have never seen before." Malware adapts faster and attackers are able to exploit vulnerabilities at scale and at high speed. Attacks that formerly required months or years can now be executed in days, hours, minutes or even seconds.
But AI also empowers defenders. AI continuously ingests data, retrains, calls APIs and in some cases makes autonomous decisions, Stewart said.
"You need a good guy with AI to stop a bad guy with AI," Mao said.
As for expanded attack surface: Attacks can affect training pipelines, third-party models, containerized runtime environments, GPU clusters and more. Risks include prompt injection and data leakage, Stewart said.
CrowdStrike acquired AI security specialists Pangea in September; that company specializes in AI detection and response, Stewart noted. CrowdStrike acquired Pangea to help secure enterprise AI development and use, CrowdStrike said in a statement at the time. CrowdStrike reportedly paid $260 million for Pangea.
AI vs. AI for security
Organizations need to be more mindful of the entire AI lifecycle, Stewart said. "Organizations sometimes treat AI as an application feature, when it's becoming the core infrastructure or OS. Without consistent visibility of the data layer, model, supply chain, runtime, behavior and identity, etc., it's impossible to secure the AI experience."
Public repositories and models present risks, Mao said. Enterprises and developers risk downloading and using compromised models, with backdoors threatening data exfiltration and egress.
Stewart's comments amplify recent concerns about AI vs. AI security threats .
AI security is a particular concern in the context of digital sovereignty, said Chuck Herrin, F5 field CISO and customer advocate, in an interview with Fierce in December. "U.S. companies need to think about what exposure they might have to components of the AI stack that are controlled by the Chinese. European companies are concerned about threats to sovereignty by depending on U.S. cloud providers and hyperscalers," he said.