There are plenty of challenges and pitfalls for security teams looking to deploy AI tools and Zadig said Yahoo is taking a measured, careful approach. This is a condensed and edited portion of our discussion.
Yahoo CISO and Chief Paranoid Sean Zadig recently joined me on the Decipher podcast to talk about a number of different topics, including the ways in which AI is being used in the security field. There are plenty of challenges and pitfalls for security teams looking to deploy AI tools and Zadig said Yahoo is taking a measured, careful approach. This is a condensed and edited portion of our discussion.
Dennis Fisher: I've heard some interesting things regarding AI, but honestly, a lot of what I've seen so far is kind of AI wrapper type stuff and nothing super exciting.
Sean Zadig: I think in the product space, it's still early. And they’re always a little bit behind the curve when it comes to building security products.But i think the actual technology itself is really exciting and unlike a lot of CISOs I know, I'm pretty bullish on AI as a concept. We're starting to adopt it a lot within my team, and if youlook at our SIEM and like our Secured Operations Center, our SOC folks, how can we help those analysts get more context quickly and take actions that would otherwise take them five minutes. Maybe we can condense it down to, you know, 10 seconds. I think the great thing about AI is that it reduces toil. You know, the balance is, it's not about using AI to get rid of jobs or to eliminate expertise, but instead it's about making the most out of folks and their skills and you free them up to use their imagination.And if you can automate away the things that aren't great uses of their minds, so they can spend more time with their creative part of their mind. That's that's I think for security and really for a lot of industry is is the benefit of AI.
Dennis Fisher: Yeah, that's the most logical and effective way that I've seen people using it on the defensive side is the automation in a SOC or things like that. Automating those, as you said, sort of mind-numbing, repetitive tasks. Is there a way that we can use AI to do this so that we can free up the humans to actually do some creative and critical thinking?
Sean Zadig: But there is also really cool stuff happening in the application security space. And it's like sort of catching vulnerabilities as they're entered into code, you know raising PRs and maybe even committing fixes immediately and then using that to sort of like do just in time education for developers.A lot of that stuff is super exciting. And there are places within Yahoo we're starting to roll that out as well. And, it's not just like we're fixing things for people behind the scenes. You want to make sure folks are understanding, hey, this is the problem that we fixed for you. And here's how to avoid it next time. That kind of stuff is really, really cool.
Dennis Fisher: To me, what you just said is a key part of it. We're not just going to fix it and keep going. We have to tell you what the mistake was and how we fixed it. Otherwise, you're going to keep making that mistake.
Sean Zadig: Yeah. Right. one challenge, I think is that I've been having with other folks, other CISOs, is in the age of AI, the risk is that you might automate away a lot of those really junior entry-level roles. And then how do you build that talent pool? How do you build that pipeline so you can hire mid or a senior person if you've automated away all the junior roles? And so you know, I think the way that I try to approach it with my team is we're not automating your job away, but we are helping you grow faster and do more interesting things, I guess.But yeah, that's a problem we haven't solved industry-wide yet.
Dennis Fisher: No, but that's a good way of putting it, helping you get there faster. And, we're not going to take your job and just turn it over to the entity or something.
Sean Zadig: And back to our discussions about kids, I introduced my two older kids who are 14 and 12 to The Matrix two weeks ago. And watching them watch it through the eyes of their interaction and growing up with AI now has been really interesting. And they're like, oh, we're reading about this. you know like, What if the AI takes over over the world and you know does all this stuff? And it's like, yeah, here's the sort of formative thinking on that from a cultural perspective, at least. Super interesting.
Dennis Fisher: I haven't seen that movie all the way through in probably 10 or 12 years or something, long before this current wave of AI. I wondered how well did it hold up?
Sean Zadig: I mean, yeah, sure, there are parts that are kind of cringeworthy now, but on the whole, I think it holds up well. And this was actually on the heels of my son talking to me about the study that was published around all the different AIs that would lie to you and would sort of cheat if you threatened to turn it off or something. And sort of like the self-preservation that you are seeing emerge. Super fascinating. But it was nice to see that it held up because not everything from that that long ago does.
