How Do You Secure AI Workflows Beyond the Traditional Perimeter?

In our last Super Cyber Friday, "Hacking AI Workflows: An hour of critical thinking about securing sensitive data beyond traditional cybersecurity perimeters," we explored how AI architectures are exposing sensitive data to new risks and breaking old security models. Our discussion tackled how RAG pipelines, agents, vector databases, and fine-tuned models challenge perimeter-based thinking—and what guardrails are needed to support innovation without compromising safety. Joining us for this conversation were James Rice , VP of product strategy and GTM, Protegrity , and Doug M. , VP, CISO, WCG . HUGE thanks to our sponsor, Protegrity Watch the full video here That's it for Super Cyber Friday in 2025! Join us in 2026! We'll be back on Friday, January 9, 2026, for “Hacking SOC Workflow: An hour of critical thinking of evolving security operations.” It all starts at 1 PM ET/10 AM PT. Did you know that we have an events calendar? Visit our events page to subscribe (look at the dropdown in the upper right) so you can stay up to date on Super Cyber Friday and other CISO Series content. Click the 'Subscribe to calendar' button to integrate our events directly into your calendar! Best quotes from our guests “Things have changed—things are dynamic. Runtime is important, so it’s really become that traditional tools will not fit the equation here.” - Doug Mayer, WCG “AI pipelines—AI workflows—they’re no longer a single system. It’s a chain of micro-workflows of data collection, data prep, embeddings and vectorizations, retrieval, LLM interaction, and downstream agents talking to each other; data is so much more dynamic. It’s really flowing more continuously—it’s not in these discrete transactions.” - James Rice, Protegrity “It’s input and output. At the input and output is where you get the injection and the leakage, so it’s really important that you look at that from a data-context perspective and not just trust it.” - Doug Mayer, WCG “Agents don’t follow the typical IT boundaries; they follow the data and the intent, and the perimeter dissolves the moment data leaves the system that was enforcing policy—AI pipelines are basically perimeter bypass machines. RAG replicates data into vector stores, and knowledge graphs could really be that next attack surface we should all be worried about.” - James Rice, Protegrity “You should treat AI as a hostile broker. You can’t just trust it—you’ve got to guardrail it, and guardrail it properly, so you can work with it.”- Doug Mayer, WCG “AI doesn’t have a nondisclosure agreement: if you leak sensitive data, you’d be fired, but you can’t necessarily ‘fire’ AI when it leaks your data. As one customer put it, ‘my agents don’t sign NDAs.’” - James Rice, Protegrity "10% Better Tips" from the chatroom How to improve your AI workflows? "It's OK to not turn everything into AI." - James S. , DevSecOps "Don't just look to AI to improve efficiencies in your process. That's operational efffectiveness (OE) and can be quickly duplicated. The better way to think about AI is 'How can I delight my customers differently using AI?'" - Dutch Schwartz , vp trust and strategy, Nisos "Test out your AI prompts with a tool like Open Router which can show results across a dozen AI models. You will be surprised at the difference in quality between systems and models." - Duane Gran , director of information security, Pellera Technologies "Use secure agent design patterns when designing your agents." Seyma Atik-Holmes "Adopt 'Context Engineering': Don't just give instructions; give the model a persona and a constraint box." - Morad Sitt , founder and principal consultant "Fuzzing the AI similarly to how we fuzz web applications in penetration testing." - Andrew Aken, PhD, CISSP , DocDrew, LLC "Treat AI the same as a similar non-AI persona." - Dr. Dustin Sachs DCS, CISSP, CCISO , founder and CEO, PsyberCog Labs "When thinking about how and when to use AI, coach your users to treat AI like a TA (Teacher's Assistant). It has textbook information, but no real-world experience." - Dutch Schwartz , vp trust and strategy, Nisos "ChatGPT by default tells you what it thinks that you want to hear. You need to set it to #AnalystMode to counter that tendency." - Michael A. Williams , director of product marketing, Securin Inc.

View Original Article