About this episode
In this episode of Simply Defensive, Josh Mason and Wade Wells sit down with Jason Haddix — CISO veteran, AI security thought leader, and founder of Arcanum Information Security — for a wide-ranging conversation on where AI is actually headed in cybersecurity, and what blue teamers need to know right now.Jason shares what he's learned from running AI scaling assessments inside major enterprises, why most organizations are still in the early stages of AI adoption, and how the industry needs to stop thinking about AI security like traditional web app security. He breaks down the stages of AI adoption (from custom bots to agents), explains why input validation is a losing game for LLM security, and makes the case for classifiers, guardrails, and LLM-based routing as the real defense-in-depth play for AI systems.Wade and Jason also revisit the Red Blue Purple AI course, talk through how RAG and context engineering are transforming what's possible for blue teamers, and discuss why the credential leakage problem is still one of the biggest vectors defenders aren't taking seriously enough.Topics covered:Why CTI struggles to prove value — and where it actually matters mostStealer logs, credential leakage, and when rolling an account isn't enoughAI adoption stages: custom bots ? RAG ? agentsWhy SOAR skepticism is a preview of AI hesitancyContext engineering vs. prompt engineeringDefending AI systems: prompt-level protections, classifiers, guardrails, and LLM routingWhen does a prompt become IP?Jason's advice for blue teamers: embrace AI as a tool, find your annoying tasks, and start chipping awayConnect with Jason Haddix:Twitter/X: @jhaddixArcanum Information Security: arcanam-sec.comGitHub (free tools & resources): ARCanum Information Security on GitHubNewsletter: Executive Offense by Jay HaddixResources mentioned:Red Blue Purple AI Course (ARCanum)Flare (threat intelligence / credential monitoring): flare.ioDetections.aiConnect with the Hosts:Josh Mason: linkedin.com/in/joshuacmasonWade Wells: linkedin.com/in/wadingthrulogs
