Scroll Top

DATA+AI SECURITY SUMMIT 2024  •  KEYNOTE  •  DR. ANAND SIGNH

When AI met cybersecurity: a relationship built on trust (and data)

DR. ANAND SINGH

Global CISO @ Alkami Technologies

Anand, CISO at Alkami Technologies, is an expert in integrating IT with business goals. He previously led cybersecurity efforts at Caliber Home Loans and UnitedHealth Group. Holding a Ph.D. from the University of Minnesota, he is also a CISM and CISSP and serves as adjunct faculty at Mitchell Hamline School of Law.

Good afternoon everyone. How’s everyone doing? Awesome. Awesome. So guys, today I will be talking about “When AI met Data Security” A relationship built on trust and data. This won’t be as exciting as When Harry met Sally, but I’m going to try hard to make it as exciting as possible. So with that, let me transfer into the next slide here a little bit about myself. I have been a CISO for a very long time and I like to joke that before I started my CISO role I had a full head of hair and now there is still a few strands left. But I think cybersecurity has taken care of all the rest of it. Currently I’m a CISO at Alkami Technology. I’m their Global Chief Information Security Officer. Have been with them for six years. And in that journey I started with a Series B company, very early stages. We grew and grew and grew. A very good problem to have. And I started with a team of like three people and within, by the end of this year we will have 30 people. So 10x growth of the team, roughly 70 or 80x growth of the company. 

We IPO’d in 2021 and still continue growing at a pace of 25% year over year. So it has been an amazing ride. But through all of this, I would say it has been a phenomenal growth for me too. Because when you scale a company through a rocket ship like that, you have to scale your mental bandwidth in ways that I never imagined I could do. So it was amazing and exciting, both at the same time. People like to ask me, right Anand, I see you in cybersecurity all over the place, what do you do for fun? Do you do anything for fun even? So, I do like to do a couple of things. I have a motorcycle, an old non-digital motorcycle. No one can track me on that. It’s a Kawasaki Vulcan 900, really old version. There is no digital console, nothing on it, no gps, nothing on it. And then I also love to watch Star wars, me and my kids. This is one thing that has kept my relationship together. So my many thanks to George Lucas. I do quite a bit of writing too. So in fact all the presentation that I’m going to do today, it is all based on all the writing that I’ve done on LinkedIn. So if you get a chance, please check out my LinkedIn profile and connect so that you can see my future writing. This is the state of AI in many companies. 

At the very bottom, people are in a state of daze because they have taken both the pills. There is a part of the organization, typically security, that says, let’s stop all AI. And there is a part of the organization which says, AI is the future. Let’s go all in. So I love this slide because in a funny way it illustrates the conundrum that many organizations face about how they need to adopt AI for their companies. So how has AI impacted cybersecurity? AI is transforming at a pace that has never been seen before, right? I came to the US in ’96 to do my master’s at Purdue University. Internet was still in its newish stages. People did not have internet at home and all that, right? It took almost like maybe 7 to 10 years for the internet to become pervasive. Look at how fast AI has gotten adapted in the normal public inside of the corporation, like in two to three years, all you hear in companies these days is AI, AI, AI. So the pace of innovation has reached such a high state of compression that within a very small timeframe you are seeing entire industries, entire sector move because of the pace of change of the tech. And that’s where AI is. Cybersecurity is no exception. We are seeing that massive transformation in cybersecurity as well. My goal today is to break it down into the components that you can absorb and take away from this conversation. So that’s how I think formulaically. People have heard me talk. They say, Anand, you always talk in bullet points. And that’s exactly what I’m going to do today. I’m going to talk… I’m going to break down the AI in cybersecurity and I’m going to break it down into that worldview into five components. So you will see that shortly here. The topics that we’ll… These are the components. The topic that we will cover today is how AI is empowering not just the companies and individuals, it is also empowering your malicious actors. So that’s how we’ll open up. We’ll go into security for AI. How do you secure AI usage inside of your organizations? 

Then we’ll flip it. We’ll talk about AI for security, how AI is changing the world of cybersecurity. We’ll go into a couple of topics of deep interest to me, and I will explain why when I get to those topics. LLM training and safeguarding with RLHF. RLHF stands for Reinforced Learning through Human Feedback. And then we’ll go into agentic AI, which Gartner has identified as the number one trend for 2025. So these are the five topics that we’ll cover today. AI is a tool… and I have personally seen this. So a lot of these are kind of my own experiences running a very complex infrastructure. But the thing that I’ve seen is defeating bot mitigation. Captcha used to be kind of the gold standard. That was your Turing test. You solve a CAPTCHA, you have proved that you are a human. AI can solve CAPTCHA very easily. The only reason why it is not still very commonplace is because the attackers who offer the CAPTCHA resolution services, they are charging a premium for that service. So in the marketplaces it’s not that common utilization because someone has to pay a premium versus trying to use lower threshold of services. So that’s the only reason why not everyone is using it. But CAPTCHA as a Turing test is practically dead and it can be overcome by AI. The biometric authentication challenges. Chris talked about it earlier today. 

The biometrics as a conception of, kind of, entry or authentication is on its slow death march. Here is the other problem that Chris mentioned. The other problem that Chris mentioned is: once you have lost your biometrics, you are done. It’s not like you can… like password, you can change it. Biometrics. Once you have lost it, you are done. You cannot rely on that as an authentication measure in the future anymore. I’m not sure if that was absorbed by the audience here. I wanted to call it out. That’s the critical difference and that’s the reason why even now, password is the default entry route for most systems. What is your take on the use of walled off garden space biometrics? So the argument to be made that an Apple iPhone has its own trusted repository on the device. So if your biometrics are recorded but retained on the device, does that retain its usefulness or is that too also in question? I’m going to do a funny anecdote first and then I’m going to answer your question. So when my kids were still little, I had biometrics on my iPhone so I could… I thought everything was safe in there. One day while I was napping, one of my kids, I won’t name which one because one of them may be showing up here today. One of my kids took my fingerprint. That was the fingerprint. And then she opened the… the iPhone and then they had complete access to the iPhone. So yes, I think the longer answer is that yes, it can be a good measure in some limited circumstances. Right? So it can continue to be successful and useful also in the future as one of the… one of the factors, right? Meaning that if you have another factor to strengthen the biometrics, then also it can be a mechanism. And then the data poisoning, I’m sure everyone, a lot of AI experts here, I’m sure you guys know like one way to break an AI model is to feed garbage data in it. 

Garbage in, garbage out: you have destroyed the capability of AI to do anything useful. And then lastly, the malware generation. This is still in primitive stages right now. Nothing has come out that is of the same level of sophistication as what many attackers are able to create. But I would say that the primitive… the Neolithic age of malware generation is already here. And going back to my previous comment about compression of innovation, the attackers innovate too, and they are innovating feverishly right now to get to the more maybe bronze stage or the iron stage of the malware creation using AI. So next thing is about how do you like talking about security for AI? And again, some of these have been hashed before, so I won’t kind of belabor the discussion here a lot, but I want to go back to the comment that I made earlier, which is that the AI adoption, this is one of the few situations where security could not keep pace with the pace of adoption of AI in the organization. It happened at such rapid pace that it was never seen in the industry. So security tooling is still lagging behind. A lot of entities are catching up. This is one of the hottest spaces in the VC world right now, in the funding world right now. But there is not one unified solution for protecting usage of AI in the organizations today. I suspect there will be one in the future. But just like anything else, you have to go people, process, technology. So the process side of it is creation of an AI policy, making sure that your company is trained up on it, and making sure that you have defined acceptable uses of data. One good example, right? There are so many situations where employees of companies not maliciously, for all the good reasons they are feeding PII data into public models. You can just imagine the kind of chaos that it causes, right? And extraction is really hard. 

Like you cannot go back to a previous stage because the knowledge is already absorbed in the LLMs. So it’s not like you can go back and remove the data, right? So having a clear policy where your employees know exactly what they’re dealing with, what they’re allowed to do, what they’re not allowed to do, that’s a really important first step in the process. One thing, and this point I cannot emphasize enough. If you heard all the discussions today, there was one common theme, one common factor. What was the one common theme or one common factor? Sorry, someone said data over here. Yeah. So I think the data was the common theme, right? Everything within the AI world is dependent on data, and many organizations don’t even know where all of their data is. So Their ability to harvest AI for the benefit of the enterprise is severely limited because they don’t know, they cannot feed the data, they cannot train the models appropriately. So to know where your data resides, that discovery of data, that’s obviously you also want to know for cybersecurity reasons. But in addition to that, you also want to know because you want to have that stellar ability to train your models. 

And if you understand where all of your data is, if you understand how it is classified, what is the classification of the data, you can take advantage of that to train, train your models very effectively. I would say this is probably one of the most important and overlooked elements in most organizations. People are stampeding to adopt AI. That’s understandable as to why, but there needs to be an equal stampede to go ahead and identify the quality data that is available to you to train your models to take full advantage of it. And then lastly, of course, the runtime protection, you need to use AI to detect anomalous activity and ensure compliance with the industry standards and regulations. So a little bit more about the data considerations. I talked about the data discovery piece. You need to know where your data is at. You need to know your classification and normalization of the data. I mean, AI can read data without being normalized, but normalization reduces the compute and compute is a big problem in AI. So to be able to normalize your data so that you can… the absorption is easier by the models, that makes an enormous difference. Then lastly, the data governance piece of it to implement a framework to approve and regulate the usage of data. One of the earlier speakers talked about this to have… actually Cecil was the one who talked about this. They have a data governance council in R1 RCM which allows them to govern the use of AI, what is allowed, what is not allowed, et cetera, et cetera. So all of those capabilities are really crucial. I was looking for some examples and we actually do have Symmetry deployment inside of my organization. So we use that to pull up some and then genericize some example of how Symmetry is solving this problem about the data considerations aspect of it, right? 

So you can see they can classify data, they can size up the Copilot risks. Some of the things that I talked about before, which is how do you make sure that your data is fed into the models in a governed way, in a protected way. So that’s the sizing of the Copilot risk and then obviously the remediation side of it, so that while taking advantage of AI, you’re not causing issues that made downstream affect your ability to operate in regulated environment. So here’s my conclusion. One of the things that I always tell my team, one of the every opportunity that I get in a forum like this, one of the things that I always say is that no, you cannot stop the usage of AI. Many companies went and they did implement that as a policy in their companies. They failed miserably. Catherine Shih earlier talked about how people can just use their personal machine, use their phones, transcribe it, et cetera, et cetera. It’s just not possible. All you are causing in that scenario is the problem of shadow AI. People will use it outside of the company controls, outside of company systems. That’s the problem that you are causing. So the need here is to make sure that you have a comprehensive data security platform that you are able to bring to hidden data to light so that you can train your systems appropriately, that you are thinking about this holistically with other stakeholders across the organization, your data organization, your compliance and risk organizations. Pull all of that together and you will be operating in an environment Obviously there’s no 100%, but you will be operating in an environment where you are using AI inside the bounds of framework in a regulated fashion. I’m going to pause here. Any questions so far? I like to take questions along the way so that I can answer that in context. And Jason, thank you for asking questions earlier. Jackson. What do you think about the value of tools to allow employees to leverage AI safely. Do you feel like the market is mature there or its not useful yet? Sorry, what tools? 

Yeah, so tools to allow employees to safetly leverage AI without accidentally exfiltrating information or even harming… so you are saying, you can’t just block it because there will be shadow AI, so you have to let employees use it. Do you feel like there’s a good universe there of tools to help people safely use it… or how do you think about that? Yeah, the way I think about that problem, Jackson, is that yes, I think it is meaningful, but there is a like is it at a knowledge or alerting level or is it at a blocking or operational level? Right. So the knowledge level is around even today and many companies are doing it, including viscosity, I think. But I’m not sure if the companies are doing the next level of advancement has happened, which is doing it at an operational or blocking level where you just don’t inform someone to go take an action, in which case you may actually have caused a problem because which security organization is not drowning in alerts? Right. So the key here is can you take it to the next level of intelligence and advancement where you can actually stop this from happening rather than deluging already overburdened organizations with more information that they may not be able to do much with? Does that make sense? Jackson? So let’s move. Sorry, Byron. You mentioned compliance on the previous slide, how does your organization monitor the changing compliance landscape? Yeah, so I’ll talk about that. One of the downstream slides reflects that. So I will talk about that, but very briefly. I think it’s very ad hoc-ish right now. It’s very ad hoc-ish because even the compliance and regulations framework has not evolved. 

California tried to do something about it. The bill was passed by the assembly, reached the governor. Governor did not sign it because he was worried about Silicon Valley impact. Right. But it is coming. So I’ll talk about it briefly in a few slides here. The AI for security. So this is where we talk about how AI can make security tooling more intelligent. What is one of the biggest issues with security tooling as it stands today? One of the biggest issues is it is very hard to use it or it requires a substantial amount of training to use it. Right? So the low hanging fruit here that many security vendors have figured out is if I can integrate Copilot with the AI tooling, my SoC analysts, my average security user can ask questions in a natural language format and get answers that makes the output very intelligent to me and I can go take quick action, right? So the goal here is to improve productivity, to improve efficiency, to reduce the threshold that is required to use a security tool. That’s the problem that these guys are trying to solve. So the Copilot, as I suggested, it’s the very common interface right now the threat summarization is the other one. Like I get overwhelmed with the amount of information that I receive, right? 

Who here is an FS ISAC Threat Intelligence customer? Okay, so you get the honor of receiving like 500 alerts from FS ISAC normally via email. And most like I got it all the time and then in the end I got so exhausted by it I just put it in a folder that I don’t look into. So the threat summarization piece, that can be very intelligent as well. The config recommendations. There is a tranche of startups that are emerging in this space which can look into your entire infrastructure. It’s called Security Mesh. So they can look at the combination of security tooling in your organization and then they can say, okay, if you had this combination, you will have the best end to end coverage. So that config recommendation is kind of on its way. And then breach pathway prediction, this has been out there in a, I would say analog fashion for quite a bit. It is like there was a company called Safe Breach which was very prominent at one point and then gradually faded away. I think Cecil used to sell that at one point via CyberWatch Systems. If I remember correctly, Cecil then over time it faded away because it was lacking. Because once you get the data, you are set for a very long time. You don’t need to run in continuously all the time. The breach pathway prediction Using AI, it is being implemented in some like Zscaler and Tenable. Some of these guys are trying to implement it as a feature in their product suite. How am I doing on time? Quick question on the previous slide… What kind of safety guarantees do you… a security vendor, in this case the product vendor is a security company, right? What kind of safety margins or safety guarantees or any kind of guarantees at all should a customer expect from a security product? Yeah, good question. I think the, I would say some of the safety guarantees like for example the breach pathway prediction. Right. 

You don’t that that’s a good one good example of this situation. I would say that a good parallel of that is like when you partner with companies like HackerOne to get unreported issues, right. There is a very strong set of conditions that you need to agree with. In a scenario like this, the condition is if you become aware of an issue, you cannot release it publicly until it is resolved. Right. And there is an ND and some of those things that come into play when you work with HackerOne. Right. So they actually have a very explicit policy on their website. So I would say that that’s the safety guarantee that you would. I think you can take the bug bounty or Hacker one, one of those guys methodology and you can streamline that for AI pretty easily to say this is what will be applicable in your scenario. Okay. Okay. So we talked about AI for security. So this is one of the examples of like how we do it. Again Symmetry Systems is an example that I have in my environment. So it was easy for me to pick some examples of that. This is an example of AI for security where we can take advantage of it to generate information about simplified view of access controls in my organization. Obviously again this is genericized, this is not real to my organization. But you can see like on the right hand side is the reality about the access control. Right. And when you’re thinking about access control, you’re thinking about something like this. Here is an employee of my company. Here is the access that they have. They’re using only a portion of that access. They’re not using 90% of their access. I could easily subtract that 90% and not have any impact on the business. Right. But if you, your actionability would be really limited if you had the right hand side. But your actionability is really powerful if you have the left hand side. So that’s what Copilot integration using Symmetry is giving us. 

This is an important topic that I wanted to talk about. Right. Again, all this morning we heard about the accuracy of the information that AI is providing to you. And so what happens is the hallucinations and data poisoning and some of these things that we talked about. Right. How do you keep the accuracy of your model? So that’s where the Reinforced learning from human feedback comes into play. RLHF, okay, RLHF utilizes human feedback to optimize AI models. That’s exactly what it means, right? So essentially how it works is you do an automated initial analysis, then you insert a human review in the middle, and then you use the feedback of the operator to continuously improve the model. Right? This is really crucial. I mean, throughout this morning and I had a very interesting. We were sitting on the lunch table together and Catherine was there and she had some very interesting insights on it. I think one of the concerns was, could AI be fully human in their thinking? Right? Could it take human jobs? Could it transplant SOC analysts? Right? That was the question on the table. And the way Katherine responded was like, AI still cannot do abstract. At least I’m paraphrasing. So anyone else here who was on that table, please correct me. But what she said was, AI still cannot do abstract reasoning. It still does not have creativity and intuitiveness. It does not have those things, right? So if you rely purely on AI to do something, over time the models will fray. So how do you bring it back to the center as it starts to diverge away? Right? This is the way to bring it back to the center. What you are doing is you are inserting human review. So as it diverges, a human review pulls it back in line to what the reality is. So that’s the beauty of RLHF. I think this is probably going to be the predominant way in which the autonomous AI operates in the near future. How do you actually implement that at Alkami? Are you using a RAG to incorporate the human feedback as you institutionalize it? 

The models frequently are provided by a third party, albeit behind your firewall, but you don’t get to retrain that model, do you? We can, I mean, so first, we are in early stages of adoption. So this is the thinking that I’m driving in the company. We haven’t actually practically used it yet. It is the early stages of that discussion. But what you like, we actually can take the models and train them using our own data, not in the cybersecurity construct, but like, for business construct, like it is coming in, it is training on the financial data that we have, and then we are kind of using that to generate outputs. Right? So we do have the ability to retune the models by providing new realities or new data sets that come into our systems that may not be applicable across the board where people are mostly users, not necessarily like the people who are improving the quality of the models. But in many organizations, the scenario that I described would be applicable. So in the few people I’m working with who are doing this, they fear committing too quickly something to the core model before its been run in a trial for a while. It’s holding them back, so we’re looking at RAG in the organization so that a portfolio policy overlays that run between that to try things out. Yeah, I think that there can be many. I mean, this is the one that I really like for the moment, because this is in my scenario, this is one of those things that is really easy to do. And I hate to use the word democratization because that’s so overused these days, but I’m going to use it here. I think it democratizes the ability a little bit because you don’t have to be a deep expert into AI because of the you are feeding what your side of the expertise is. Your side of the expertise is the data that belongs to the organization. So in RAG scenarios, some of the expertise requirements can be more significant than just feeding the data. So in my context this probably works better, but I can see in some contexts why that can be another approach that may be beneficial. 

Okay, so literally end of October, Gartner came out and said the top strategic technology trend for 2025 is “Agentic AI”. So what is Agentic AI? Agentic AI is a system that autonomously plans and takes actions to achieve end user goals. My sense is that this will mean that you have actually an agent running on your device which is consuming some capacity from your device. But the goal here is that it can create a system that is autonomously working to solve problems that your end users are facing. Right. So a good example of that is mortgage industry, which is probably one of the ones that will benefit, one of the ones that will benefit from it. But in that scenario, like there is quite a bit of decisions that mortgage services providers need to make before they need to bless a loan from the requester. And so in many of those scenarios, a lot of daily work decisions can be autonomously made by an agentic AI, so that you can just move on with the rest of the deeper think requirements for providing the loan. So obviously I think the benefit is the productivity boost and some of the innovation side of it, and obviously the other side of it. And this is something because of the newness of it and goes back to the topic that I described before, the complexity that I described before. This is another scenario where the technology is running ahead of cybersecurity. So I think there is an opportunity here for the cybersecurity vendors to start thinking about how some of the security related to Agentic AI would work, the compliance and privacy as promised. So I promise you, these are my last few slides. I know the talk is going a little bit longer, so the key stages of compliance, the data considerations, right, your training and your testing, they both require access to curated data sets. And there come the compliance and privacy considerations as a result of that. 

And there was quite a bit of discussion in the panel earlier today about like making sure that you have your terms defined, the criteria which are being used, you have acceptance of people who are data owners, et cetera, et cetera. So the data legality is a key source, a key consideration. Being able to protect the data from unauthorized access is a key consideration. The confidentiality of the data set from malicious threats such as data poisoning, et cetera, that’s a key consideration. Then the data poisoning prevention, those are your key considerations. Then the regulatory tsunami is on its way. The California regulations were focused on those five elements, transparency, privacy, fairness, permissions and accountability. Those were the five things that the California regulation described. The bill was passed, but the governor did not sign it for the reasons that I mentioned before. But this is not going away. That was just kind of the start of something that will happen more and more frequently. If not in the U.S. European Union is always ahead of putting controls in place. This is on its way. This will happen. So I think this is something that you want to think about it now because after the fact changes become really, really hard to have a good agreement in place to understand what your providers, second party or third party providers, how they’re using your data, making sure that you have reviewed, your legal department has reviewed the SaaS contracts to prohibit or authorize as appropriate any usage of your data in their AI practices. Some of those things you can start doing now, doing it now because when the regulations come, you will be set in a pretty good place. 

Okay. Okay. So my last slide, hopefully today’s conversation gave you some context and background about how what the world, the landscape of AI and cybersecurity and the intersection looks like that landscape is. The goal here is to make sure that you look at some of the considerations that may apply to your organizations. If you are an innovator, you can start thinking about which bucket, which of the five buckets you fit into. Hopefully not the malicious actor bucket, but which of the five buckets, which of the four buckets, I will say which are the four buckets your thought process fits into and how you can start to kind of innovate around those four buckets. And as always, like guys, I love, like anyone who knows, and I probably know half the audience here, but anyone who talks to me knows that I love technology forward way of thinking. So if you have more questions, comments, if you have an idea that you are pursuing, talk to me. I would love to have a discussion about that with you. This is me. That’s my LinkedIn. If you find an opportunity, please connect with me. Sorry, I was going to ask for any questions, but you can clap first.

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.