'You need your own bots' to wage war against rogue AI, warns Varonis VP
Infosec pros are urged to get serious about data access control and automation to thwart AI breaches
The world is facing an AI hurricane, and organizations must batten down the hatches by securing their data vaults and deploying "bots" to combat rogue AI.
So warns, Matt Radolec, vice president of Incident Response and Cloud Operations at Varonis, who said that AI poses an existential threat to their organizations if they fail to control data access and police AI prompts.
"AI is the biggest opportunity and biggest threat to your organization," Radolec declared, setting the tone for his RSA Conference 2024 talk "Reducing AI's Blast Radius: How to Prevent Your First AI Breach."
Radolec, who has spent over 15 years safeguarding sensitive data from state secrets to corporate jewels, argued that the obsession with malware, threat actors, and CVEs has distracted organizations from the real prize: data. "Data is where the damage happens. Data is where you'll feel the pain of AI," he cautioned.
Drawing on real-world examples from Varonis' incident response investigations, Radolec highlighted the grave consequences of data breaches and corruption,. These were wide-ranging and included disrupting Alzheimer's research, crippling a city's utilities, all the way through to causing a literal "sh*tstorm" by compromising sewer systems.
"We all know an AI superstar when we see one, and Jensen Huang nailed it. AI is a data problem," Radolec said, quoting the Nvidia CEO. "Your data is your company's source code. It's intellectual property. It's worth a lot."
To combat the AI tempest, Radolec urged organizations to shift their focus from endpoints to data vaults, monitoring every transaction, detecting anomalies, and policing every AI prompt. He stressed the importance of granular access control, noting that the average organization has 17 million files open to all employees and over 40 million unique access control lists to manage.
"You have to police your prompts. Think about it. Has anyone ever gotten a speeding ticket or another type of moving violation? I know I have a few. Does the fear of getting one of those stops you from driving like a maniac? You have to issue tickets and take reckless drivers off the road even more so when people abuse their co-pilots," Radolec advised. “Because having weak access controls and not policing your prompts would be akin to giving every employee a Ferrari and letting them loose to race on residential streets.”
RELATED WHITEPAPER
Perhaps his most provocative suggestion was the need for organizations to deploy AI and automation to combat rogue AI. "If you want to survive AI, you will need your own bots on your side. Automation and AI is the only way to combat AI. Trust me," he said, leaving the audience to ponder the impending bot wars.
Radolec concluded his talk by urging attendees to embrace their role as data protectors, reminding them: "Data is looking up at you and it's saying 'Help me RSA conference attendees. You're my only hope.'"
-
Kaseya shifts from AI ‘insights’ to autonomous action with new agentic platformNews The company aims to evolve from its suite of management tools into an autonomous operating system for MSPs
-
Accenture to roll-out Copilot to 700,000+ staffNews Accenture will roll out Microsoft Copilot to nearly three quarters of a million employees after years of testing
-
The key risks security teams face in 2026From AI-related flaws to supply chain risks, cyber professionals now contend with overlapping challenges
-
Observability will be key to agentic AI safety, says Microsoft Security execNews Agentic AI adoption will require a re-evaluation of enterprise risk management, according to Microsoft corporate VP
-
Enterprises need to think of agents as ‘digital co-workers’ – and that means implementing the same security safeguardsNews Practices such as zero trust and least privilege will be needed as agents gain access to sensitive enterprise data
-
Safe AI adoption rests on cybersecurity professionals, says RSAC chairmanNews With AI security a key talking point at RSAC 2026, executive chairman Hugh Thompson believes the industry can lead by example
-
RSAC in focus: Key takeaways for CISOsThe RSAC Conference 2025 spotlighted pivotal advancements in agentic AI, identity security, and collaborative defense strategies, shaping the evolving mandate for CISOs.
-
RSAC in focus: Quantum computing and securityExperts at RSAC 2025 emphasize the need for urgent action to secure data against future cryptographic risks posed by quantum computing
-
RSAC in focus: How AI is improving cybersecurityAI is revolutionizing cybersecurity by enhancing threat detection, automating defenses, and letting IT professionals tackle evolving digital challenges.
-
RSAC in focus: Collaboration in cybersecurityExperts at RSA Conference 2025 emphasised that collaboration across sectors and shared intelligence are pivotal to addressing the evolving challenges of cybersecurity.
