Vanta's Christina Cacioppo on AI security adoption: 4 in 5 security leaders deploying AI agents to fight AI-powered attacks

soon. Have a good one. Cheers. Bye. Uh before we bring in our next guest, let me tell you about adqu. com. Out of home advertising made easy and measurable. Say goodbye to the headaches of out of home advertising.

Only adqu combines technology out of home expertise and data to enable efficient seamless ad buying across the globe. Our next guest is Christina from Vanta. She's been on the show multiple times. She's back. We're getting an update. How are you, Christina? Great to see you.

Thank you for supporting us for this entire year. It's been fantastic. Uh you've been on a tear. What's new in your world? Well, um I got a hat in the mail from you all and it's great. Favorite. Well, you should have gotten a jack you should have gotten a jacket, too, but the team may have sniped it.

Everybody said, "Oh, the jacket never the jacket never showed up. [laughter] Jackie never showed up, but like really really into the hat. So, thanks for that. I'm glad. I'm glad things are going well. So, little bit lot of AI going on with everybody as you're probably talking about.

Um getting excited for Vanticon, the security and compliance event of the season. Let's go. Um and just did some surveying of security folks about how they're feeling about AI. So, yeah, we were talking to the CEO of Crowd Strike yesterday.

Uh very interesting nuance some there's basically like AI generated viruses now where uh the actual code that hacks the system is generated on the fly by a generative AI model and can do reasoning. Yeah. So your malware it's going to be great. I'm sure can think like I'm in danger. I'm in danger is what I feel like.

Um but but but how are people feeling? Uh what are you learning from the customer base from the folks that you're talking to on the ground? Yeah.

So we um talking focus on the ground and then we also surveyed thousands of security leaders around the world and the results actually super super encouraging on the AI front and then I actually even guessed um so we found like four and five security leaders are using or plan to use AI agents to prevent against those sort of attacks.

Um so the solution to the attack to the AI agent attacks is is good guys send back more AI. Yeah, of course. Yeah. Long tokens. Yeah. So there's that piece. Um and then we found like kind of a similar percentage but 70% of folks are letting those agents give input on security strategy. Yeah.

Um and it's like giving it to a person who's considering it except but like Sure. Sure. We're in we're in like default let the agent talk to your folks and influence them versus like default skepticism. And again this is among security folks. So I was actually pretty impressed with this.

How how do you have a sense of like how token intensive some of these process are? Because I imagine that like one of the things you could do is just the benefit of AI is that it doesn't mind working 24/7 for months on end.

So you could just say actually go through every single line of my codebase one by one and then just you know see does this does this seem like there could be a vulnerability here and just generate tons and tons of uh you know ideas and then we'll have a human filter through what it thinks could be vulnerabilities. Yeah.

So, okay. I saw your interview with Alex and America's open yesterday and I think we're like seeing something similar where it's just like paralyzing. Sure. And you're like, "Oh, okay. Go off, run, take all the tokens, like see what you come back with. " And maybe it's something and then I just did two things at once.

And maybe it's nothing and then I'm like, I kind of just did the one thing and I have to move to the next task. But like I'm in I'm in the spot I am. And so we are seeing like a ton of paralization of work here. Yes. Yeah. Um what uh uh Yeah.

what what what else is uh is empowering people on the on the AI side in in security compliance.

I can imagine that uh like you know when we're talking about the technology we talk about uh oh the future of the agents we'll just be able to do it but then when we talk to people on the ground they're like uh I'm just using CHP to do my homework or I'm using it to get educated and I feel like there's a whole world where we go and we rebuild the compliance training processes in an AI native way uh in a not awful way.

Yeah. So a lot of times it's pretty awful. been through a few of those where you're clicking a button and watching a video and you need to move the mouse. Uh is there progress there? How fast is that rolling out? What what does the future of uh compliance training look like? You think? Yeah. Okay.

Well, compliance training in particular, I think a ton and to your point like adaptive and compelling and not the like um watch a video that feels, you know, at best stuck in the 90s. There probably worse things you could say about it, right? Like where does this work?

Um, yeah, we see folks doing like the fishing email was like always the classic thing, but now it is just they're they're really good because it's also like, oh, let me scan your email inbox and be like, what do you actually reply to, not just like I'll send you the I don't know, TVPN newsletter and like try to or fake that and try to get you to click on it.

Like it's it's super personalized. So, there's some cool there. Um, to your other question, my model of this kind of an overall, but I definitely see it in security and compliance to steal from Tyler Cowan is like centaurs and so it's like AI plus person and we're at that stage. Yeah. Right.

And we'll be at that and maybe you know AI will take it all the way like the way it did with chess. Yeah. But even with chess there was like a multi-deade you know AI plus person stage and I we're seeing a lot of that with our customers. Yeah. That's fantastic.

Uh what uh we were asking the crowdstrike founder about like like basically was he surprised that we haven't seen like a Gen AI induced like high-profile security incident yet? I don't know. I'm sure. Yeah. Yeah.

What's your, you know, how how concerned are you about about that sort of like you know even the AWS that was not a generative AIdriven problem? It was just DNS configuration on a database. Okay.

So actually like building off of that I think I don't know probably pretty soon but I don't think it'll be some like crazy complicated attack like a kind of you know it'll be like oh you left your database it's unlocked.

It's like the classic Equifax thing, you know, and it's like maybe AI spotted that, but like you kind of did the equivalent of like, well, you left your front door unlocked. Yeah. Yeah. Yeah. Yeah. So, just another another uh lesson just like go back to the basics, drill the basics. Uh human in the loop.

There's definitely uh the centaur era is going to be here for a long time. I believe I completely agree with you on that. Last question. Uh wish we had more time today. like how how are you uh how are you and your team thinking about headcount planning over the next over the next two years?

Oh yeah, that's a great question. It's like all I'm doing right now. Um uh in like an AI sense in a business. Yeah. Well, just not even in an AI sense, but just like it's a new it's a new world. It's a new world.

We see we see public company CEOs doing layoffs and saying we're doing these layoffs because of AI and maybe some of it's because of AI but you know others is just it's a really he's not going to really grow headcount and he thinks he can massively grow revenue without actually scaling up the the the the talent pool that much.

Government contracts are amazing.

Um the way we're thinking about it is [laughter] um uh like someone or like AI won't take your job but someone using AI might like back to the thing and so have a bunch of stuff and that's that's like our framing inside folks work to Fanta whatever and we have a bunch of stuff both to like encourage and teach and be like this and then this will be a core expectation of your job.

Um, and so like that kind of model going forward and filtering on it and hiring and you know, so you're telling the team like you should have three three at least three bots join every hangout that you do that are all summarizing all summarizing the meeting notes and and competing to summarize the meeting notes the best.

I saw this too.

I yeah I'm I don't I learned I'm a notetaker and like notes make me pay attention so I like can't use those meeting recorders because then I stop paying attention and I'm just like I know this um not everybody is like this but yeah a lot of it depends on like the actual use case if you're in some sort of meeting where you need a full transcript that's probably different but you know certain types of meetings it's going to make more sense.

Vanta should make like a really menacing agent that joins and is like watching watching out [laughter] make sure there's no funny business going on. Yeah. Yeah. say some words, it'll like pop up at you. Yeah. Well, thank you so much for taking the time to join uh the show today. We will talk to you soon.

Have a great rest of your day. Thanks for having me. Talk soon. See you. Um before our next guest hops on, let me tell you about bezel. Your bezel concierge is available now to source you any watch on the planet. Seriously, any watch. Okay. Quick fire drill uh for the team.

Is Alain from Non in the in the in the waiting room yet? Then uh we have I know we have a couple more fireworks AI in the reream waiting room right now. Okay. But team think about ordering here because uh Elon we have a special we have a special situation because Non is going public