Download Transcript (pdf)
In this episode of ClearTech Loop, Jo Peterson speaks with Chief Information Security Officer Patricia Titus, about three issues shaping enterprise AI security: shadow AI, non-human identities, and what AI defense means in real environments.
Patricia brings a deeply practical CISO lens to the conversation. With more than 25 years of experience leading security organizations across public and private sectors, including financial services, technology, and government, she understands how risk shows up inside complex organizations.
As AI adoption accelerates, leaders are being asked to manage governance, risk, productivity, identity, and security at the same time. This conversation explores why shadow AI requires visibility and safe approval lanes, why AI agents and APIs are changing the non human identity conversation, and why AI defense is less about novelty and more about applying security fundamentals at a new scale and speed.
Episode Highlights
Shadow AI is a governance, risk, and productivity problem
Patricia frames shadow AI as both an IT and security issue, but she pushes the conversation further. In her view, shadow AI is really a governance, risk, and productivity problem that shows up as an IT issue and can become a security issue if leaders do not get ahead of it.
Employees are using AI because they want to move faster and get work done. The answer is not to make the process harder. It is to create approval lanes that are easier than going rogue.
That means CISOs and CIOs need visibility into what is already happening, enforceable guardrails that do not slow the business to a crawl, and controls anchored in data governance.
Non-human identities are becoming harder to separate from human activity
The conversation moves quickly into AI agents, service accounts, APIs, bots, and the larger non human identity problem.
Patricia points out that organizations once separated human and non human identities in ways that made sense at the time. Today, that separation is becoming harder to maintain. AI agents are beginning to act, connect, consume data, trigger workflows, and communicate with other systems.
That raises hard questions around lifecycle, ownership, least privilege, and proof. Human identity has a start and end point inside an organization. Non human identities often do not have the same clean lifecycle.
APIs add another layer to the issue. They are everywhere, but many organizations do not have the bench, budget, or bandwidth to manage them as part of the attack surface they have become.
AI defense starts with fundamentals at a new scale and velocity
When asked about AI defense, Patricia brings the conversation back to the basics.
AI defense is less about the novelty of AI and more about applying security fundamentals at a new scale and speed. Many organizations still have unfinished work around cyber hygiene, identity, API security, governance, and visibility. AI adds another layer of complexity to all of it.
The defensive question is not only whether organizations can adopt AI powered tools. It is whether they understand what those tools connect to, what data they consume, how agents behave, and whether the organization can prove access is controlled.
About Patricia Titus
Patricia Titus is a global cybersecurity executive with more than 25 years of experience leading security organizations across financial services, technology, government, and other highly regulated sectors.
She has held C level and executive positions at Booking Holdings, Markel Corporation, Freddie Mac, Symantec, Unisys, and the TSA. Patricia also serves on the Board of Directors for Black Kite and on advisory boards for several organizations focused on cybersecurity, technology, and risk.
Her work focuses on resilience, risk management, AI driven security, business alignment, and helping organizations understand how cyber risk affects operations, leadership, and long term strategy.
Why this Episode Matters
AI security is not showing up as one clean problem.
It is showing up across governance, risk, productivity, identity, API security, and defense. That is what makes this conversation especially relevant for CIOs, CISOs, security leaders, IT leaders, and enterprise technology teams.
Shadow AI is already happening inside organizations. AI agents are expanding the non human identity problem. APIs remain a major part of the attack surface. And AI defense requires organizations to apply existing security fundamentals with more speed, discipline, and visibility.
Key Takeaways
- Shadow AI is both an IT and security issue, but it is also a governance, risk, and productivity problem.
- Safe approval lanes have to be easier than workarounds if organizations want employees to use AI responsibly.
- Non-human identities now include agents, APIs, bots, and service accounts that do not always have clear ownership or lifecycle controls.
- AI defense is not just about new tools. It is about applying fundamentals at a new scale and velocity.
- APIs are part of the identity and attack surface conversation, especially as AI systems become more connected to business workflows.
Key Quotes
- “It’s a governance plus a risk plus a productivity problem that shows up as an IT issue, and it’s an IT issue and fails as a security issue if you don’t get ahead of it.”
Patricia Titus
- “We have to create approval lanes, which are genuinely easier than going rogue.”
Patricia Titus
- “We got to stop pretending policy alone is going to control it.”
Patricia Titus
- “When I think about AI defense, I think it’s less about the novelty of it and more about reapplying fundamentals at a new scale and velocity.”
Patricia Titus
- “APIs are everywhere, but not every organization has the bench, budget, or bandwidth to manage them like the attack surface they have become.”
Jo Peterson
Listen • Watch • Subscribe
- Listen to the full episode
https://www.buzzsprout.com/2248577/episodes/19213946
- Watch on YouTube
https://youtu.be/KAKH_sGFp9w
- Subscribe to ClearTech Loop on LinkedIn
https://www.linkedin.com/newsletters/7346174860760416256/