Download Transcript (pdf)
Welcome to Season 2 of ClearTech Loop. This season, I’m keeping the focus on AI Security through three core questions that cut through the noise: how leaders are thinking about shadow AI, how they are addressing it while enabling non human identities, and what AI defense actually means in real environments.
This conversation with Thomas Bryant hit all three.
Thomas is Director of Technical Marketing at Pure Storage and an independent analyst and consultant at THB3. He brings a rare mix of engineering depth, market perspective, and technical storytelling shaped by leadership roles across Pure Storage, Commvault, VMware, and Dell. That makes him especially well positioned to talk about shadow AI, non human identities, and AI defense in terms that are practical, current, and grounded in how organizations actually operate.
What made this conversation work is that Thomas did not talk about AI security like a future problem or a theory exercise. He talked about it like someone who understands what happens when AI, identity, governance, business pressure, and real operating environments all collide.
That is exactly why I wanted to have him on.
🎧 Listen to the full episode:
📬 Stay in the Loop. Subscribe for new episodes: https://www.linkedin.com/newsletters/7346174860760416256/
What I’m Watching
What stood out to me right away is that Thomas made shadow AI sound less like a policy violation and more like an operating reality.
That matters.
There is still a tendency to frame shadow AI as people doing the wrong thing. But that skips over the bigger issue. Teams are trying to move faster. They are trying to get work done. And in a lot of environments, AI use is already ahead of governance, ahead of standardization, and ahead of visibility.
Thomas made the point in a way that actually lands. If people are pulling in non approved tools, the problem is not just that they broke the rules. The problem is that data may already be moving into places the enterprise does not understand well enough.
Our 3 Hot Take Questions
Give me your thinking around Shadow AI. Is it an IT problem, a security problem, both, neither?
Thomas’s answer was direct. It is both.
He used a great analogy about someone bringing an air fryer into the lunchroom. It may seem harmless at first, but suddenly you are dealing with oversight, safety, unknown risk, and whether anyone really understands what has been introduced into the environment. That is shadow AI in a sentence.
What I appreciated most is that he did not reduce this to the old security playbook of simply saying no. He talked about standardization, approved tools, guardrails, and the very real question of what data may already be leaking through unapproved use. That is a much more useful framing because it recognizes the real issue. This is not just about control. It is also about helping people work productively without creating blind spots.
How are CISOs and CIOs addressing Shadow AI in their environments? What are some of the ways you are seeing CISOs and CIOs enabling Non Human Identities?
This part of the conversation got practical fast.
Thomas talked about discovery first. You cannot manage what you do not know about. That means inventory, visibility, and understanding what people are already spending money on and already using. From there, it becomes a question of standardization and training.
His point on NHIs was even sharper.
We have spent years getting better at onboarding humans. We know how to issue access, credentials, permissions, and systems. NHIs are a different animal. As Thomas put it, they can outnumber humans 50 or 100 to one. That changes the scale of the problem immediately.
He talked about machine identity management, naming standards, and just in time access as practical ways leaders are starting to manage that sprawl. And once the conversation turned to super agents creating other agents, the governance issue became even clearer. Permissions, traceability, accountability, and duration of access all start to matter a lot more when these identities are acting with more autonomy.
When you hear the term AI Defense, what comes to mind for you?
This was my favorite section because Thomas did not give the expected answer.
He said it is “not a firewall, it’s like an immune system.”
That is a much better way to think about it.
He framed AI defense around adversarial AI, resilient security, and the need for systems that can detect, respond, and help recover without waiting for a human to wake up and sort through chaos. That is the operational reality now. Attackers are not waiting for business hours, and defenders cannot rely on manual response to keep up.
What made this answer stronger is that he pushed the discussion away from reactive security and toward resilience. That is the shift leaders need to pay attention to. AI defense is not just about blocking threats. It is about maintaining known good states, responding faster, and building systems that can operate under pressure.
What this conversation makes clear
A few things stood out to me.
Shadow AI is already here. NHIs are forcing organizations to rethink identity at a scale humans never created. And AI defense is becoming less about static controls and more about resilience, speed, and visibility.
That is what made this conversation worth having.
Thomas brought a practical point of view to issues that are often discussed too vaguely. He made it clear that governance, identity, and defense all get harder when organizations move fast without enough structure behind them. But he also made clear that the answer is not panic. It is discipline.
Final Thought
The enterprise is not waiting for AI security to become a mature category before it starts using AI. That means leaders do not get the luxury of waiting either.
They have to build visibility before they have full control. They have to govern identities before those identities multiply beyond reason. And they have to think about AI defense as a resilience question, not just a detection question.
That is what I took from this conversation with Thomas Bryant.
See you in the Loop,
Jo
🎧 Listen to the full episode: https://www.buzzsprout.com/2248577/episodes/19010006
📬 Stay in the Loop. Subscribe for new episodes: https://www.linkedin.com/newsletters/7346174860760416256/
SUBHEADER Additional Resources
- Thomas Bryant on LinkedIn: https://www.linkedin.com/in/thomashbryant/
- Season 1 ClearTech Loop: https://www.buzzsprout.com/2248577
- Thomas Bryant Podcast (2024): https://podcasts.apple.com/us/podcast/the-resilience-rundown/id1730107130