AI Security Is Just as vague as "Cloud Security", but With Sparkle Emojis

Amber Bennoui calls it like she sees it: most of what gets sold as "AI security" is just cloud security with sparkle emojis on it. She's co-founder of AISECA, a veteran product leader, and a more honest voices in a space that isn't exactly famous for honesty right now. We sat down with her fresh off RSA, and the conversation got very real: The real AI risk isn't the sci-fi scenario. It's the DevOps engineer at a 900-person company arguing they should be able to send commands via a remote control feature, with three security people in the building who don't even know the conversation is happening. It's the tools already embedded in software your finance and HR teams use every day, making decisions nobody gave explicit permission for. Amber's argument is simple and uncomfortable: most organizations have a discoverability problem they haven't solved yet, and vendors are selling dashboards to people who don't even know what's running in their own house. That's not security. That's theater. We also got into what it actually takes to build something vendor-agnostic and practitioner-led when the companies with the biggest budgets are also the ones racing to define what AI security means. And whether the tension between speed and safety is even something security teams get to resolve — or whether that decision has already been made for them. Mentioned:  * MIT Paper, "Sycophantic Chatbots Cause Delusional Spiraling, Even in Ideal Bayesians" [https://arxiv.org/pdf/2602.19141]