AI Security, Cyber Risk, and Cloud Strategy on ClearTech Loop

ClearTech Research / Jo Peterson

Season 2 of ClearTech Loop is built around three questions:  How is AI changing the way organizations think about risk?  What does stronger cybersecurity leadership look like right now?  How should leaders rethink cloud strategy as business and technology keep shifting? Hosted by Jo Peterson, Chief Analyst at ClearTech Research, ClearTech Loop is a fast, focused podcast covering AI, cybersecurity, and cloud risk through a business leadership lens.  Each 10-15 minute episode explores the issues shaping modern technology strategy and the decisions leaders cannot afford to ignore. From governance and resilience to infrastructure change and emerging risk, ClearTech Loop helps leaders make sense of what is shifting, what matters most, and what comes next.

  1. 2d ago

    What Happens When an AI Agent Acts Without Permission?

    What happens when an AI agent takes an action no one authorized?  The answer is not, “The model did it.”  In this episode of ClearTech Loop, Jo Peterson sits down with cybersecurity and technology executive Billy Spears to unpack the gap between AI policy and actual AI control.  They discuss:  Who is accountable when an AI agent makes an unauthorized decision Why agents should never inherit broad permissions by default How identity and authorization must work at runtime Why third-party MCP servers should be treated as untrusted What organizations need to prove when something goes wrong Billy’s warning is simple:  “AI is not eliminating risk; it’s amplifying the consequence of weak controls.”  If your AI governance lives in a PDF while your agents operate with broad access, this episode is for you.  Listen now to learn what real AI governance looks like when systems begin to act.  About Billy Spears  Billy Spears is a technology and cybersecurity executive with more than 25 years of experience across security, IT, privacy and business operations. He has held executive roles at Dell, Hyundai and loanDepot and currently advises executives and boards while building a stealth cybersecurity startup.  Connect with ClearTech Loop  Watch on YouTube: https://www.youtube.com/@ClearTechResearch  Subscribe to the LinkedIn newsletter: https://www.linkedin.com/newsletters/7346174860760416256/  🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/

    What Happens When an AI Agent Acts Without Permission?
  2. Jul 9

    Okta’s AI Blueprint: Moving AI Agents from Shadow to Governed

    AI agents are becoming part of the enterprise workforce, but many organizations still do not know where those agents are, what they can access, or what they are allowed to do.  In this ClearTech Loop Special Edition sponsored by Okta, Jo Peterson speaks with Matthew Hansen, Regional Chief Security Officer and Head of Customer Audit at Okta, about the identity challenge behind agentic AI.  They discuss Okta’s AI Blueprint, Okta for AI Agents, and why enterprises need to treat AI agents as first-class, non-human identities with clear ownership, lifecycle management, runtime enforcement, and a way to revoke access fast when something goes wrong.  EPISODE DESCRIPTION:  Agentic AI is creating a new security problem: identity sprawl.  AI agents can connect to systems, access data, trigger workflows, and act on behalf of users. But if organizations cannot see those agents, govern their access, or understand what they are doing, productivity gains can quickly turn into security risk.  In this episode, Jo Peterson talks with Matthew Hansen from Okta about how organizations can move from Shadow AI and unmanaged agent activity toward verified, governed AI environments.  The conversation covers:  Why every AI agent needs an identity How Shadow AI extends beyond employee chatbot use The three questions organizations need to answer: where agents are, what they connect to, and what they can do Why static credentials and broad permissions create risk How runtime enforcement and human-in-the-loop controls help govern agent behavior Why an AI kill switch may become a critical backstop for enterprise AI This ClearTech Loop Special Edition is sponsored by Okta.  Learn more about Okta for AI Agents platform: https://bit.ly/4dZ5FkU  🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/

    Okta’s AI Blueprint: Moving AI Agents from Shadow to Governed
  3. Jul 1

    Derek Fisher on AI Governance, AI Agents & MCP Risk

    AI governance is no longer just a policy conversation. As AI moves into business workflows, sanctioned platforms, employee tools, local models, agents, and third-party services, organizations need to understand where AI is being used, what it can access, who approved it, and who owns the outcome when something goes wrong.  In this episode of ClearTech Loop, Jo Peterson speaks with Derek Fisher, founder of Securely Built, cybersecurity educator, author, and Director of Temple University’s Cyber Defense and Information Assurance Program.  Derek brings a practical security lens to AI governance, AI agents, and third-party MCP risk. The conversation covers why governance needs clear ownership, how organizations should think about AI agents as non-human actors with access and authority, and why MCP servers and AI-enabled services should be evaluated through a third-party risk management lens.  This episode is especially relevant for security leaders, technology leaders, compliance teams, and business executives trying to move AI from experimentation into controlled, accountable use.  In This Episode: Why many organizations still do not know where AI is being used Why AI governance needs executive ownership, cross-functional standards, and business accountability How AI agents create new access control and auditability challenges Why agents should be treated more like privileged non-human actors than simple tools What organizations should ask before adopting third-party MCP servers or AI-enabled services Why AI governance is not about slowing the business down, but making the approved path usable enough that people follow it Key Questions: How do we operationalize AI governance, and who is legally accountable when an AI agent makes an unauthorized decision? How do we prevent agents from executing actions the user should not be allowed to perform? How do organizations verify the authenticity and security of third-party MCP servers and services? Featured Guest: Derek Fisher  Founder, Securely Built  Director, Cyber Defense and Information Assurance Program, Temple University  Derek Fisher is a cybersecurity leader, educator, author, and speaker with experience across product security, secure software development, governance, risk management, regulatory compliance, incident response, and cybersecurity education.  Host: Jo Peterson  CIO, Clarify360  Chief Analyst, ClearTech Research  Additional Resources:  Securely Built  https://securelybuilt.substack.com/ The Application Security Program Handbook https://www.manning.com/books/application-security-program-handbook Derek Fisher on SecureWorld News  https://www.secureworld.io/industry-news/author/derek-fisher Your AI Coding Assistant Has Root Access—and That Should Terrify You https://www.secureworld.io/industry-news/your-ai-coding-assistant-has-root-access Watch More ClearTech Loop:  Subscribe to ClearTech Research on YouTube:  https://www.youtube.com/@ClearTechResearch  Stay in the Loop Follow ClearTech Research for more conversations on cybersecurity, AI governance, cloud, enterprise technology, and emerging risk. 🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/

    Derek Fisher on AI Governance, AI Agents & MCP Risk
  4. Jun 22

    The USB Problem for AI: Phil Stafford on Agents, Governance, and MCP Risk

    Short Description  Season 3 of ClearTech Loop kicks off with AI security architect Phil Stafford in a practical conversation about AI governance, agent permissions, fractional identity, and why MCP servers may be the next software supply chain risk hiding in plain sight.  Episode Description  AI agents are moving from interesting experiments into real business environments. That means they are not just answering questions anymore. They are calling tools, touching systems, inheriting permissions, and creating a new layer of operational risk that technology and security leaders need to understand.  In the Season 3 kickoff of ClearTech Loop, Jo Peterson sits down with Phil Stafford, AI security architect, security researcher, and cybersecurity professional, to talk about what happens when agentic AI stops being theoretical and starts acting inside the enterprise.  This conversation gets into the practical questions leaders should be asking now: How do we govern agents when the legal system is still catching up? How do we limit what agents can actually do? What happens when an agent inherits a user’s full permissions? And are MCP servers becoming the next software supply chain problem?  Phil puts it plainly: MCP has been described as the USB for AI. That is useful, but also a little terrifying if organizations treat every new connector like it belongs in the enterprise by default. No one would pick up a random USB stick in a parking lot and plug it into a company system. And yet, that is not a bad description of how some AI tooling is being adopted right now.  This episode is for anyone thinking about AI governance, AI security, agentic AI, MCP servers, identity, permissions, supply chain risk, or what due diligence needs to look like when AI systems are allowed to take action.  In This Episode  Jo and Phil discuss:  Why AI governance has to move beyond policy language and into operational controls Why measurement is the first step in governing AI agents Who may be accountable when an AI agent makes an unauthorized decision How the confused deputy problem shows up in agentic AI Why agents should not automatically inherit full user permissions What fractional identity means and why it matters How sub-agents can create another layer of access risk Why MCP servers need to be treated like part of the enterprise stack How MCP security connects to software supply chain security Why AI SBOM-style thinking may become increasingly important Featured Quote  “MCP was sold to us as the USB for AI… You would not pick up a USB stick in your parking lot and put it into your enterprise environment. That’s what people are doing right now.”  — Phil Stafford  Why Listen  Because AI governance is no longer just a strategy conversation. Once agents begin acting inside workflows, systems, and business processes, the risk becomes operational. This episode helps leaders think more clearly about what needs to be measured, limited, validated, monitored, and documented before agent behavior becomes tomorrow morning’s problem.  Chapters  00:00 — Introduction to Season 3 of ClearTech Loop  00:28 — Meet Phil Stafford  01:00 — Operationalizing AI governance  01:14 — Why measurement comes first  01:58 — Legal accountability and due diligence  02:43 — The confused deputy problem  03:39 — Why agent permissions need to be scoped  04:05 — What fractional identity means  05:45 — Time-bound permissions and agent behavior  06:48 — Sub-agents and inherited access  08:17 — MCP servers and the AI security lifecycle  08:35 — MCP as the USB for AI  09:53 — Allow lists, detection, and unapproved servers  10:35 — MCP as a software supply chain issue  11:32 — AI SBOMs and applying existing controls  12:18 — Closing thoughts  Guest Bio  Phil Stafford is an AI security architect, security researcher, and cybersecurity professional. He advises organizations on AI security infrastructure, cybersecurity foundations, AI transformation strategy, and secure implementation practices. His work focuses on practical approaches to AI security, MCP risk, agent reliability, and the infrastructure needed to support safer AI adoption.  Resources  Singularity Systems https://securingthesingularity.com/ The Adversarial Trust Layer: Why the MCP Ecosystem Needs Cryptographic Attestation and Multi-Agent Verification https://credence.securingthesingularity.com/papers/adversarial-trust-layer.html Phil Stafford on Medium https://medium.com/@pe.stafford Watch ClearTech Loop on YouTube https://www.youtube.com/@ClearTechResearch Subscribe to the ClearTech Loop LinkedIn Newsletter https://www.linkedin.com/newsletters/7346174860760416256/ Follow ClearTech Loop  ClearTech Loop is hosted by Jo Peterson, CIO of Clarify360 and Chief Analyst at ClearTech Research. Subscribe for more Season 3 conversations on AI security, governance, infrastructure, cloud, cybersecurity, and the technology decisions shaping enterprise strategy.  🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/

    The USB Problem for AI: Phil Stafford on Agents, Governance, and MCP Risk
  5. Jun 10

    AI Security: Gerald Auger on Shadow AI, Non Human Identities, and AI Defense

    AI is moving faster than policy, training, and many traditional controls were designed to handle.  In this episode of ClearTech Loop, Jo Peterson talks with Gerald Auger, Chief Content Creator of Simply Cyber, about shadow AI, non human identities, over-permissioned agents, and what AI defense means when AI systems can act at machine speed.  Gerald brings the educator, GRC, and practitioner-community lens to the conversation. His take is practical: organizations probably cannot put AI back in the bottle, so they need to educate users, provide approved tools, bring agents into identity governance, and start treating AI governance like a real security discipline.   What You’ll Hear in This Episode  Jo and Gerald discuss:  Why shadow AI is a problem for IT, security, and the organization  How AI is becoming easier to use inside everyday SaaS tools  Why sensitive data in public AI tools creates a visibility gap  Why user education has to be part of AI security  How non human identities and AI agents create new permissioning risks  Why Gerald thinks organizations may need a “manager in the loop”  What AI defense means when AI systems can act quickly and at scale  Key Insight  AI governance is becoming its own discipline.  Gerald’s point is not that organizations can stop AI adoption. It is that they need to build around it with education, approved tools, segmented environments, identity controls, better detection, and practical guardrails before “just let it run” becomes the strategy. Which, respectfully, is not a strategy. It is a group project with consequences.  Timestamps  00:00 Introduction to Gerald Auger  00:30 Gerald’s background in cybersecurity, education, and Simply Cyber  01:38 Shadow AI as an IT, security, and organizational issue  03:00 Why public AI tools create data visibility risk  04:40 Why organizations have to “ride the lightning”  06:46 Jo on the missing layer of AI security training  07:13 AI inside everyday tools and emerging attacker behavior  08:58 Non human identities and over-permissioned agents  12:30 AI Wrangler or Manager in the Loop?  13:12 What AI defense means in practice  15:46 AI Gone Wild and closing thoughts  Guest Bio  Gerald Auger, PhD, is Chief Content Creator of Simply Cyber. He is a cybersecurity educator, GRC practitioner, community builder, and creator of the Simply Cyber Daily Cyber Threat Brief.  He has a PhD in Cyber Operations from Dakota State University and teaches cybersecurity at The Citadel. Through Simply Cyber, Gerald helps cybersecurity professionals build careers through practical education, daily threat briefings, and practitioner-first community content.   Resources  Simply Cyber Academy: The Definitive GRC Analyst Program https://academy.simplycyber.io/p/the-definitive-grc-analyst-program Flashlight in a Dark Room: A Grounded Theory Study on Information Security Management at Small Healthcare Provider Organizations by Gerald Auger https://scholar.dsu.edu/theses/329/ Subscribe to ClearTech Loop on YouTube: https://www.youtube.com/@ClearTechResearch/  Follow  Follow ClearTech Loop for more conversations on AI security, cybersecurity leadership, AI governance, cloud security, GRC, risk, and enterprise technology strategy.  🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/

    AI Security: Gerald Auger on Shadow AI, Non Human Identities, and AI Defense
  6. Jun 2

    AI Security: Maybelyn Plecic on Shadow AI, Non Human Identities, and AI Defense

    Your AI policy does not matter much if no one understands how to follow it.  In this episode of ClearTech Loop, Jo Peterson talks with Maybelyn Plecic, Manager of Training and Adoption at Network to Code, about shadow AI, non human identities, and what AI defense actually means when people are already using AI to get work done.  Maybelyn brings a security, compliance, training, and adoption lens to the conversation. She is CISSP certified, AWS certified, and has spent her career helping teams strengthen security posture, drive compliance initiatives, and make technical change usable.  Why This Matters  AI adoption is already happening inside organizations.  The challenge is that governance, policy, training, and approved tools are not always keeping pace.  That creates risk, but not always because people are acting recklessly. In many cases, employees are trying to move faster, automate boring work, and solve problems the official process has not solved yet.  Maybelyn frames shadow AI as an IT issue, a security issue, and a trust issue. Her point is clear: if leaders want people to use AI safely, they have to make the safe path understandable, practical, and easier than the workaround.  What You’ll Hear in This Episode  Why shadow AI starts with trust, not blame How protected proof of concept environments and AI sandboxes can reduce risk Why shared language matters when AI systems, agents, and workflows touch data How prompt injection, AI training defaults, and history tracking create new security concerns Why AI defense is not just a tooling conversation How leaders can create AI guidance that teams will actually follow Key Insight  AI security is not only about tools and controls.  It is about whether people understand the rules, whether the approved process works, and whether organizations are willing to meet teams where the work actually happens.  As Maybelyn says in the episode: “how do you expect someone to be compliant if they don't even know the rules, right?”  Timestamps  00:00 Introduction to ClearTech Loop  00:26 Meet Maybelyn Plecic  01:29 Shadow AI: IT problem, security problem, or both?  01:54 Why shadow AI starts with trust  03:00 AI is moving faster than governance  04:47 AI generated content, visibility, and accountability  06:35 How language around AI is changing  08:43 Using AI to automate the boring work  10:40 How AI changes the CISO conversation  12:33 Non human identities and the importance of shared language  13:05 Workflow questions become security questions  14:26 Prompt injection, AI defaults, and training gaps  15:47 What AI defense means beyond tools  17:30 Why AI guidance has to match each team  18:45 Closing thoughts  Guest Bio  Maybelyn Plecic is the Manager of Training and Adoption at Network to Code. She specializes in helping teams make technical change practical, secure, and usable.  Her work spans security posture, compliance initiatives, technical enablement, training strategy, and customer adoption. She brings a builder’s perspective to AI security, with a focus on making complex technology easier for people to understand and use responsibly.  Additional Resources  Maybelyn Plecic website: https://www.maybelynplecic.com/ Network to Code Resource Center: https://networktocode.com/resources/resource-center/ NIST AI Risk Management Framework: https://www.nist.gov/itl/ai-risk-management-framework Season 1 ClearTech Loop: https://www.buzzsprout.com/2248577 Follow ClearTech Loop for more conversations on AI security, cybersecurity leadership, AI governance, shadow AI, non human identities, and enterprise technology strategy.  🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/

    AI Security: Maybelyn Plecic on Shadow AI, Non Human Identities, and AI Defense
  7. May 27

    AI Security: Patricia Titus on Shadow AI, Non-Human Identities, and AI Defense

    AI security is not showing up as one clean problem.  It is showing up across governance, risk, productivity, identity, API security, and defense.  In this episode of ClearTech Loop, Jo Peterson talks with seasoned CISO Patricia Titus, about shadow AI, non human identities, AI agents, APIs, and what AI defense means when organizations are trying to move quickly without losing control. Patricia brings more than 25 years of cybersecurity leadership experience across public and private sectors, including financial services, technology, and government.   Patricia’s take is practical: shadow AI is both an IT and security issue, but it is also a governance, risk, and productivity problem. If organizations want employees to use AI responsibly, the approved path has to be easier than the workaround.   What You’ll Hear in This Episode  Jo and Patricia discuss: Shadow AI as a governance, risk, productivity, and security issue Why visibility has to come before control How CISOs and CIOs can create approval lanes that are easier than going rogue Why AI agents are becoming a new control plane How non human identities, service accounts, bots, and APIs are changing the access conversation Why AI defense is less about novelty and more about applying fundamentals at a new scale and speed Key Insight  AI defense is not just about buying new tools. It is about understanding what AI connects to, what data it consumes, how agents behave, and whether the organization can prove access is controlled. That makes this episode especially relevant for CIOs, CISOs, IT leaders, security leaders, and enterprise teams trying to manage AI adoption inside real environments. Timestamps  00:00 Introduction to Patricia Titus  01:34 ClearTech Loop hot take format and AI security focus  02:25 Shadow AI as both an IT and security problem  03:03 Visibility, safe paths, and enforceable guardrails  05:17 AI agents as a new control plane  06:06 Why emerging AI agent behavior creates new concerns  08:46 Jo on executive awareness and evidence  10:33 Non human identities and how CISOs and CIOs are enabling them  12:34 Least privilege, zero trust, and proving agents are turned off  14:27 APIs as part of the non human identity conversation  15:25 AI defense as fundamentals at a new scale and velocity  16:12 Closing thoughts  Guest Bio  Patricia Titus is a seasoned Chief Information Security Officer. She is a global cybersecurity executive with more than 25 years of experience leading security organizations across financial services, technology, government, and other highly regulated sectors.  She has held C level and executive positions at Booking Holdings, Markel Corporation, Freddie Mac, Symantec, Unisys, and the TSA. Patricia also serves on the Board of Directors for Black Kite and on advisory boards for several organizations focused on cybersecurity, technology, and risk.  Her work focuses on resilience, risk management, AI driven security, business alignment, and helping organizations understand how cyber risk affects operations and leadership.  Resources  If Every User Needs an Identity, Why Don’t Our APIs? by Patricia Titus https://abnormal.ai/blog/user-identity-apis Preparing for AI Regulation: What CISOs Can Do Now by Patricia Titus https://abnormal.ai/blog/preparing-for-ai-regulation-what-cisos-can-do-now Building a Culture of Proactive Threat Defense by Patricia Titus https://abnormal.ai/blog/building-a-culture-of-proactive-threat-defense Season 1 ClearTech Loop https://www.buzzsprout.com/2248577 Follow  Follow ClearTech Loop for more conversations on AI security, cybersecurity leadership, AI governance, cloud security, risk, and enterprise technology strategy.  🎧 Listen: In Buzzsprout Player ▶ Watch on YouTube: https://www.youtube.com/@ClearTechResearch/videos 📰 Subscribe to the Newsletter: https://www.linkedin.com/newsletters/7346174860760416256/

    AI Security: Patricia Titus on Shadow AI, Non-Human Identities, and AI Defense

About

Season 2 of ClearTech Loop is built around three questions:  How is AI changing the way organizations think about risk?  What does stronger cybersecurity leadership look like right now?  How should leaders rethink cloud strategy as business and technology keep shifting? Hosted by Jo Peterson, Chief Analyst at ClearTech Research, ClearTech Loop is a fast, focused podcast covering AI, cybersecurity, and cloud risk through a business leadership lens.  Each 10-15 minute episode explores the issues shaping modern technology strategy and the decisions leaders cannot afford to ignore. From governance and resilience to infrastructure change and emerging risk, ClearTech Loop helps leaders make sense of what is shifting, what matters most, and what comes next.

You Might Also Like