If you just finished this episode, you probably noticed that very little of what Steve said sounded like hype. That was intentional. This conversation was less about breakthrough mythology and more about pattern recognition from someone who has watched multiple technology cycles unfold. The central theme was not that AI is unprecedented. It was that most of what we are seeing follows familiar patterns, just at a much faster rate.

AI feels magical because the capability leap is visible. In practice, it behaves more like a new class of operator inside the organization. It's fast, productive, and probabilistic. That last word matters.

Here’s what we heard and what it means for security leaders.

The Acceleration Is Real, and That Changes the Question

The rate of change in the 2020s is materially faster than previous decades, but Steve contextualized that speed rather than dramatizing it.

“You want to know the difference between the math co-processor in my Mac 2 and an NVIDIA GPU? 143 million times.”

What looks like sudden intelligence is decades of progress in compute, software architecture, networking, and data infrastructure converging at once. The acceleration is not accidental. It is cumulative.

That matters because it reframes the question from "why is AI moving so fast?" to "what do we do with something that keeps accelerating?" For security leaders, the uncomfortable answer is that you can't wait for the dust to settle. There is no settled state coming.

Discipline, Not Novelty, Determines Success

One of the more instructive parts of the episode was Steve describing his return to hands-on coding using AI tools after two decades away. The tools were powerful, but only when paired with specificity.

“To make those agents really work, you have to tell them what to do. Really exactly. So you’ve got to sit down and plan what you want, sketch out the architecture, write a PRD maybe.”

That connects to a broader failure pattern. Steve cited an MIT finding that 95% of AI projects fail, and his read was that most of them probably never had a clear goal to begin with. The technology can do remarkable things, but it still needs a human to define what remarkable looks like in a given context.

Guardrails Alone Do Not Solve Structural Risk

Early responses to GenAI ranged from blocking at the network level to aggressively layering guardrail tools around models. Steve’s view was that neither extreme addresses the core issue.

“It’s the turtles all the way down problem.”

Using a language model to detect prompt injection in another language model does not eliminate the underlying structural property. Providers have acknowledged that hallucinations and prompt injection are durable characteristics of these systems, not defects that will disappear with minor tuning.

The analogy he offered was instructive.

“You know who else is prone to hallucinations and prompt injection? Every employee you have. We just call it phishing and compromised credentials and malicious insiders.”

Organizations already operate with imperfect human actors. The solution has never been to expect perfection. It has been to build monitoring, access controls, behavioral analytics, and layered oversight programs around fallibility.

AI agents fit into that same category. They require governance and supervision, not mythology.

Supply Chain Risk Has Moved Up the Stack

The Clawdbot example discussed in the episode illustrated how quickly new AI tooling can move from niche to widespread to exploited. That progression is not fundamentally new. It resembles prior supply chain events such as Log4j and SolarWinds, just occurring at a different layer and at higher speed.

The practical advice is simple. Test new agent capabilities in sandboxes. Don't run experimental tooling on a machine loaded with credentials. Providers need to step up here, but until they do, a few days of actually looking at what something does before you trust it on your network won't put you meaningfully behind the curve.

What We’re Taking Away

The risks associated with AI are not conceptually alien. They map to familiar threat models. The governance questions resemble earlier transitions, such as cloud adoption. The supply chain concerns are recognizable.

What is different is the speed and scale at which these issues surface.

AI is not magic. It is a capable, probabilistic system that requires supervision and intent. Organizations that approach it as an operator to be managed rather than a breakthrough to be admired are likely to make more durable decisions.

‍

For the deeper conversation on OWASP GenAI, governance, and secure AI adoption in practice, listen to Episode 2 of Curiouser & Curiouser.

You can find Steve on LinkedIn by searching Steve Wilson OWASP, on Twitter as @virtualsteve, or in his O'Reilly book, The Developer's Playbook for Large Language Model Security. Everything the OWASP GenAI project has published including the Top 10 for LLMs, agentic security guidance, and red teaming guides is free at genai.owasp.org.

Stay curious friends.

‍