TL;DR
The real AI security shift isn't the flood of new vulnerabilities, it's attackers using AI to scale. Phil Venables, former first CISO for Google Cloud, breaks down what that means for leaders, why your AI results will only ever be as good as your fundamentals, and why most of this still comes back to first principles you already know.
If you lead a security or an AI program right now, you've probably wondered some version of this: do we need to tear up everything we know and start over for AI?
And honestly, it's a fair question, especially when someone who has actually run security at this scale tells you where to focus and where you can breathe.
We sat down with Phil Venables on the Curiouser & Curiouser podcast, and if there's one person worth listening to here, it's probably him. Phil was the first CISO for Google Cloud, spent years as CISO at Goldman Sachs, and is now a partner at Ballistic Ventures. Here are the takeaways worth bringing into your next leadership conversation.
The Threat You're Watching Isn't the One That Matters Most
Ask most teams what worries them about AI, and they'll point to the flood of new vulnerabilities. I know, it's very much real folks. But when speaking with Phil, his bigger concern is actually one getting far less airtime: attackers using AI to industrialize what they do.
The dirty secret of security, as he tells it, is that far more vulnerabilities have gone unexploited than exploited. When you think about it, most organizations were never targeted because they simply weren't worth the effort, but AI erases that limit. Now attackers can scale relentlessly and cheaply, and the old safety of being too small to bother with is gone.
In this clip, Phil explains why attacker industrialization worries him more than the vulnerability flood.
As Phil puts it, there's "no place for organizations with weak security to hide anymore." And for all you leaders out there, that reframes the board conversation: the question isn't just "are we patching fast enough," it's "would our weakest, most-forgotten system survive being found instantly and relentlessly."
Your AI Results Will Mirror Your Fundamentals
Okay, this is the finding I want every executive greenlighting an AI project to tape to their monitor (please, I'm begging). Google's DORA research found that if you drop AI into a chaotic, unmanaged pipeline, you get chaos amplified. Drop it into a controlled one, and you get productivity amplified.
Same exact technology, completely opposite outcomes. So the next time a team insists AI is the shortcut past their operational mess, the honest answer is that it just isn't. AI doesn't clean anything up, it multiplies whatever's already there.
You Can't Buy Your Way Out With More AI
Now, AI genuinely is a force multiplier on defense, and the exciting part is how much it democratizes. Continuous red teaming, insider threat programs, mature incident response, the kind of stuff that used to need a big specialized team, is suddenly within reach for a small team backed by agents.
But here's the catch: it doesn't replace the basics. Strong MFA, segmentation, least privilege, done consistently, still do most of the actual work, because AI-driven attackers are relentless about finding that one misconfigured system in an otherwise buttoned-up environment. So the answer was never just "more AI on defense." It's more AI and doing the fundamentals well.
Agents Are Where the Genuinely New Work Lives
Okay, here's where things actually get new. For years we built our security thinking around people, but agents flip that. The actor isn't a person anymore, and most of our old identity models just weren't built for it. Phil's take is that it's not one-size-fits-all, it depends on what you're asking the agent to do.
.png)
And here's the part I don't want you to skim past. None of these mean you hand the agent the keys and walk away. Because these things are non-deterministic, you can't trust an agent to police itself, so you want deterministic controls around it, like the circuit breakers banks use in trading. Phil calls it going from "shift left" to "shift down," pushing controls into the platform so agents inherit them. If you're a leader wondering where to put budget right now, this is it, and it's much easier to build before you've got thousands of agents running around than after.
The Reassuring Part: First Principles Still Hold
So listen, if you take one thing from this episode into your next leadership meeting, make it this. Most of AI risk is not new from a first-principles view. It's software lifecycle risk, data governance, operational risk, and identity and access, the same things we've managed for decades, now under more pressure and at greater scale.
"Trust your instincts, keep sticking with first principles, and everything will be fine."
And don't get me wrong, Phil isn't pretending he's got it all figured out. He's genuinely curious about the second-order effects nobody's modeled yet, like the first "agentic flash crash," where one wrong price sends a billion agents stampeding toward the same trade. Wild stuff. But the takeaway for leaders right now is honestly kind of steadying: you are not starting from zero.
Where to Go From Here
And if you're sitting there thinking about what all this looks like inside your own stack, that agentic control plane Phil keeps describing? That's exactly the gap WonderFence was built to close, giving you deterministic runtime guardrails around agents that are anything but deterministic. Then, because these agents don't exactly stay put, WonderCheck keeps that protection honest over time with continuous red-teaming and drift detection. Which, if you've been following along, is really just first principles applied to agents.
Stay curious.
What’s New from Alice
Curiouser Soundbites: What a Former Google Cloud CISO Wants Leaders to Know About AI
Everyone's watching the flood of new AI vulnerabilities. Former Google Cloud CISO Phil Venables is watching something else, and it's the shift leaders can't afford to miss.
The Former Google Cloud CISO's Take on AI, Agents, and What Comes Next
There's a lot of noise around AI and security right now, and not many people who can cut through it the way Phil Venables can. He was CISO at Goldman Sachs, then the first CISO for Google Cloud, and he's now a partner at Ballistic Ventures. In this episode, he tells us why attackers scaling up worries him more than the vulnerabilities themselves, what trust even means when an agent is acting in your environment, and why the answer to most of this comes back to the same fundamentals we've leaned on for years.
It Takes AI to Break AI: The Case for AI Red Teaming
As AI systems gain autonomy, organizations need security approaches built specifically for AI behavior. Learn why AI-driven red teaming is becoming a critical defense layer.
Demystifying AI Red Teaming
Your AI passed every check. That doesn't mean it's safe. Learn how to red team AI systems before adversaries find the gaps you missed.

