Podcast

AI in Healthcare: Protecting Patient Data Without Falling Behind

Guest: Sandy Dunn
Host: Mo Sadek. Technical Marketing Director, Alice
Episode #12
-
Jul 2026
AI in Healthcare: Protecting Patient Data Without Falling Behind
"We're not scared about somebody finding out what my blood type is. We're scared about what they do with the data."

Episode description

Your doctor knows things about you that almost nobody else does. So what happens when AI gets access to all of it? Sandy Dunn has spent much of her career worrying about exactly that. She's a healthcare CISO, and her answer is calmer than you'd think: the things that can go wrong aren't new, it's how fast they happen and how far the damage spreads. In this episode, she and Mo get into why HIPAA has become paperwork that protects almost nobody, why the safest data is the data you never collected, and what happens to trust when AI is in the exam room.

Meet the guest

Sandy Dunn

CISO at Knowtion Health

Sandy Dunn is the Chief Information Security Officer at Knowtion Health, a cybersecurity executive with 20+ years across manufacturing, healthcare, and startups. She created and leads the OWASP Top 10 for LLM and GenAI Threat Defense COMPASS.

Full transcript

AI in Healthcare: Protecting Patient Data Without Falling Behind

Curiouser & Curiouser, Episode 12 with Sandy Dunn

A lightly edited transcript. Disfluencies and false starts have been cleaned up for readability. The substance is unchanged.

Sandy Dunn: Every organization, every cybersecurity team out there right now, you don't want to be too far behind, because then you're at a disadvantage. Your adversaries have better tools. But on the other hand, you don't want to just turn a blind eye and then have something cause a huge impact within your organization. Because that's really what's changed: the speed and the blast radius with AI. We had that before. What we're scared of hasn't changed that much. But now it's just the speed and the blast radius that's hard to keep up with. And I don't think that's unique to healthcare, I think that's really across the board. If you listen to people who really understand the problem, everyone sounds a little nervous about it.

Mo: If AI has ever made you stop and think, "wait, what is happening?", you're not alone. I'm Mo, and I'm a security researcher asking the same questions. On Curiouser and Curiouser, we have open conversations with experts, researchers, and leaders working at the edge of this space, talking through how AI is taking shape, what's shifting, and how the people inside the work are thinking about it as it happens. So join us and listen in as the conversation takes shape.

Meet Sandy Dunn

Mo: Welcome back to Curiouser and Curiouser. I'm Mo. And while this Sandy is not from Bikini Bottom, she is still very cool. Sandy Dunn, a great friend of mine, and just an awesome person to know in general. Sandy, I let guests introduce themselves because I always skewer it, and you have such a cool history. So please, go ahead. What do you do? Who are you?

Sandy Dunn: I'm Sandy Dunn, twenty-plus year career in cybersecurity, much longer in the computer industry. I can remember when we were encouraging people to upgrade from one gig drives to two gig drives. I was on the phone selling computers when we were telling people you need 32 megabytes of RAM in your system. So it's been amazing.

I got into cybersecurity because of a phone call. I had a customer call ordering a laptop when I was at Micron PC, and he started telling me about Carnivore, which was a really fancy sniffer that I think the NSA had encouraged a lot of people to put in at the telephone companies. I was absolutely fascinated. That was my first dip into, oh my gosh, there's this whole other world I want to know more about.

So I got started before it was cool, before anyone was really talking about it. We didn't even call it cybersecurity, we just called it security, and there were a few passionate people I knew locally who were into hacking and that kind of thing. That turned into a career within the cybersecurity team at HP, and I became a CISO. I've had several opportunities in different types of businesses to be a CISO, so I have experience in startups, but I've done quite a bit of CISOing in healthcare.

The OWASP work

Mo: You do a ton. I remember the first time we met, you were doing a lot of work with OWASP on some of the standards writing. You had the Compass project, which was fascinating. There was also the AI incident response process, which was really big at the time. Still is, right? I don't think anyone has a great handle on AI security incidents, and they keep changing almost every week. There's not only a new one, but there's always a little bit of variance, just enough that it's like, we need a new process for this. That was really cool work you did in spearheading these projects and pioneering some of this.

Sandy Dunn: With the OWASP Top 10, I kept joining those calls and mostly listened for a long time, and they kept talking about all the different things that could happen with AI. I kept looking at it through my CISO lens, which is: okay, now what? How do I defend myself? What should I be doing right now? So you're right, Mo. I went to Steve and said, let's actually create something that helps people get ready for this. We came up with the checklist and published it. It was really popular, and as you said, it bloomed into a whole bunch of other projects. That's been awesome to be a part of.

Mo: OWASP is doing lots of cool work, just around everything. We're working with OWASP right now on the agentic skills report, which should be out by Black Hat. Depending on when you're watching this, it's already out or about to be. So sorry for the spoiler, or sorry for being late. That's another really cool report coming out about skills and how things have changed in the supply chain with AI.

You've spent over two decades not just in security but in the computing industry, and as a CISO at a healthcare company, you've likely seen healthcare data from almost every angle. You have to govern HIPAA stuff, you have to deal with PII, and then you have to run all the incidents around them, like when a breach hits, or even when builders are creating things with AI inside your organization. So with all that diversity, and all the new things we're seeing in AI, from note takers to agentic systems to LLMs being trained on patient data, how do you feel the balance between protecting patients and enabling AI for their data has changed?

Speed and blast radius changed everything

Sandy Dunn: I think every organization, every cybersecurity team out there right now is trying to find that middle ground. You don't want to be too far behind, because then you're at a disadvantage, your adversaries have better tools. But on the other hand, you don't want to turn a blind eye and then have something cause a huge impact within your organization.

Because that's really what's changed: the speed and the blast radius with AI. We had that before. What we're scared of hasn't changed that much. But now it's just the speed and the blast radius that's hard to keep up with. And I don't think that's unique to healthcare, I think it's across the board. If you listen to people who really understand the problem, everyone sounds a little nervous about it.

Mo: When we think about healthcare, it's one of those really sensitive categories, and it's easy to assume there's a lot of sensitive data there. For example, I'm a big gamer. I don't think these game companies have all this really interesting data on me, but sometimes they take in the location of your device, which is very accurate. I never think about it from the perspective of, every time I start up a game, they know exactly where I am.

But when I go to a doctor's office, I know for sure they have all this information on me, from my blood tests to my pre-existing conditions to concerns covered in very private, sensitive notes. And these note fields in these apps are usually just general text fields. There's nothing special about them, so they're not protected in any way other than encryption at rest. So when we start to look at solutions using AI over all of this sensitive data, and we think about the ways it can be used to make a consumer's life better, what does that risk analysis look like for your industry?

Why HIPAA became a checkbox

Sandy Dunn: It's a great question. Keep in mind, an organization like where I'm at right now, we never get any of the notes. We would never get that level of detail. But you're exactly right. If we were to pull back and understand how to actually improve the HIPAA law, it would be to take out the part where you walk up to the desk and the nurse says, here are our HIPAA notices. I always say, what are those for? Why do I have to sign this? And the poor administrator doesn't even know what it is. I'm sure she sat through training, but it's become just a checkbox. It doesn't reduce the risk.

If you look at the 18 different identifiers, it's your name, your address, things that are already public. But what people really care about is what you mentioned: if I've gone in and had some sensitive thing done at a doctor, I don't necessarily want that to be public. So maybe a revamping of it would be actually identifying what data is sensitive and what's super sensitive. There is a category of what's considered very sensitive PHI, which is anything you go in for around mental health or addiction or anything like that.

But right now, there are cases where if you have a breach and it's just a code, what you went in to have surgery for is a code, and that gets leaked, that's a breach. For most of us, that doesn't really matter. I don't know about you, but I get probably two or three letters a year, to the point where it doesn't really have any value to me. You gave me credit monitoring for data that's already out there.

Mo: You hit it square on the head with HIPAA reporting. Just the surgery code is one, just the name is another. Any of that gets leaked, or is assumed to be leaked, or is proven to be leaked, and boom, you've got to report. And the thing is, when you have that much data breached again, you can only lose this data once. After that it's just out there. It's very difficult to understand the risk every time as a consumer, but as an organization, this is something you have to care about a lot. That's why whenever we see those "do you have credit monitoring" offers, I've got it all enabled, but I also assume everything's breached, and I take the consumer side really seriously, because it's so easy to get access to this information now.

From a CISO's perspective, you know this is already a sensitive requirement and it basically gets triggered at a sneeze. So how does that change your sensitivity to these types of frameworks, which ones you pay attention to, which ones you implement, which ones actually matter?

Shrinking the attack surface with synthetic data

Sandy Dunn: It's a great question. We talk about it all the time where I'm at, which is, how do we reduce our attack surface? One of the things we've looked at is using synthetic data, and we've got some great success stories around it. We're not even using the patient data. We're actually creating synthetic data from the patterns of the data. So it's not PHI at all.

That would be my answer: understand the problem you're trying to solve and where AI can help you. There's probably a better way to skin the cat, and AI gives you that too. That's one of the really exciting parts about AI, being able to do things in a better way, more quickly, that meet the business objectives. It doesn't mean you're just training every AI model with sensitive data. There are other ways to solve the problem.

Mo: So to flip this around, synthetic data is a really good way to get around using real data and avoid having systems propagate real data everywhere, so you limit your attack surface. Let's do a little thought exercise. If you could rewrite some of these frameworks around reporting and the HIPAA stuff, if you had to modify HIPAA to be more effective, more impactful, and give you more signal that something's actually wrong, what would you change to make them less noisy?

Compliance isn't security

Sandy Dunn: Take it away from being a checklist into something that's really effective. That's the frustrating part sometimes as a CISO: you spend too much time trying to pass a framework, a SOC 2, a HITRUST, whatever, and it takes you away from doing what I'd consider real security. It's a balance. If you're doing security really well, passing those types of audit questions should be really easy. They're really the bottom bar of what we want to be doing as security professionals. HIPAA is the base. That's not security. You've heard that argument before, compliance isn't security.

But I want to say that compliance is really important. Turn it around and think about restaurants. A health inspector goes into a restaurant every six months to make sure you don't have too much grease and you're not trying to poison people with old cheese and old meat. It's a point in time. That health inspector coming in is just a point in time, but ideally that's the bottom. Ideally he never catches you when you aren't actually managing your restaurant in a clean and healthy way. That's how we want to look at SOC 2 and everything like that too. It's a bottom. They're just checking to make sure you're not giving people some sort of food illness. And it is good to have the check and balance, because a lot of times nobody has time for security, everyone's going too fast, and there's just not enough time in the day.

The other thing I'd tell you is, really modernize. We have an opportunity, especially with AI, with CI/CD, with Terraform, with infrastructure as code. A lot of your auditors are not up to speed. They just don't run into environments that are actually deploying in a modern way. So make sure your policy doesn't have to respond to those age-old questions like, tell me about your change management process where you submit a ticket. I don't know anyone who's done that for a while. That's not how we build software anymore. So make sure your policies and procedures actually reflect what you're doing, and then automate it. Nobody wants to do manual stuff anymore.

New risks, or just new vulnerabilities?

Mo: That's entirely fair. I don't think any security team wants to go through that now that we have tools that do such good work reducing the amount you have to review. Even this morning I was watching a live stream, I wish I could tell you who was hosting it, I don't remember off the top of my head, it was like six a.m. But it was interesting. They were talking about how application security has changed with AI, and the program they were building had a new focus around bad patterns made in the design. Look at the design decisions that are made, then identify any bad patterns that happened after that decision. So you can trace back the baseline security requirements you need to establish earlier on.

Versus how security has been done traditionally, because you had to use people and manual time. You couldn't track down a bad pattern across your entire stack so fast, you'd have to do it at a point in time, review the application and go forward. But now we have the ability to review signal at scale, from an incident response perspective, and from an application security perspective you can work alongside developers in a way you couldn't before at scale. You can basically build your three-thousand-person application security team with agents and have really good signals sent back to the core team.

So now that we have all this signal, we go back to these risk-based frameworks and building the security program around risk. But risk has had so many changes to the language and how it's framed. We'd all like to say there's one easy way to understand risk, but with AI introducing new vulnerabilities, people get confused and consistently mistake new vulnerabilities for new risks. So do you think AI is actually introducing new classes of risk that we need to build our security programs for? Or is it introducing new vulnerabilities that roll up into a type of risk we're already familiar with, dealt with by techniques we already have?

Sandy Dunn: Some of it is unique. The non-deterministic nature: how do you test for something that's non-deterministic? What's a pass? If you get close to the same answer after five runs, after ten runs? There is a lot that's changed with AI. The fact that prompt injection is unsolvable. It's a system architecture issue, until we redesign how the systems are deployed. So that's basically whack-a-mole until we figure out a better way to do it.

There's model poisoning. People don't talk about model poisoning as much as they used to, but it's a real thing. How easy it is to actually impact the response in a model, and if someone had malicious intent, how would they do that? So there are new threats. But risk is risk, right? It always comes down to dollars and business, what you're trying to accomplish as a business.

Quantifying risk, and security theater

Sandy Dunn: I think we have a great opportunity to actually have a better conversation. AI has helped security teams come to the table, because people recognize it's not risk free, and a security person should probably be in the room when you're rushing to deploy these kinds of things. But I still find a lot of it imbalanced. For instance, note takers. Everyone has a note taker. I hear people talk about, especially in healthcare, not wanting note takers internally because somebody might mention some PHI. But no one ever talks about a policy to prevent anyone from joining a meeting that has a note taker. That's not in their control.

Verizon just came out with their impact breach study, which I think is the first year they've done an impact report based on insurance claims. To actually have a good risk conversation, you have to be able to quantify it. That's what we struggled with as cybersecurity professionals forever, saying, hey, something bad could happen, something bad could happen. And then everyone kind of did their thing, and then the big thing happened. And no one wanted to listen to the person with the tinfoil on their head who said, I told you it was going to happen. But that's true of anything, there's always someone warning you about some danger out there.

So how do we actually quantify it? This goes back to Bruce Schneier. He's talked about security theater for years. We all do security theater, because that's the only way we can move the needle. We come in, do the slides, always talk about the worst thing that could possibly happen, trying to get people to slow down and implement the security the organization needs.

So, short answer, and that was not a short answer: I think risk is risk. It's always about dollars. How much is this going to cost the business? What's at play? What's the risk appetite, the risk threshold? Let's have that conversation. AI is bringing CISOs to the table to have it. Your entire IT should be in the enterprise risk register. I still find cases where people are fighting to get out from underneath some other category within the register. No. IT should be one of the top categories. Cybersecurity should be one of the top categories in the risk register, and I can prove that with dollars. I can show you the impact. So make sure you quantify it. Is the threat slightly different? Yes. But there are a lot of similarities too.

The trouble with open weight models

Mo: Going back a little, you brought up model poisoning. Right now we're in a really interesting time, where open source models have gotten a lot of good attention. There's been this trend where open source follows flagship. Most recently the flagship models have gotten really, really good. You look at Fable and it's incredible. You look at the newest releases and they're insane. And then you look at something like GLM and it's really good, but it also doesn't cost you anything to run, especially if you host it locally.

But these open weight models: today there was a release that's basically going to be a peer-to-peer network of hosted models. These things are huge, massive, difficult to download, and yes, you can get them off Hugging Face, but now there's another place to get them. So you have to wonder, what type of biases are preloaded here? You don't know how people are modifying their models.

Sandy Dunn: And it's impossible. It's mathematically impossible to actually know what went in there. Hopefully they have a system card, but how do you verify it? I know there's been a lot of discussion around that. With the Chinese models, I was just reading a threat report this morning and they found all sorts of backdoors in some networking equipment that was well hidden. So it's a tough problem, because I wouldn't be comfortable running a Chinese model, just because I've seen too many bad things.

Mo: Every open source model has its own issues, and we know models coming from outside the US have a bias already baked in. This is where things get difficult, because these models are so cheap and useful to run, and we do our best to remove the biases to make them usable in an internal environment. In your specific field, with patient history and populations...

Sandy Dunn: We would never touch that data with it. We would never put that in it.

Mo: Is it too much of a liability risk? Is that the main issue there?

Sandy Dunn: It's just not useful to us. And I'm glad I'm not at an organization wrestling with this. It would be very difficult. I don't know where you'd get the data, but most organizations are very strict about what you do with their data. There are these very long contracts that tell you what you can and can't do, to the point that even if you train a model, they say they own the synthetic data you created with that model. Again, that's not how we do it, but I'm glad I don't have to worry about that.

But think about that, Mo. Look at all the models we use. Claude, ChatGPT. They trained on your data, on my data, on everybody's data, before anyone really knew what they were doing, they were just scraping all of it. Maybe it doesn't even matter what data goes into a model, because they have it all anyway. I don't want to be flippant about it. But you see people saying, you can't have any of our data, and you're like, well, we're actually trying to help, you benefit. Here's the thing: this is still very new. When was it, 2022, that ChatGPT came out?

Mo: Yeah, 2022 was the mainstream moment.

Sandy Dunn: I can't believe it's been four years. But nobody looks at your Google Maps and says, how do I know this AI is trustworthy? I mean, they did in the beginning. Remember when people were driving up bridges and going into lakes? So it's possible that as we get more comfortable with the technology and it becomes less artificial to us, it just becomes intelligence, there's less scrutiny around it. There's more trust. I've never really thought about how they do Google Maps. Why do we trust that now?

The bias problem nobody solved

Mo: Some of it is adoption through use. You see a lot of people around you using it. I don't hear people say "I Googled this" anymore. It's "I asked ChatGPT" or "I asked Claude." The more people adopt it at scale, the more assumptions we make as consumers, like, well, if a lot of people are using this, it must be good. And that's one of the big things we look at day to day: how can you trust your AI when not all data out there is good?

There was a funny anecdote I heard on a podcast about 4chan threads on what an AI apocalypse would look like. The only reason AI knows how to be violent, or how it would take over the world, is because we've literally written scenarios about AI taking over the world. If you've got a super intelligent model trained on all of human writing, guess what? It's going to have those edge case scenarios in there too.

Sandy Dunn: Have you ever read any of Brian Christian's books on the alignment problem? Or Melanie Mitchell is another good one. The funny thing is, everyone's an AI expert now. I always feel bad for people like Brian and Melanie, who toiled in the darkness and nobody cared what they thought for decades, and now everybody else is an expert. But Brian's written some really good books about some of the challenges. Things like, a lot of the medical data used white men, so women are underrepresented and people of color are underrepresented. So is adding more data going to solve that problem?

Mo: In a theoretical sense it should. But if we think about how data has historically been collected, as someone who's Black, one of the big things in the Black community is that we've seen health data be very inaccurate when it comes to our population. LLMs are trained on this type of data. We had a really great episode with Tennisha Martin where we talked about how data, inherently, the way it's been collected, is biased. So we're left with results that tend to be biased.

If we have biased data that we know is already in the population, how do you mitigate that? You have to validate that data, make sure it's actually true. But then how do you know the validation source is able to do it correctly? Unfortunately the bias problem is so hard to solve at scale. Right now most of the solutions have been to just scale it up, and eventually either you understand what the bias is exactly, or there's so much data that you start to make assumptions that it's less biased than before, because you've collected it from enough different sources, or you're using enough different LLMs to process it. So it's essentially the bias of every single LLM and you can't really tell by the end. All the solutions to bias are very difficult to handle, and even the best ones doing validation on the end of the data are still very expensive to do.

Sandy Dunn: With DALL-E, one of my first experiments was to have it create an image of a white, blonde college professor with a white horse. It came out as a cute blonde lady with a white horse. And then I added one word, cybersecurity, and she came out looking like a witch. I thought, that's interesting, just by adding that one word.

So I think we're violently agreeing that we're just starting to understand the complexity of this problem. And trust is very powerful. It's just like a stick of dynamite. If you need to clear a portal, get a stick of dynamite. But you've got to be very careful, because you can do a lot of damage with it. That's how we have to think about AI: you better understand what you're doing when you're holding the dynamite. You can do some really cool stuff and move a mountain, but you want to throw it the right direction.

Trust, and what AI does to the doctor-patient relationship

Mo: The big thing about trust, especially in the fields that are most sensitive and highly regulated, and especially healthcare, is that trust is actually the biggest thing in healthcare. We already kind of don't trust banks as a society. Equifax trained us really well to not trust financial institutions, that whole hack was the big moment.

But when I walk into my doctor's office, I talk about everything freely because I trust my doctor. There's this big element of human connection in healthcare. I don't really think about my doctor using AI, but I remember one time I went in and my doctor asked ChatGPT something. And again, I'm in the Bay Area, so I feel like over here it's normalized, it may not happen everywhere. But what happens to the human connection when we start including AI in these sensitive workflows, specifically where the human connection is highly valued, like a doctor-patient relationship?

Sandy Dunn: Great question. If you talk to doctors and nurses, I actually have two nurses, both my daughters just graduated, so I get a little inside perspective, they're so burdened by paperwork that they're not having fun either. I'm so impressed with the healthcare industry and how they train individuals coming into it. Watching both my daughters go through it, I wish we had something similar in cybersecurity. The mentoring, the job exposure, they really do a fantastic job of bringing young people into careers within the medical community.

But we all know people get burnt out. I don't think people get burned out taking care of people. They get burned out with friction. It's the same thing that happens with us. Most of us love what we do in cybersecurity. What burns us out is if we can't solve the problem, or there's too much red tape and everybody keeps slowing us down. That's what wears a person out. It's the same in healthcare. We've made that a very difficult job, mostly because of things like HIPAA, because systems don't talk to each other, because it's so hard to trade data, because of the insurance stuff.

I was just going through and trying to figure out my different options for a dentist. I read the material and I could not figure it out. I threw it into Claude and Claude explained it to me. And I was like, so why did I have to take that extra step? Why did I have to go to Claude to get some clarity on this? Why can't they just write this so a human can read it?

I'm Sandy Sunshine, so I'm always optimistic. We're definitely in the frontier. Everyone's experimenting, everyone's trying to figure out where AI helps us be more effective. My real hope is that it does free up people's time. I've had nights where I stayed up all night, I was so into what I was building, whether it was Cursor or Claude, literally stayed up all night because I was so into it. That's pretty fun, to be that enthusiastic about something.

It's definitely a stick of dynamite. The next few years will be interesting. We talk about frameworks and governance, and I think that's a really challenging problem, because our legal system was never set up to move at the pace of cybersecurity, at the pace of technology. And now we add AI on top of it. So when people start talking to me about AI governance, I just go, mm, I don't know. Maybe that changes. But I think the next decade is going to be absolutely compelling.

GRC as the connective tissue

Mo: The last CISO I worked for invested a lot in GRC, because he said GRC is where we're going to see the most change in cybersecurity. GRC teams are usually the business connectors for the security department. If you can enable them at scale to be as proficient in application security as your access person, you enable them to communicate technical risk a lot better at higher levels.

The GRC engineering function that's emerged in the last two years has been insane to see grow. Now I'm hearing about GRC engineering teams at almost every conference, where these teams are becoming really technical in how they assess AI solutions, how they quickly understand risk, how they build their own internal frameworks for dealing with new AI products coming in, and how they enable application security and infrastructure security teams to operate faster. They don't take the place of your AppSec team or your cloud security team, they're not specialists. However, AI was always made for a generalist, in my opinion. If you're good enough at understanding the frameworks and you have just enough information about the different areas of security to have a real conversation, you can use AI to fill in your knowledge gaps and use experts around your team to grow really fast and get ahead of governance before it becomes a problem.

That's where we really have to grow into. How do we enable the business at scale to adopt AI, and as it's adopting AI, how do we understand these risks at scale in context to our business? When I think about some of the healthcare risks, a lot of it comes back to the human factor. We need to reduce the friction it takes clinicians to actually treat humans, because that's the work they do best. The initial place is triage and customer service and the first point of contact. Imagine an agentic AI system used for that first line of contact that misreads someone and says you're fine when they're not. That's where I get a little worried, because this is an AI solution we deployed that we aren't sure about, and that outcome is the exact one that's dangerous to humans.

Sandy Dunn: You know, I would take it in a heartbeat. I hate going to the doctor. You go in and burn so much time. They treat you like they're doing you a favor, even though they're charging you for it. Somewhere along the way the whole system got broken. They just released a doctor kiosk in China. Did you see that? I'd go in a heartbeat. If I had the choice between a regular doctor and a robot doctor, I'd go to the robot doctor in a heartbeat.

Mo: It's interesting. China also has a very interesting way of managing the population's data. They have a more consolidated data infrastructure by default and can collect data about the entire population faster, so those health systems are really well informed and will likely give better results. That mainly comes from a data consolidation point. It's not something we can get to today in the US or even the EU.

What we give up without noticing

Sandy Dunn: Look at what happened with 23andMe, the DNA testing. Initially it was sold to people as, wouldn't you like to know a little more about your family tree? And the next thing we know, they're understanding their databases and family trees, and the Golden State Killer got caught because I think it was a great aunt submitted her data and they were able to match it. Do we want the Golden State Killer off the road? Absolutely. But basically everyone in the United States today can be identified because the database is so large. So if you leave your DNA anywhere, well, I didn't sign up for that.

And think about photographs. Anywhere you go, think about all the license plate readers out there. There are a lot of decisions being made for us kind of subversively, without full visibility, and we don't all understand the long-term consequences. China was very much into pre-crime analysis, and that becomes, if you're any kind of a weirdo, and I label myself that way, if you're different, all of a sudden I don't fit the pattern and someone's accusing me of being different from everybody else and I get put in a different bucket. That's terrifying.

I think that's what we're scared of. We're not scared about somebody finding out what my blood type is. We're scared about what they do with the data. What's the long-term goal with the data, and how could it be abused and misused against us as individuals?

Mo: It's going to be difficult to see, and it really depends on how the space grows. We're seeing a lot of new startups every day, a lot of them very small and agile, filling gaps where incumbents haven't traditionally been able to move. It will change how software is built, and it will likely change how people interact with different technologies across industries. Lovable is a great example. People were using Squarespace or GoDaddy to build websites, but even building a website was tough, you needed WordPress, you needed to go through all these frameworks. Now you have this one-stop shop where everyone is building apps. I think will.i.am is the number one user of Lovable. Isn't that crazy?

Sandy Dunn: Stuff I never thought I could build, and that is super fun.

Mo: And it's going to enable us to use data in ways we didn't think we could. You can ask Claude to run analysis on different types of data. You can say, I don't understand any of these patterns, go find a pattern for me. And it'll find a pattern, and then you follow it and hope that at some point it's not hallucinating and you're not accidentally seeing patterns you shouldn't. But you'll likely find something interesting enough that you say, you know what, I think there's something here. And then you can go build it the same day.

For an organization testing these things every day, especially in healthcare or finance, you're going to find new emergent use cases so specific to your industry and so niche that it might scare somebody. Right now there are a lot of financial products coming out that do stock picking for you. If you say you're interested in the electric industry or solar, it'll put together a small portfolio, ask your risk tolerance, show you all these companies, the trends and patterns, maybe this will be interesting over a thirty-year horizon.

So who knows when the next thing comes out and it's like, well, this is what you're doing today with your health, and you're going to die in twenty years. I don't think I want to know when I'm estimated to die based on my health patterns. But who knows what someone's going to do with that? They'll say, you should probably work out three times a week for twenty minutes on a treadmill and you'll extend your lifespan a year. I wear an Oura Ring every day. I can imagine feeding this data into Claude with some of my blood test results and being like, tell me what I look like from a health perspective. How am I doing? And it gets scary.

What the Apple Watch knew

Sandy Dunn: I've probably told you this story before. My good friend Jay Radcliffe always talked about a story from when the Apple Watch first came out. They gave it to a bunch of senior citizens because they wanted to track their heart rates. To me this is a classic example of what we need to be worried about: it's the stuff that's not obvious.

So they gave it to a bunch of senior citizens, and all of a sudden, about nine thirty every night, they saw everyone's heart rate spike. There were patterns of all these heart rates spiking, and they didn't know if it was a problem with the watch, or what they were feeding them. It wasn't every night, it was sporadic, and they were trying to trace it and understand what was happening. Well, of course, these older people were getting busy. And they would have been so horrified if they'd known that a researcher could pull all of that data off the watch they were wearing.

That's the question we want to ask ourselves: what are we giving up about ourselves that we aren't thinking about? If you watch true crime at all, it's all about where they go to pull the data from. They pull it from the watch. Somebody tries to burn down their own house and he's wearing a pacemaker, and they're pulling the pacemaker out and tracking patterns. If you're wearing any kind of tracking device, all of it, we're being tracked every day. So if the question is, should we be worried about how much data we have about ourselves that could be abused? Yes. Do we have any way to control that? I would say we don't have a good handle on it.

Where to find Sandy

Mo: I think that's a good place to end. It's a silly topic to end on, but it's also a serious one. So Sandy, where can the good people find you? Where are you going to be next?

Sandy Dunn: I'm just here, heads down working. If you'd like to reach out, if I've said anything you're interested in hearing more about, probably the best place is to find me on LinkedIn.

Mo: Cool. Then I guess we'll see you next time. I'll be at Black Hat and DEF CON, we're doing a live podcast recording, so if you're interested in that and want to show up, let me know. Sandy, thanks for coming through. Stay curious, everybody, and have a great and safe rest of your day. If this episode helped cut through the noise, like or subscribe so you don't miss what's next. Thanks for spending time with us. Until next time, stay curious.

Read Full Transcript

COMING UP

Black Hat USA 2026

Event

Alice @ Black Hat USA - Where AI systems are tested the hard way, before attackers do.

Learn More

GO DEEPER

Mitigating the Risks of Agentic AI

Webinar

As AI evolves from chatbots to autonomous agents, new security vulnerabilities are emerging. Explore the critical strategies needed to identify and manage the unique risks of agentic AI before they scale.

Learn More

Subscribe for new episodes

What’s New from Alice

Curiouser Soundbites: What a Former Google Cloud CISO Wants Leaders to Know About AI

blog
Jul 10, 2026
,
 
Jul 10, 2026
 -
5
 min read
Jul 10, 2026
 -
5
 min watch
July 10, 2026

Everyone's watching the flood of new AI vulnerabilities. Former Google Cloud CISO Phil Venables is watching something else, and it's the shift leaders can't afford to miss.

Learn More

Demystifying AI Red Teaming

whitepaper
Jun 25, 2026
,
 
Jun 25, 2026
 -
This is some text inside of a div block.
 min read
Jun 25, 2026
 -
This is some text inside of a div block.
 min watch
June 25, 2026

Your AI passed every check. That doesn't mean it's safe. Learn how to red team AI systems before adversaries find the gaps you missed.

Learn More