Can we secure generative AI before it outpaces our ability to defend it?

Welcome back to Razorwire, where we have our finger on the pulse of cybersecurity’s most urgent dilemmas and future threats. I’m your host, Jim and in this episode, I sit down with Ante Gojsalić, CTO and co-founder of SplxAI, to unpick the tangled challenges of securing the next wave of generative AI before it becomes too integrated, too complex and too risky to control.

Generative AI is reshaping everything from business operations to personal lives, but the race to capitalise on its potential leaves us with difficult questions. Are we allowing technological progress to sprint ahead of security? Is anyone putting robust protections at the heart of these new AI systems? Ante shares stories from the frontlines - explaining why both East and West are taking wildly different approaches, why securing AI isn’t as simple as plugging in a new tool and how the real vulnerabilities lie hidden in the everyday systems we’re already beginning to trust.

Three key talking points to listen out for:

1. Why securing AI is fundamentally different - and harder - than traditional IT - Ante shares real scenarios where the unpredictable, fast-evolving nature of large language models means old school security techniques simply can’t keep pace. Find out why continuous testing, automation and security-by-design are more critical than ever.
2. Hidden risks as AI agents take on human-like roles in business - We explore where the most pressing security gaps lie as AI agents begin to make decisions, handle confidential data and even manipulate users. Learn how attackers are already exploiting these systems - and what steps organisations can take to avoid catastrophic mistakes.
3. The battle between business priorities and security fundamentals -
4. Hear our thoughts on why commercial pressure and the quest for innovation often override basic security and discover hands on, pragmatic advice for leaders aiming to bake security into AI projects from day one - before it’s too late.

Whether you’re a CISO, an AI developer or a cyber strategist, this episode of Razorwire will arm you with practical insights and hard-won lessons on defending against the unknowns of AI.

Why Continuous Security Testing Is Essential:

"So imagine you do the security evaluation [of AI] on day one, then they change it a hundred times and you don't do another pen test. It's not relevant anymore. So, yeah, the continuous thing is important. Automation is important. And with AI, which is non-deterministic and which is still very changeable day by day, it's different than web security or API security… It's just unstable."

- Ante Gojsalić, on why traditional security approaches fail with AI systems

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

• Rise of Generative AI - Understand what generative AI actually is and how to assess its rapidly expanding applications within your organisation's threat landscape.
• Global AI Arms Race - Learn how different regional approaches to AI development affect your security strategy and vendor selection decisions.
• Security vs Speed in AI Development - Discover practical ways to balance innovation pressure with security requirements without stifling business growth.
• Emerging Threats to AI Systems - Identify specific...

Welcome to Razorwire, the podcast that challenges conventional thinking about cybersecurity with insight, humour and a dose of reality.

In this episode, James Rees is joined by security awareness specialists Amy Stokes-Waters and Jemma to dismantle outdated approaches to security training. From click-through fatigue to the critical importance of culture change, our experts explore why traditional computer-based training fails to make organisations truly secure.

Listen as Amy and Jemma share their expertise on transforming security awareness from a box-ticking exercise into meaningful behaviour change. Their refreshingly honest assessment of the "80% compliance myth" and why focusing on business impact rather than personal consequences undermines effectiveness will have security professionals nodding in recognition.

Whether you're a CISO struggling with training completion rates, an IT professional tired of being ignored, or someone who's repeatedly clicked "next" through mandatory security modules wondering if there's a better way, this conversation offers practical alternatives to the stale CBT approach that dominates the industry.

Tune in for a candid discussion that feels like eavesdropping on three security professionals brainstorming how to fix what's broken in security awareness while acknowledging the realities of human behaviour.

3 Key Talking Points:

1. Why Traditional Security Training Fails Everyone Discover the fundamental flaws in conventional security awareness approaches that waste both time and budgets. When Amy reveals that "less than 1% [of IT budgets] is spent on humans" while "95% of incidents are caused by humans," you'll understand why throwing money at technical solutions while neglecting human factors is a losing strategy. Listen for actionable insights on avoiding the compliance trap that leaves organisations vulnerable despite ticking all the regulatory boxes.
2. The McDonald's Approach to Security Awareness Learn why successful security awareness should mirror effective marketing campaigns rather than dreaded annual training sessions. Our experts break down how security teams should adopt McDonald's persistent, multi-channel strategy instead of expecting one-off sessions to change behaviour. You'll gain practical strategies for implementing "security by osmosis" that keeps protective measures visible and top-of-mind without creating training fatigue or resistance.
3. 
   
4. Measuring What Actually Matters Transform how you evaluate security awareness effectiveness with metrics that genuinely reflect improved security. When Jemma dismantles the "80% of people scored 80%" myth, you'll understand why completion rates and phishing test results fail to indicate real security improvements. Listen for concrete guidance on tracking meaningful engagement metrics like security team contact, proactive reporting, and actual incident reduction that demonstrate true cultural change rather than superficial compliance.

"What a lot of people are doing is security training for compliance, but they're not actually doing anything around the culture. They're hitting the compliance metrics. Brilliant. But the actual culture of the organization is still inherently insecure."

- Amy Stokes-Waters, on the difference between compliance and cultural change

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

• Budget Reality Check: Learn why organisations spending less than 1% of IT budgets on human factors whilst 95% of incidents are...

Welcome to Razorwire, the podcast that challenges conventional thinking about cybersecurity with insight, humour and a dose of reality.

In this brilliantly unfiltered episode, we're joined by security professionals Iain Pye and Chris Dawson for a no-holds-barred discussion about security measures that cross the line from prudent to preposterous. From biometric authentication dilemmas to the maddening theatre of airport security, our experts dissect the fine balance between protecting assets and actually getting things done.

Listen as Chris and Iain lock horns on what constitutes "reasonable" security, with Chris arguing for Fort Knox-level protection while Iain advocates for practicality, whilst your host Jim attempts to referee. Their real-world examples of security absurdity, including trapping thieves in revolving doors and putting warning signs in car parks, will have you nodding in recognition or shaking your head in disbelief.

Whether you're a battle-scarred security professional or maybe just someone who's stood impatiently in endless security queues wondering why your belt buckle is suddenly a threat to national security, this conversation offers both genuine insight and proper laughs about the sometimes bizarre world of overzealous security controls.

Tune in for a refreshingly honest chat that feels like overhearing three security experts having a pint down the pub whilst debating the madness that sometimes defines our industry.

3 Key Talking Points:

The Security vs Practicality Tightrope

Listen as our experts dissect the eternal balancing act between locked-down security and business functionality. When Chris boldly claims he'd implement "seven layers of security" for critical infrastructure while Iain argues for practicality, you'll gain valuable perspective on finding that sweet spot where protection doesn't become paralysis.

The Psychology Behind Security Resistance

Discover why people willingly hand over biometric data to tech giants yet baulk at the same requests from employers. Our conversation uncovers the fascinating psychological disconnect between consumer and corporate security acceptance, offering insights you can apply immediately to your own security implementation strategies.

Beyond Bureaucracy: When Risk Management Goes Wrong

Experience the painful yet hilarious reality of security bureaucracy gone mad, from needless warning signs in car parks to the absurdity of airport security theatre. You'll leave with a clearer understanding of how to champion meaningful security measures while avoiding the trap of controls that exist merely to tick compliance boxes.

"Information security professionals the world over, in various different cultures and various different parts of the world have had the words echoing through the halls: ‘Isn't that a bit much?’"

- James Rees, Razorthorn Security

Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen

• Finding the Balance: Discover how to navigate the tension between robust security measures and practical business operations without alienating your colleagues
• Biometric Backlash: Understand why people readily surrender their biometrics to tech giants but resist providing the same data to employers
• Security Theatre: Learn to identify when security measures serve more as performance than protection, particularly in public spaces like airports
• Risk Management Revelations: Gain insights into creating...