meta_pixel
Tapesearch Logo
Log in
Code Story: Insights from Startup Tech Leaders

The AI Control Loop: What's Missing in AI Security Today - with Craig Thomas of Wallarm

Code Story: Insights from Startup Tech Leaders

Noah Labhart - Startup Founder & CTO

News, Entrepreneurship, Business, Technology, Careers, Tech News

5.0217 Ratings

🗓️ 8 July 2026

⏱️ 20 minutes

🧾️ Download transcript

Summary

Today, we are dropping another episode in our series The AI Control Loop, How enterprises govern the AI they've already deployed - sponsored by our friends at Wallarm. Wallarm is the AI Control Platform for Enterprise AI, protecting every AI workload, API, and application in production, giving CISOs the governance they need and CIOs the speed they demand. Organizations choose Wallarm for a complete inventory of APIs, AI agents, and AI apps, patented AI/ML-based threat detection and blocking that operates at production traffic speeds. In today's episode, Craig Thomas, Sr. Solutions Engineer at Wallarm, returns to the show to dive into why runtime behavior is the critical blind spot, and what CISOs should demand if they want to move from policy to control. Our Sponsors: * Check out Cash App and use my code CASHAPP10 for a great deal: https://click.cash.app/ui6m/mt82fpxl #CashAppPod. Cash App is a financial services platform, not a bank. Banking services provided by Cash App’s bank partner(s). Prepaid debit cards issued by Sutton Bank, Member FDIC. See terms and conditions at https://cash.app/legal/us/en-us/card-agreement. Cash App Green, overdraft coverage, borrow, cash back offers and promotions provided by Cash App, a Block, Inc. brand. Visit http://cash.app/legal/podcast for full disclosures. * Check out Plaud AI and use my code CODESTORY for a great deal: https://plaud.ai Advertising Inquiries: https://redcircle.com/brands Privacy & Opt-Out: https://redcircle.com/privacy

Transcript

Click on a timestamp to play from that location

0:00.0

Hello listeners. Today we are dropping another episode in our series, the AI Control Loop,

0:07.2

how enterprises govern the AI they've already deployed, sponsored by our friends at Wallarm.

0:13.4

Wallarm is the AI control platform for Enterprise AI, protecting every AI workload, API, and application in production, giving CSOs the

0:23.0

governance they need and CIOs the speed they demand.

0:26.8

Organizations choose Wallarm for a complete inventory of APIs, AI agents, and AI apps using

0:33.0

patented AIML-based threat detection and blocking that operates at production speeds.

0:38.3

In today's episode, Craig Thomas, Senior Solutions Engineer Wallarm, returns to the show to dive into why

0:46.3

runtime behavior is the critical blind spot, and what CSO should demand if they want to move from policy to control.

1:01.6

Craig, welcome back to the show. Thank you for being in a return episode on Code Story.

1:11.8

Yeah, great to be back. I know last time we talked about rogue AI, so excited to dive in deeper about the threats and how to solve some of the AI problems today. Absolutely.

1:17.1

Really digging and really enjoying this series we're putting together here. The title for today is what's missing in AI security today. We're going to dive into runtime behavior, being a critical

1:23.5

blind spot, and what CSO should demand. And let's dive right into it. So security teams

1:29.2

are used to detecting incidents and responding after the fact, right? We've covered that quite a bit

1:34.7

in this series. Why is that model becoming insufficient for AI-driven systems? Yeah, great question,

1:40.7

Noah. First of all, just kind of like the frame this whole discussion, right, that traditional security really was built to answer one question. Who gets access? Firewall rules, identity access policies, network segmentation, all that's fundamentally controlling the gate. But AI has to move that problem past the gate. And so you asked about detect and respond to systems.

2:03.5

Traditional IRB assumes a human attacker moving at human speed.

2:07.5

You have time to detect, triage, contain that attack.

2:11.6

But as we talked about before in some of the other episodes,

2:14.3

AI compresses that timeline dramatically.

2:16.9

Model can XFiltrate, manipulate corrupt data in milliseconds versus algorithms. some of the other episodes, AI compresses that timeline dramatically. Model connects will trade,

2:18.5

manipulate corrupt data in milliseconds versus hours, days, or even weeks. And so this incident with

2:25.3

AI may not look like an incident. Looks like normal API calls, normal outputs, and traffic.

...

Transcript will be available on the free plan in 23 days. Upgrade to see the full transcript now.

Disclaimer: The podcast and artwork embedded on this page are from Noah Labhart - Startup Founder & CTO, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of Noah Labhart - Startup Founder & CTO and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2026.