“We’re not trying to avoid AI because of the scary security issues; we’re trying to deploy it securely so we can unlock its true potential.”

Notable Moments

01:09 – Rene Brandel on why she began hacking Y Combinator AI agents to find security gaps.

02:30 – How quickly AI systems can be breached without strong security oversight.

03:51 – The risk of cross-user data access and violating HIPAA’s minimum necessary standard.

07:05 – Understanding permissions creep and why AI agents should be treated like individual users.

10:23 – How malicious actors can use code execution capabilities to manipulate AI systems.

13:44 – Sandboxing AI agents and why “don’t roll your own security” is the new rule.

15:23 – Three areas of AI procurement to prioritize — authentication, capabilities, and integration.

18:11 – Why traditional pen tests miss AI-specific threats and the need for continuous testing.

21:21 – Megan reflects on the speed of AI advancement and the importance of security champions.

Rene Brandel, CEO of Casco and a Y Combinator founder, shares her team’s findings after testing AI agents from leading startups. She reveals how quickly AI systems can be exploited through prompt injection, permissions creep, and code execution flaws. Our conversation explores why healthcare must treat AI as a regulated entity, not a novelty. The episode dives into sandboxing solutions, authentication strategies, and how to build a new generation of AI security champions.

Resources

www.redoxengine.com

Past Podcast Episodes

https://redoxengine.com/solutions/platform-security

Have feedback or a topic suggestion? Submit it using this linked form.

Matt Mock [email protected]