In this episode of The CTO Show with Mehmet, I’m joined by Alex Schlager, Founder and CEO of AIceberg, a company operating at the intersection of AI, cybersecurity, and explainability.

We dive deep into why AI agents fundamentally change enterprise risk, how shadow AI is spreading across organizations, and why monitoring black-box models with other black boxes is a dangerous mistake.

Alex explains how explainable machine learning can provide the observability, safety, and security enterprises desperately need as they adopt agentic AI at scale.

⸻

👤 About the Guest

Alex Schlager is the Founder and CEO of AIceberg, a company focused on detection and response for AI-powered workflows, from LLM-based chatbots to complex multi-agent systems.

AIceberg’s mission is to secure enterprise AI adoption using fully explainable machine learning models, avoiding black-box-on-black-box monitoring approaches. Alex has deep expertise in AI explainability, agentic systems, and enterprise AI risk management.

https://www.linkedin.com/in/alexschlager/

⸻

🧠 Key Topics We Cover

• Why AI agents create a new and expanding attack surface

• The rise of shadow AI across business functions

• Safety vs security in AI systems and why CISOs must now care about both

• How agentic AI amplifies risk through autonomy and tool access

• Explainable AI vs LLM-based guardrails

• Observability challenges in agent-based workflows

• Why traditional cybersecurity tools fall short in the AI era

• Governance, risk, and compliance for AI driven systems

• The future role of AI agents inside security teams

⸻

📌 Episode Highlights & Timestamps

00:00 – Introduction and welcome

01:05 – Alex Schlager’s background and the founding of AIceberg

02:20 – Why AI-powered workflows need new security models

03:45 – The danger of monitoring black boxes with black boxes

05:10 – Shadow AI and the loss of enterprise visibility

07:30 – Safety vs security in AI systems

09:15 – Real-world AI risks: hallucinations, data leaks, toxic outputs

12:40 – Why agentic AI massively expands the attack surface

15:05 – Privilege, identity, and agents acting on behalf of users

18:00 – How AIceberg provides observability and control

21:30 – Securing APIs, tools, and agent execution paths

24:10 – Data leakage, DLP, and public LLM usage

27:20 – Governance challenges for CISOs and enterprises

30:15 – AI adoption vs security trade-offs inside organizations

33:40 – Why observability is the first step to AI security

36:10 – The future of AI agents in cybersecurity teams

40:30 – Final thoughts and where to learn more

⸻

🎯 What You’ll Learn

• How AI agents differ from traditional software from a security perspective

• Why explainability is becoming critical for AI governance

• How enterprises can regain visibility over AI usage

• What CISOs should prioritize as agentic AI adoption accelerates

• Where AI security is heading in 2026 and beyond

⸻

🔗 Resources Mentioned

• AIceberg: https://aiceberg.ai

• AIceberg Podcast – How Hard Can It Be? https://howhardcanitbe.ai/