Demo Request
Take a personalized product tour with a member of our team to see how we can help make your existing security teams and tools more effective within minutes.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Home
Blog
SECtember AI Think Tank Reflections: Shaping the Future of AI Security & Governance

SECtember AI Think Tank Reflections: Shaping the Future of AI Security & Governance

Tal Shapira
Updated
September 28, 2023
November 29, 2024
3 min read
Ready to Close the SaaS Security Gap?
Chat with us

On September 22, 2023, I had the honor of being the opening speaker at the "SECtember AI Think Tank Day" in Bellevue, WA, hosted by the Cloud Security Alliance (CSA). As the Co-Founder & CTO at Reco AI, a company at the forefront of AI-powered SaaS security, I was thrilled to share insights on the transformative power of Generative AI and its implications on cybersecurity. This event was a pivotal platform for AI innovators and experts to discuss the industry priorities for AI research and to soft launch CSA’s AI Safety Initiative.

The Rise of Generative AI

We are witnessing the most significant technology trend of our time: the rise of Artificial Intelligence. Generative AI, a technology capable of producing diverse content types, is revolutionizing industries, governments, and even hackers' strategies. Large language models (LLMs), which are deep learning models with billions or even trillions of parameters, have opened a new era in which Generative AI models like ChatGPT, Claude, and DALL·E are transforming the world by writing engaging text and creating photorealistic images on the fly.



The Main Flows for Using LLM in Enterprises

Ken Huang, Co-Author of the OWASP Top 10 for LLM presented the main flows for using LLMs in enterprises:

  1. Training or Fine-Tuning an LLM model over proprietary organizational data for a specific use case. 
  2. RAG (Retrieval-Augmented Generation) is an AI framework for retrieving facts from an external knowledge base to ground large language models (LLMs) on the most accurate, up-to-date information and to give users insight into LLMs' generative process. This flow requires a Vector DB.

Additionally, I would like to emphasize that there is an easier flow - using an agent or chain that retrieves data using multiple rest APIs or SQL queries (retrievals). The third option is well adopted, with many new applications based on libraries such as LangChain and LlamaIndex.

The Double-Edged Sword of Generative AI

Generative AI offers numerous benefits, including improving business productivity and enhancing cybersecurity programs. As cybersecurity defenders, we can harness Generative AI for real-time threat intel, shadow app discovery,  phishing detection, policy auto-generation, etc.

“A risky dance?”, Lake Diablo, North Cascades National Park, WA, USA (photo taken by the author)


However, by doing so, it also poses significant security risks. We see malicious actors exploiting Generative AI to enumerate, create dynamic malware, and engage in social engineering, as we have all witnessed in the past week in the MGM Resorts cyber attack. Jason Clinton, CISO at Anthropic, which is one of the leading companies in the field, presented valuable insights on Frontier Model Security.

Furthermore, the risk is not restricted to malicious actors. Interest in Generative AI has exploded exponentially since October 2022, such that Generative AI is becoming an actual shadow app problem. In Reco, for example, we discovered more than 20 new Generative AI apps in the last month used by our employees.  Caleb Sima, Chair of the AI Safety Initiative, presented Open Interpreter, which lets LLMs run code via a terminal on a user's computer to complete tasks. This tool can exploit every permission/access that the user has, and, in the worst-case scenario can even expose a user's private data over the web or a social-media app, highlighting the importance of enforcing permissions. 

Therefore, the risks extend to legitimate usage by employees and third-party apps, leading to data exposure, compliance issues, and misinformation. The challenge is that most users of AI apps are neither technical nor security-aware, making it crucial for security practitioners to establish robust AI/ML security best practices, particularly an Access Control Policy and App Governance Procedures.

Conclusion

The AI Think Tank Day was a groundbreaking workshop that provided key insights into the responsible usage of Generative AI and its benefits and risks in cybersecurity. As we continue to leverage AI in various domains, it is imperative to build better AI/ML security best practices as a community and stay vigilant against the security implications of this transformative technology.


Resources


- CSA research paper "Security Implications of ChatGPT"
- Jim Reavis, CEO at CSA, “Hi ChatGPT, please help Cybersecurity”

No items found.

Tal Shapira

ABOUT THE AUTHOR

Tal is the Cofounder & CTO of Reco. Tal has a Ph.D. from the school of Electrical Engineering at Tel Aviv University, where his research focused on deep learning, computer networks, and cybersecurity. Tal is a graduate of the Talpiot Excellence Program, and a former head of a cybersecurity R&D group within the Israeli Prime Minister's Office. In addition to serving as the CTO, Tal is a member of the AI Controls Security Working Group with the Cloud Security Alliance.

Technical Review by:
Gal Nakash
Technical Review by:
Tal Shapira

Tal is the Cofounder & CTO of Reco. Tal has a Ph.D. from the school of Electrical Engineering at Tel Aviv University, where his research focused on deep learning, computer networks, and cybersecurity. Tal is a graduate of the Talpiot Excellence Program, and a former head of a cybersecurity R&D group within the Israeli Prime Minister's Office. In addition to serving as the CTO, Tal is a member of the AI Controls Security Working Group with the Cloud Security Alliance.

Request a Demo
Ready to Close the SaaS Security Gap?
Chat with us
Table of Contents
Overview
Get the Latest SaaS Security Insights
Subscribe to receive updates on the latest cyber security attacks and trends in SaaS Security.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Explore Related Posts

6 min read
Cyber Attack
OpenClaw: The AI Agent Security Crisis Unfolding Right Now
Alon Klayman
February 12, 2026
OpenClaw, the viral open-source AI agent with over 135,000 GitHub stars, has triggered the first major AI agent security crisis of 2026 with multiple critical vulnerabilities, malicious marketplace exploits, and over 21,000 exposed instances. When employees connect these autonomous agents to corporate systems like Slack and Google Workspace, they create shadow AI with elevated privileges that traditional security tools can't detect. Reco's platform provides the visibility security teams need to identify OpenClaw integrations, audit permissions, and assess risk before incidents occur.
5 min read
SaaS Security
SaaS and AI Security Is Here: Reco Raises Series B to Dominate the Future of AI Usage in SaaS
Ofer Klein
February 10, 2026
After 400% growth, Reco raises $30M Series B to address the AI SaaS security gap, where traditional tools can't see the thousands of AI apps, agents, and integrations that now power modern enterprises. This round was led by Zeev Ventures, with participation from all our existing investors—Insight Partners, boldstart ventures, and Angular Ventures—and new corporate investors including Workday Ventures, TIAA Ventures, S Ventures, and Quadrille Capital.
13 min read
SaaS Security
When AI Becomes the Insider Threat: Understanding Risks in Modern SaaS Environments
Tal Shapira
February 4, 2026
As AI becomes deeply embedded across SaaS platforms, it is increasingly operating with trusted internal access once reserved for employees and service accounts. This article examines how AI can function as an insider threat, why these risks are harder to detect than traditional insider activity, and what signals security teams should watch for. It also explores common governance gaps, real-world scenarios, and practical approaches organizations can take to reduce AI-driven insider risk without limiting legitimate AI use.
See more featured resources

Ready for SaaS Security that can keep up?

Request a demo
Reco is the leader in Dynamic SaaS Security — the only approach that eliminates the growing gap between what you can protect and what’s outpacing your security. Reco keeps pace with SaaS sprawl, no matter how fast it evolves, by covering the entire SaaS lifecycle — cradle to grave.
Request a demo
Chat with us
Chat with us
Memberships
Accreditations
AICPA for RecoAICPA for RecoReco - ISO 27001
Platform
Posture ManagementApp Discovery & GovernanceIdentity & Access GovernanceThreat Detection & ResponseData Exposure ManagementShadow App DiscoveryGenerative AI DiscoveryAgentic AI SecurityReco AI AgentsAI Governance and SecuritySaaS App Factory™
Use Cases
Shadow SaaS DetectionSaaS Ticketing WorkflowUnsanctioned Apps ControlSaaS OffboardingCustom Policy StudioShadow AI DiscoveryIdentity Governance ComplianceAI-Powered SaaS Security Insights
Integrations By App
All Supported ApplicationsSalesforceMicrosoft 365Google WorkspaceServiceNowWorkday
ServiceNow
soon
SlackOktaVeeva
Resources
BlogLearnIT HubCustomer StoriesWebinarsCompareSSPM ReportCISO GuideFinancial GuideHealthcare GuideSalesforce GuideMicrosoft GuideAI Security GuideShadow AI GuideState of SaaS Security ReportThe State of Shadow AI ReportResource Center
Company
About Reco
Careers
Hiring
NewsroomBrand GuidelinesPartnersTrust CenterContact Us
Top Content
SaaS SecurityWhat is SSPMCISO Hub
Use Cases
Detect Shadow SaaSSaaS Ticketing WorkflowUnsanctioned Apps ControlSaaS OffboardingCustom Policy StudioShadow AI DiscoveryEnsure Identity Governance ComplianceAI Powered SaaS Security Insights
Memberships
Accreditations
AICPA for RecoAICPA for RecoReco - ISO 27001
TermsPrivacy
© 2026 Reco. All Rights Reserved.