Prompt Injection, Cloud Code & Agent Security Explained | CISO Guillaume Ross cover art

Prompt Injection, Cloud Code & Agent Security Explained | CISO Guillaume Ross

Prompt Injection, Cloud Code & Agent Security Explained | CISO Guillaume Ross

Listen for free

View show details

About this listen

 Get this straight in your inbox --> 📩 Subscribe to the Trust Moat newsletter: https://majapbaines.substack.com/ AI agent security is the silent threat behind every startup using Claude, ChatGPT, Cloud Code, or autonomous agents in 2026 — and most founders don't know what the "lethal trifecta" is or why it increases their risks of leaking their entire customer database. In this episode, head of security consultant for startups, Guillaume Ross, breaks down the real-world security risks of agentic AI, prompt injection attacks, and the identity problem of AI agents acting on your behalf. From Cloud Code on a marketing team's laptop to customer service chatbots leaking data, Guillaume shares almost two decades of cybersecurity experience securing startups, fintechs, and regulated banks — and explains what every founder, developer, and everyday Claude user should be doing TODAY to stay safe. THE GUEST Guillaume Ross is a startup CISO and security consultant based in Montreal, who has built security infrastructure from scratch at companies ranging from pre-revenue startups to regulated financial institutions, crypto companies, and banks. Previously Head of Security at Jupiter One. Connect with Guillaume on LinkedIn: https://www.linkedin.com/in/guillaumeross Check out his website on security: https://foundersfirewall.io 🔥 What you'll learn: - Why "shadow AI" is the new shadow IT — and how to stop it - The lethal trifecta: private data + untrusted input + internet access = disaster - Why BYOD laptops are a security nightmare for AI-first startups - How prompt injection actually works (with a real email example) - The AI agent identity problem nobody is talking about - Why customer service chatbots are the #1 attack surface in 2026 - Sandboxing OpenClaw, Cloud Code, and computer-use agents safely - Vibe coding security: what to never roll yourself - MCP servers: the hidden risk in your AI stack - What governments get WRONG about LLMs (the August 2025 CISA incident) - AI-assisted vulnerability scanning vs. AI-generated code risks ⏱️ Chapters: 00:00:00 Intro 00:04:52 CHAPTER 1: EVERYONE IS A DEVELOPER NOW 00:05:23 The expansion of the corporate attack surface 00:07:38 Why startups selling to enterprise need security on Day 1 00:08:35 The problem with "Bring Your Own Device" (BYOD) 00:09:42 Choosing tech that is "easy to manage." 00:10:49 CHAPTER 2: SHADOW AI IS THE NEW SHADOW IT 00:11:43 Lessons from the CISA document leak 00:12:02 The Dropbox era vs. the AI era 00:12:47 Why blocking AI tools usually fails 00:13:44 How to force corporate versions of ChatGPT and Claude 00:14:24 Why personal accounts bypass legal data protections 00:22:32 CHAPTER 3 - THE AGENT IS YOU 00:26:39 Security risks of browser-based AI agents 00:27:14 Why you shouldn't use agents in your primary browser profile 00:32:47 The consolidation of the AI startup market 00:33:41 Transparency: Identifying agents vs. humans 00:34:00 The difficulty of detecting synthetic voice and deepfakes 00:47:53 CHAPTER 4 - THE LETHAL TRIFECTA 00:48:05 Why text-based LLMs can't separate instructions from data 00:48:30 Indirect prompt injection: The "hidden email" threat 00:49:35 How attackers can exfiltrate quarterly reports via AI 00:52:20 The danger of agents with "Write" access 00:53:15 Sandboxing "OpenClaw" and computer-use models 00:59:01 CHAPTER 5 - WE DON'T HAVE A FIX FOR THIS YET 01:00:15 Why basic threat modeling is essential for builders 01:02:30 Dealing with "close calls" in AI automation 01:05:40 The "Identity Crisis" of agentic authentication 01:10:12 Future predictions for AI native security products 01:15:50 Resources for builders: foundersfirewall.io 🔗 Resources mentioned: → Founders Firewall (Guillaume's free security guide for startup founders): https://foundersfirewall.io → Simon Willison on the lethal trifecta: https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/ → OWASP LLM Top 10: https://owasp.org/www-project-top-10-for-large-language-model-applications/ If you're building a startup, shipping AI features, or just using Claude and ChatGPT every day, this conversation will change how you think about security forever. Prefer to watch on Youtube --> https://youtu.be/-p139v8fAgw?si=FQzJxRmVNcP5gGKA Connect with Maja on: - LinkedIn https://www.linkedin.com/in/zmajapbaines - X https://x.com/lazarevic_p?s=11 - Instagram - https://www.instagram.com/majaperovicbaines_mbm
No reviews yet