The Trust Moat Podcast cover art

The Trust Moat Podcast

The Trust Moat Podcast

Written by: Maja Perovic Baines
Listen for free

About this listen

Technology is changing everything. Trust is the only thing that doesn't. Conversations and analysis for builders and leaders who know that how you build matters as much as what you build.

In this video podcast, I give a voice to builders who implement principles as a strategy. We explore how these choices become unfair advantages—how building for user control creates word-of-mouth growth and customer loyalty, how designing for human progress reveals markets others can't see...

🎙️ New episodes dropping every Tuesday.

---

Subscribe to our YouTube channel: https://www.youtube.com/@MonkeyBusinessMediaPods?sub_confirmation=1

Subscribe to Newsletter & get these episodes first: https://majapbaines.substack.com/

Follow Maja on LinkedIn: https://www.linkedin.com/in/zmajapbaines/

Follow Maja on Instagram: https://www.instagram.com/majaperovicbaines_mbm/

Follow Maja on X: https://x.com/lazarevic_p

Copyright 2026 All rights reserved. Economics
Episodes
  • Prompt Injection, Cloud Code & Agent Security Explained | CISO Guillaume Ross

    Prompt Injection, Cloud Code & Agent Security Explained | CISO Guillaume Ross
    Apr 28 2026
    Get this straight in your inbox --> 📩 Subscribe to the Trust Moat newsletter: https://majapbaines.substack.com/ AI agent security is the silent threat behind every startup using Claude, ChatGPT, Cloud Code, or autonomous agents in 2026 — and most founders don't know what the "lethal trifecta" is or why it increases their risks of leaking their entire customer database. In this episode, head of security consultant for startups, Guillaume Ross, breaks down the real-world security risks of agentic AI, prompt injection attacks, and the identity problem of AI agents acting on your behalf. From Cloud Code on a marketing team's laptop to customer service chatbots leaking data, Guillaume shares almost two decades of cybersecurity experience securing startups, fintechs, and regulated banks — and explains what every founder, developer, and everyday Claude user should be doing TODAY to stay safe. THE GUEST Guillaume Ross is a startup CISO and security consultant based in Montreal, who has built security infrastructure from scratch at companies ranging from pre-revenue startups to regulated financial institutions, crypto companies, and banks. Previously Head of Security at Jupiter One. Connect with Guillaume on LinkedIn: https://www.linkedin.com/in/guillaumeross Check out his website on security: https://foundersfirewall.io 🔥 What you'll learn: - Why "shadow AI" is the new shadow IT — and how to stop it - The lethal trifecta: private data + untrusted input + internet access = disaster - Why BYOD laptops are a security nightmare for AI-first startups - How prompt injection actually works (with a real email example) - The AI agent identity problem nobody is talking about - Why customer service chatbots are the #1 attack surface in 2026 - Sandboxing OpenClaw, Cloud Code, and computer-use agents safely - Vibe coding security: what to never roll yourself - MCP servers: the hidden risk in your AI stack - What governments get WRONG about LLMs (the August 2025 CISA incident) - AI-assisted vulnerability scanning vs. AI-generated code risks ⏱️ Chapters: 00:00:00 Intro 00:04:52 CHAPTER 1: EVERYONE IS A DEVELOPER NOW 00:05:23 The expansion of the corporate attack surface 00:07:38 Why startups selling to enterprise need security on Day 1 00:08:35 The problem with "Bring Your Own Device" (BYOD) 00:09:42 Choosing tech that is "easy to manage." 00:10:49 CHAPTER 2: SHADOW AI IS THE NEW SHADOW IT 00:11:43 Lessons from the CISA document leak 00:12:02 The Dropbox era vs. the AI era 00:12:47 Why blocking AI tools usually fails 00:13:44 How to force corporate versions of ChatGPT and Claude 00:14:24 Why personal accounts bypass legal data protections 00:22:32 CHAPTER 3 - THE AGENT IS YOU 00:26:39 Security risks of browser-based AI agents 00:27:14 Why you shouldn't use agents in your primary browser profile 00:32:47 The consolidation of the AI startup market 00:33:41 Transparency: Identifying agents vs. humans 00:34:00 The difficulty of detecting synthetic voice and deepfakes 00:47:53 CHAPTER 4 - THE LETHAL TRIFECTA 00:48:05 Why text-based LLMs can't separate instructions from data 00:48:30 Indirect prompt injection: The "hidden email" threat 00:49:35 How attackers can exfiltrate quarterly reports via AI 00:52:20 The danger of agents with "Write" access 00:53:15 Sandboxing "OpenClaw" and computer-use models 00:59:01 CHAPTER 5 - WE DON'T HAVE A FIX FOR THIS YET 01:00:15 Why basic threat modeling is essential for builders 01:02:30 Dealing with "close calls" in AI automation 01:05:40 The "Identity Crisis" of agentic authentication 01:10:12 Future predictions for AI native security products 01:15:50 Resources for builders: foundersfirewall.io 🔗 Resources mentioned: → Founders Firewall (Guillaume's free security guide for startup founders): https://foundersfirewall.io → Simon Willison on the lethal trifecta: https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/ → OWASP LLM Top 10: https://owasp.org/www-project-top-10-for-large-language-model-applications/ If you're building a startup, shipping AI features, or just using Claude and ChatGPT every day, this conversation will change how you think about security forever. Prefer to watch on Youtube --> https://youtu.be/-p139v8fAgw?si=FQzJxRmVNcP5gGKA Connect with Maja on: - LinkedIn https://www.linkedin.com/in/zmajapbaines - X https://x.com/lazarevic_p?s=11 - Instagram - https://www.instagram.com/majaperovicbaines_mbm
    Show More Show Less
    1 hr and 17 mins
  • He Spent 20 Years Depositing Value Before Asking For Anything. Now He Runs A VC Fund — Tiho BAJIC

    He Spent 20 Years Depositing Value Before Asking For Anything. Now He Runs A VC Fund — Tiho BAJIC
    Apr 21 2026

    Talking about community as a moat, capital, and the long game - with the investor who spent 20 years earning the right to write checks. Tihomir Bajic has seen what makes companies last. Most founders are solving the wrong problem. In this episode, we get into why community isn't a marketing tactic — it's a moat. Why trust compounds slower than revenue but outlasts it. And what it actually looks like to build something designed to survive the long game. If you're building a company and playing for keeps, this one's for you.

    Follow Monkey Business Media on:

    Subscribe to our YouTube Channel

    Follow us on Instagram

    Connect with Maja on LinkedIn

    Connect with Maja on X

    Subscribe to The Trust Moat Newsletter

    ----

    Where to find Tihomir Bajić

    Connect with Tiho on LinkedIn

    Connect with Tiho on X
    Show More Show Less
    1 hr and 31 mins
No reviews yet