Discussion on AI and Cloud Security with Prowler Founder Tony De Lafuente

🎬 The video features a discussion between the host of Cloud Security Podcast and Tony De Lafuente, founder of the open-source cloud security tool Prowler, focusing on the intersection of AI security and cloud security. Key topics include the shared responsibility model for AI services like AWS Bedrock, Google Vertex AI, and Azure AI, highlighting gaps in understanding customer responsibilities versus cloud provider responsibilities. The conversation emphasizes misconfigurations in AI architectures, such as improperly connecting managed control planes (MCPs) directly to databases, and the importance of layered security controls. Tools like Prowler and Prompt (for LLM assessment) are mentioned for evaluating AI infrastructure and models. The discussion also covers the evolving software development lifecycle (SDLC) with AI, the role of open-source tools in continuous security testing, and the risks of shadow AI—unauthorized AI usage within organizations. Tony advises securing cloud infrastructure, ensuring LLM security (including data handling and tenant isolation), and controlling access to AI tools. The video concludes with a call to explore Prowler for AI and cloud security needs.