ASU CISO Discusses AI Security Challenges and Solutions at Cactus Con

The video features a discussion between a host and Lester Godsy, CISO of Arizona State University (ASU), recorded at Cactus Con in Arizona, one of the largest cybersecurity conferences in the Southwest. Godsy highlights that while AI introduces new threats like prompt injection—a technically novel attack vector—many underlying enterprise security challenges, such as data classification and asset management, remain decades-old problems exacerbated by AI adoption. ASU has developed its own AI platform supporting over 60 large language models (LLMs), including open-source and commercial options, with built-in security, privacy, and ethics controls to monitor for prompt injection, model poisoning, and harmful content generation. The university’s approach includes an "AI ethics engine" that tests models for bias and an agentic AI framework with API-specific security measures, while also addressing privacy concerns by setting risk thresholds and ensuring auditability. Godsy emphasizes that banning AI is impractical, advocating instead for pragmatic frameworks, as demonstrated by ASU’s policy allowing controlled use of tools like DeepSeek for research. The conversation also touches on the broader risk landscape, where AI amplifies existing threats like API vulnerabilities and data exposure, rather than creating entirely new categories.