Mimecast CPO Discusses AI Security Risks and Human Risk Management in Cybersecurity

The video features Rob Juncker, Chief Product Officer at Mimecast, discussing the intersection of human risk management, AI security, and cybersecurity programs. Key topics include the rise of unsanctioned AI tools, with 98% of organizations reporting their presence, and the risks of data exposure—4% of AI prompts and 20% of files uploaded to AI tools contain private or confidential information. Juncker highlights indirect prompt injection attacks, such as an email with hidden white text instructing AI to exfiltrate data without logging, and introduces the "fire triangle" analogy (fuel, oxygen, heat) to explain AI security risks. Mimecast's approach emphasizes remediation-first strategies, human risk exposure metrics, and securing non-human identities like AI agents. The discussion also covers the need for AI policies, adaptive controls, and board-level reporting on AI governance. Juncker notes that 8% of users contribute to 80% of organizational risk, underscoring the importance of behavioral monitoring. The conversation concludes with insights on integrating AI security into existing cybersecurity frameworks.