What if the real problem with cybersecurity today is not the threats we see, but the way we prove who we are online?

In this episode of the Business of Cybersecurity podcast, I sat down with Gonzalo Alonso, CEO of Ditto, to explore why digital identity has quietly become one of the most important and misunderstood challenges in our digital economy. Drawing on his experience at Microsoft, Google, and now Ditto, Gonzalo shares a perspective that challenges long-held assumptions about how identity works, who owns it, and why the current model is starting to break under pressure from AI, regulation, and evolving user expectations.

We unpack what is changing across Europe with initiatives like the European Digital Identity Wallet and what that really means in practice for both consumers and businesses. Gonzalo explains how the shift toward user-controlled identity could reshape everything from onboarding and compliance to fraud prevention and cross-border trust. At the same time, he does not shy away from the complexity this creates for organizations that have historically treated identity data as an asset they control.

Our conversation also looks at the deeper technical shift from trusting systems to relying on cryptographic proof. Gonzalo brings this to life with real-world examples, including how identity could travel with you across borders, unlock access to services, and even influence financial opportunities. But alongside the opportunity, we also discuss the risks, from device security to identity recovery, and why getting the model right matters just as much as the technology behind it.

This episode offers a clear-eyed view of where digital identity is heading, why it matters now, and what leaders need to start thinking about before the rules change around them. So as identity moves from passwords and tokens to something far more personal and portable, are we ready to give control back to the individual, and what does that mean for the businesses built on the old model?

How prepared are businesses for a world where AI agents are quietly becoming some of the most powerful users inside their systems?

In this episode of Business of Cybersecurity, I sit down with Uri Haramati, CEO and co-founder of Torii, to unpack a shift that is happening faster than most organizations can keep up with. AI is no longer sitting on the sidelines as a productivity tool. It is now deeply embedded across platforms like Slack, Google Workspace, and CRM systems, often operating with levels of access that rival or even exceed human users. As Uri explains, that changes the entire security conversation, especially when many of these agents are effectively invisible to traditional identity and governance models.

What stood out to me in this conversation is how quickly AI adoption has moved from experimentation to something far more operational. Uri shares insights from Torii’s 2026 SaaS Benchmark Report, which reveals that enterprises added nearly 700 new AI applications in just one year, with 61 percent of all apps operating outside of IT oversight. That creates a growing blind spot, where non-human identities, API tokens, and automated workflows are interacting with sensitive data without clear ownership or lifecycle management. It is a shift that feels familiar, echoing past waves like BYOD, but this time the scale and speed are on another level.

We also explore why this is not simply a story about risk. There is a clear business driver behind this surge in AI adoption. Organizations are under pressure to control costs, reduce manual work, and get more value from their software stack. AI is stepping into that role, but it introduces new challenges around usage-based pricing, unexpected spend, and governance models that were designed for a much slower era of IT. Uri makes the case that the real issue is not adopting AI too quickly, but failing to evolve governance at the same pace.

By the end of the conversation, one idea really stayed with me. Within the next couple of years, non-human identities could outnumber human ones inside most enterprises. That raises a simple but uncomfortable question. If every actor in your system needs to be treated as an identity, how many do you actually have, and how many are you truly managing?

If this is a topic you are grappling with, I highly recommend checking out Torii’s 2026 SaaS Benchmark Report and connecting with Uri to continue the conversation. But for now, I would love to hear your perspective. Are we building the right guardrails for this new era of AI-driven access, or are we already further behind than we think?

What happens when AI makes your security teams faster, but leaves the same people carrying all the risk?

In this episode of Business of Cybersecurity, I sit down with Shan Kulkarni, CEO of Nullify, to discuss a growing tension that many security leaders are already feeling. AI is helping developers ship code faster than ever. Still, for product security teams, that speed often creates even more alerts, more vulnerabilities to review, and more pressure on already stretched teams.

Shan argues that the real issue is not productivity alone. It is accountability. When copilots increase output while ownership remains with the same engineers, the workload does not disappear. It multiplies.

We explore why Shan believes the next phase of enterprise AI will be shaped by autonomous AI employees rather than assistant-style tools.

He explains how Nullify is designed to onboard, reason, and act like a human security engineer, with access to code bases, ticketing systems, cloud environments, and internal documentation.

From validating whether a vulnerability is truly exploitable to assigning fixes and following up with developers, Shan shows how AI workers could replace several disconnected security tools and the extensive manual coordination required.

Our conversation also gets into trust, which remains one of the biggest barriers to adoption in high-risk environments. Shan talks openly about the safeguards needed before companies will feel comfortable allowing AI to take action instead of simply making suggestions.

We discuss merge-ready patches, exploit confidence scores, the rising threat surface created by AI-generated code, and why authorization, authentication, and business logic flaws may become some of the biggest risks in modern software.

It is a timely conversation about what security teams actually need right now: fewer dashboards, fewer false positives, and better ways to manage growing responsibility in a world of machine-speed software delivery. If you are trying to understand where AI fits inside security operations, and whether autonomous systems can truly ease the burden rather than increase it, this episode should give you plenty to think about.

What do you think, are we heading toward a future of AI teammates in cybersecurity, and how much responsibility are you willing to hand over?