Apr 21, 2025

In this interview, we're excited to speak with Pravi Devineni, who was into AI before it was insane. Pravi has a PhD in AI and remembers the days when machine learning (ML) and AI were synonymous. This is where we'll start our conversation: trying to get some perspective around how generative AI has changed the overall landscape of AI in the enterprise.

Then, we move on to the topic of AI safety and whether that should be the CISO's job, or someone else's.

Finally, we'll discuss the future of AI and try to end on a positive or hopeful note!

What a time to have this conversation! Mere days from the certain destruction of CVE, averted only in the 11th hour, we have a chat about vulnerability management lifecycles. CVEs are definitely part of them.

Vulnerability management is very much a hot mess at the moment for many reasons. Even with perfectly stable support from the institutions that catalog and label vulnerabilities from vendors, we'd still have some serious issues to address, like:

• disconnects between vulnerability analysts and asset owners
• gaps and issues in vulnerability discovery and asset management
• different options for workflows between security and IT: which is best?
• patching it like you stole it

Oh, did we mention Matt built an open source vuln scanner?

• https://sirius.publickey.io/

In the enterprise security news,

1. lots of funding, but no acquisitions?
2. New companies
3. new tools
4. including a SecOps chrome plugin
5. and a chrome plugin that tells you the price of enterprise software
6. prompt engineering tips from google
7. being an Innovation Sandbox finalist will cost you
8. Security brutalism
9. CVE dumpster fires
10. and a heartwarming story about a dog, because we need to end on something happy!

All that and more, on this episode of Enterprise Security Weekly.

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-403