The AI Control Loop: What's Missing in AI Security Today - with Craig Thomas of Wallarm episode artwork

EPISODE · Jul 8, 2026 · 20 MIN

The AI Control Loop: What's Missing in AI Security Today - with Craig Thomas of Wallarm

from Code Story: Insights from Startup Tech Leaders · host Noah Labhart - Startup Founder & CTO

Today, we are dropping another episode in our series The AI Control Loop, How enterprises govern the AI they've already deployed - sponsored by our friends at Wallarm.Wallarm is the AI Control Platform for Enterprise AI, protecting every AI workload, API, and application in production, giving CISOs the governance they need and CIOs the speed they demand. Organizations choose Wallarm for a complete inventory of APIs, AI agents, and AI apps, patented AI/ML-based threat detection and blocking that operates at production traffic speeds.In today's episode, Craig Thomas, Sr. Solutions Engineer at Wallarm, returns to the show to dive into why runtime behavior is the critical blind spot, and what CISOs should demand if they want to move from policy to control.QuestionsSecurity teams are used to detecting incidents and responding after the fact. Why is that model becoming insufficient for AI-driven systems?Building on that, when we talk about response today, enforcement often means actions like restarting pods, rotating credentials, or shutting down services. Why can those measures come too late in an AI environment?So if traditional response isn't enough, why does AI behavior require controls that operate much closer to runtime?And when people hear "runtime enforcement," they may think of existing security controls. What changes when enforcement happens at the kernel level rather than only at the network, identity, or application layer?Can you make that tangible for us? What does it actually mean to revoke or contain a compromised AI session without disrupting the broader deployment?How does that kind of real-time containment change the risk equation for AI agents that have access to sensitive data, external services, or production workflows?With that in mind, what are some examples of AI behaviors that organizations should be able to stop immediately?Of course, security teams also don't want to become a bottleneck. How do organizations balance strong enforcement with the need to keep AI development and deployment moving quickly?And once organizations have the ability to discover, observe, and enforce AI behavior in real time, how does that change accountability at the enterprise level? What does good governance look like from there?Linkshttps://www.wallarm.com/https://www.linkedin.com/in/cu-craigthomas/Full AbstractThis episode examines what is actually missing in AI security today. Craig Thomas, Sr. Solutions Engineer at Wallarm, dives into why runtime behavior is the critical blind spot, and what CISOs should demand if they want to move from policy to control.CIOs and CISOs have moved past debating whether AI security matters. The question now is what to actually do about it, and most organizations are finding that their existing tools answer a different question than the one AI is asking.Traditional security tools were built around access: who can reach a system, what credentials they present, what traffic looks like at the perimeter. AI shifts the problem to execution: what a system does once it has access, whether that behavior matches what the business intended, and how you know when it doesn't. Most current tooling has no answer for that. It can tell you what is deployed and what is configured. It cannot tell you what your AI is actually doing at runtime, on whose behalf, or whether any of it violates the policies you thought were in place.That gap is where most AI security programs stall. There is no shortage of governance frameworks, compliance checklists, and vendor claims. What is missing is operational control: the ability to see AI behavior as it happens, enforce policy at runtime, and produce evidence that holds up when an auditor or a board asks for it. The four capabilities that define a closed AI control loop, discover, observe, enforce, govern, are well understood as a category. Getting all four working together in production is where the real work begins.Our Sponsors:* Check out Cash App and use my code CASHAPP10 for a great deal: https://click.cash.app/ui6m/mt82fpxl #CashAppPod. Cash App is a financial services platform, not a bank. Banking services provided by Cash App’s bank partner(s). Prepaid debit cards issued by Sutton Bank, Member FDIC. See terms and conditions at https://cash.app/legal/us/en-us/card-agreement. Cash App Green, overdraft coverage, borrow, cash back offers and promotions provided by Cash App, a Block, Inc. brand. Visit http://cash.app/legal/podcast for full disclosures.* Check out Plaud AI and use my code CODESTORY for a great deal: https://plaud.aiAdvertising Inquiries: https://redcircle.com/brandsPrivacy & Opt-Out: https://redcircle.com/privacy

Today, we are dropping another episode in our series The AI Control Loop, How enterprises govern the AI they've already deployed - sponsored by our friends at Wallarm. Wallarm is the AI Control Platform for Enterprise AI, protecting every AI workload, API, and application in production, giving CISOs the governance they need and CIOs the speed they demand. Organizations choose Wallarm for a complete inventory of APIs, AI agents, and AI apps, patented AI/ML-based threat detection and blocking that operates at production traffic speeds. In today's episode, Craig Thomas, Sr. Solutions Engineer at Wallarm, returns to the show to dive into why runtime behavior is the critical blind spot, and what CISOs should demand if they want to move from policy to control. Our Sponsors: * Check out Cash App and use my code CASHAPP10 for a great deal: https://click.cash.app/ui6m/mt82fpxl #CashAppPod. Cash App is a financial services platform, not a bank. Banking services provided by Cash App’s bank partner(s). Prepaid debit cards issued by Sutton Bank, Member FDIC. See terms and conditions at https://cash.app/legal/us/en-us/card-agreement. Cash App Green, overdraft coverage, borrow, cash back offers and promotions provided by Cash App, a Block, Inc. brand. Visit http://cash.app/legal/podcast for full disclosures. * Check out Plaud AI and use my code CODESTORY for a great deal: https://plaud.ai Advertising Inquiries: https://redcircle.com/brands Privacy & Opt-Out: https://redcircle.com/privacy

NOW PLAYING

The AI Control Loop: What's Missing in AI Security Today - with Craig Thomas of Wallarm

0:00 20:16

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

MG Show MG Show The MG Show, hosted by Jeffrey Pedersen and Shannon Townsend, is a leading alternative media platform dedicated to uncovering the truth behind today’s most pressing political issues. Launched in 2019, the show has grown exponentially, offering unfiltered insights, comprehensive research, and real-time analysis. With a commitment to independent journalism and factual integrity, the MG Show empowers its audience with knowledge and encourages active participation in the political discourse. Breaking News Show | eTurboNews Juergen Thomas Steinmetz News is relevant to the global travel and tourism industry, human rights and global issues.Breaking news when it happens and only from the source. French Your Way Jessica: Native French teacher founder of French Your Way Boost your French listening skills and test your comprehension with this one of a kind series of podcasts. Get the chance to listen to a real conversation between native speakers talking at normal speed AND customise your learning experience through carefully designed sets of questions (2 levels of difficulty) available for download at www.frenchvoicespodcast.com. All interviews also come with the transcript. French teacher Jessica interviews native speakers of French from around the world who share a bit of their life and passion. Where else would you meet in one same place a French yoga teacher based in Melbourne, a soap manufacturer from Provence, or a couple cycling around the world? The Small Business Startup School – Business Notes | Financial Literacy | Retail Psychology – For Professionals & Entrepreneurs The Small Business Startup School Inc. Starting or buying a small business? While personal circumstances may vary, business patterns remain timeless. On The Small Business Startup School, we explore strategies, insights, and practical solutions to help entrepreneurs confidently navigate their journey.Hosted by Ola Williams—a retail entrepreneur, fintech founder, and financial coach with over two decades of experience—this podcast marries financial awareness and retail psychology with optimism to deliver actionable takeaways.Join us to learn, grow, and connect as we uncover the keys to business success.Let’s continue to learn together and be encouraged to keep on connecting!

Frequently Asked Questions

How long is this episode of Code Story: Insights from Startup Tech Leaders?

This episode is 20 minutes long.

When was this Code Story: Insights from Startup Tech Leaders episode published?

This episode was published on July 8, 2026.

What is this episode about?

Today, we are dropping another episode in our series The AI Control Loop, How enterprises govern the AI they've already deployed - sponsored by our friends at Wallarm.Wallarm is the AI Control Platform for Enterprise AI, protecting every AI...

Can I download this Code Story: Insights from Startup Tech Leaders episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!