How GenAI is Powering App Security with Cisco’s CPO of Panoptica Alex Jauch

At SaaStr’s inaugural AI Day, the Senior Director of Product Management at Panoptica by Cisco, its incubation team, Alex Jauch, talks about how GenAI is powering app security, how Cisco is using it, and how you can use GenAI to protect other businesses. 

Did You Say Hype Cycle?

A lot of hype cycles have come along where people say, “This is going to change the world, and everything will be different.” Alex never really jumped on that bandwagon until now. GenAI does change everything. 

However, that doesn’t protect us from the hype cycle. GenAI is overhyped. People are saying hard-to-believe things that probably won’t happen. So, two truths can, and do, exist. 

1. You can have crazy innovation happening. 
2. Simultaneously, it can be overhyped. 

As a product manager, you bring features into the product and add value for customers. It can be challenging to have bubbly conversations about everything GenAI might do while also being hard-nosed about actually helping customers do their jobs better. 

One true thing, though, is that GenAI has become the fourth pillar for UX. When you think about GenAI, especially LLMs, you’re always considering the way your UX is going to grow. The way your product will grow will be different because the platform allows you to do things you couldn’t do before. These kinds of nonlinear use cases are possible today, where they weren’t before. 

Make AI Intrinsic to the Way the Product Works

GenAI is great at some things, things it can detect and work on, nonlinear problems that are traditionally very difficult for software to go after. Now, you can go after it. Alex’s team has embedded this deeply in the UX of the product they’re building called Panoptica, a Cloud-native security product. 

Of course, they have an AI-based chatbot in the product. Everyone will have one because it’s so obvious and easy to build. But chatbots won’t be a huge differentiating feature because they are relatively easy to build.

The focus should always be on the customer. How is their life different when you bring these features into the product vs. how they are now? You’ll discover that on your own. Here’s what Cisco has found. 

1. It’s really good at repetitive, derivative work. Look at every security violation you’ve had in the last two years and summarize it. Yes, a human can do it, but an AI-based assistant will be way faster doing that kind of work. 
2. When you combine traditional ML activities like anomaly detection with newer things, like LLMs, you get this interactive interface where you can say, “Hey, can you summarize for me the anomalies we’ve had in the last hour or minute?” They become much easier to build. 
3. GenAI is really good at context. When you give the AI that context, you get the answer in a much cleaner way. As security professionals, what that allows you to do is explain the security problem to someone who may not be super familiar with it. 

Security is one of those fields that can be very bitsy-bite-sy. There’s a lot of detail. You’ll have some random code number that says you have this attack vector take these steps. People can get very lost. 

And, of course, it’s all about natural language. You don’t want to put your customers in a situation where they have to spend three weeks learning a query language. That doesn’t make sense. Ask me a question, and I’ll answer it. 

With Great Power Comes a Lot of Problems

GenAI is both good and bad. It opens up a lot of possibilities, capabilities, speed, and velocity, but you also create problems. It’s more difficult to test, and we’re seeing this in the market right now. Companies are already having problems with GenAI features.

At OWASP, they pointed out the top 10 problems to watch out for, specifically the top two. 

1. Prompt injection
2. Insecure output handling 

Those two seem to be happening in the market, and you want to be aware of and control them in your production environment. 

Key Takeaways

• You still have to have a balance between speed and security. The world is speeding up, and GenAI is making it even faster. 
• Security is just another non-functional requirement. Just like performance and compliance, it should be part of every sprint. 
• Sites need to be secure. You don’t have to spend massive amounts of money to get going. Aim for 10% or less of your Cloud bill on security and GenAI security tools.