Waldo Security's CTO, Martin Snyder, discusses how the shift towards Zero Trust architectures reflects the challenge of securing data in an AI-driven environment.
The most secure world is a black box where nothing comes in and nothing goes out. But it's the least efficient; your business isn't going to run. The premise of security has never changed: know what you have and secure it. The problem is that the first part of that—'know what you have'—has become way, way trickier.
As AI and SaaS accelerate the enterprise, the tradeoff is clear. Efficiency goes up, visibility goes down, and security is left in the dark. To Martin Snyder, CTO of Waldo Security, the AI boom isn’t progress. It’s a security breakdown in motion.
Secure, but at what cost?: "The most secure world is a black box where nothing comes in and nothing goes out. But it's the least efficient; your business isn't going to run," says Snyder. "The premise of security has never changed: know what you have and secure it. The problem is that the first part of that—'know what you have'—has become way, way trickier." Snyder argues that the pursuit of perfect security is a business-killer, a philosophy that aligns with the industry's shift towards Zero Trust architectures that assume the perimeter is already compromised.
Already too late: "Assume the data is mixed, reused, and repurposed by default," says Snyder. "Every message, every email, every meeting—AI is already in the loop, training on it, extracting from it. The risk profile spikes the moment a platform is in play." While most leaders are still debating how to govern AI, Snyder argues that phase has already passed. The price of admission for using nearly any modern platform is data exposure, and it’s a cost already paid.
Contrary to the hype, the promise that AI will streamline security operations hasn’t panned out. For teams on the ground, the reality is far more complicated. "An error ratio of 100-to-1 in security is horrible. If an AI makes 100 decisions and one is wrong, that's bad," he explains. "You still have to go through and check its work, so it's not actually resolving the problem. Now people try to use AI to fight AI—to sort through all those triggers—and you just end up with more work."
The SaaS tsunami: The AI explosion is part of a much larger, more uncontrollable problem: SaaS sprawl. "We used to worry about someone bringing in a USB flash drive. Now, the risky stuff is introduced by someone going on a website and clicking a button," Snyder says. With the average organization running over 100 SaaS applications, and IT teams aware of only a small fraction, Snyder says the disconnect is massive. "Every single customer we have is off by a factor of 10 or 20 on how many SaaS apps they think they have," he warns. "No one knows what's in their environment anymore. The unknown is going to roll you over."
In a landscape defined by opacity, the starting point is simple: figure out what’s actually in use. SaaS Management Platforms, built to continuously discover and inventory applications, are gaining traction fast. But visibility alone isn’t enough. Snyder points to a familiar discipline making a comeback: third-party risk management. "It’s always been around. You assess vendors and their risk," he says. "Trying to govern AI is really just trying to govern your vendors. That’s your only real lever."
