Episode overview

Everyone is selling AI security — so when the threats are AI-generated and never look the same twice, can the tools built to match known attacks even see them?

In this episode of The Pluralsight Podcast, Zack Korman — co-founder of AI-native security startup Embroidery and former CTO — argues that the answer is no, and that most of what's being sold to close that gap doesn't work the way the marketing claims. Zack spends much of his time proving, hands-on, what AI agents can be tricked into doing, which makes him unusually clear-eyed about what actually protects an organization and what just looks like it does. From a law degree to leading security tech and product teams, he's built a following on a simple habit: cutting through the hype to find what's real.

We dig into why defending against AI-driven attacks requires AI-native detection. We also take a hard look at what leaders are getting wrong right now: assuming they have visibility into their AI agents when the audit logs barely exist, handing agents their own operator credentials instead of least privilege, and trusting vendor claims that fall apart the moment you follow the incentives behind them.

Topics covered:

•  Why AI-driven threats outpace signature-based detection — and what AI-native detection actually requires

• The Microsoft Copilot audit-log gap and why most organizations have far less visibility than they think

• How to tell genuine AI security from "AI-washed" tools and vendor hype

• How to weigh risk when deploying AI agents — and what responsible deployment looks like

• How to build and lead a security team ready for the AI era

Want to go deeper? Check out our weekly newsletters focused on Security, Cloud, and AI.

Follow Pluralsight on Linkedin and join the conversation.

Find Zach Korman on YouTube.

Find Zach Korman on X.

Connect directly with Zach Korman on LinkedIn.

Questions or comments? podcast@pluralsight.com