AI's democratization of capabilities creates a paradox: the same technology that enables a three-person firm to compete with enterprise operations also enables nation-state actors to target them at scale. Daryan Dehghanpisheh, North America’s GTM Leader for AI Security at Palo Alto Networks, breaks down why defense contractors can no longer operate under the assumption they're too small for sophisticated targeting.
Daryan’s two-debt framework separates technical debt from organizational debt (the latter being significantly harder to pay off) making security solutions that eliminate both critical for companies that can't afford to build internal security teams.
Topics discussed:
- Extending vulnerability management processes into AI components like models, agents, and MCP servers using specialized tools
- Distinguishing technical debt from organizational debt with the latter being significantly harder to eliminate when building internal security
- Targeting defense contractors and SMBs by nation-state actors through democratized AI attack tools
- Evolving ransomware tactics from billing system attacks to destroying operational technology like CNC routers and physical equipment
- Adopting enterprise-sanctioned AI versus uncontrolled employee AI usage on personal devices across networks
- Addressing supply chain vulnerabilities where small businesses represent the weakest security links for large enterprises in upstream and downstream operations