Steve Wilson is the Chief AI and Product Officer at Exabeam, where his team applies cutting-edge AI technologies to tackle real-world cybersecurity challenges. He founded and co-chairs the OWASP Gen AI Security Project, the organization behind the industry-standard OWASP Top 10 for Large Language Model Security list.
His award-winning book, “The Developer’s Playbook for Large Language Model Security” (O’Reilly Media), was selected as the best Cutting Edge Cybersecurity Book by Cyber Defense Magazine.
Exabeam is a leader in intelligence and automation that powers security operations for the world’s smartest companies. By combining the scale and power of AI with the strength of our industry-leading behavioral analytics and automation, organizations gain a more holistic view of security incidents, uncover anomalies missed by other tools, and achieve faster, more accurate and repeatable responses. Exabeam empowers global security teams to combat cyberthreats, mitigate risk, and streamline operations.
Your new title is Chief AI and Product Officer at Exabeam. How does this reflect the evolving importance of AI within cybersecurity?
Cybersecurity was among the first domains to truly embrace machine learning—at Exabeam, we’ve been using ML as the core of our detection engine for over a decade to identify anomalous behavior that humans alone might miss. With the arrival of newer AI technologies, such as intelligent agents, AI has grown from being important to absolutely central.
My combined role as Chief AI and Product Officer at Exabeam reflects exactly this evolution. At a company deeply committed to embedding AI throughout its products, and within an industry like cybersecurity where AI’s role is increasingly critical, it made sense to unify AI strategy and product strategy under one role. This integration ensures we’re strategically aligned to deliver transformative AI-driven solutions to security analysts and operations teams who depend on us most.
Exabeam is pioneering “agentic AI” in security operations. Can you explain what that means in practice and how it differentiates from traditional AI approaches?
Agentic AI represents a meaningful evolution from traditional AI approaches. It’s action-oriented—proactively initiating processes, analyzing information, and presenting insights before analysts even ask for them. Beyond mere data analysis, agentic AI acts as an advisor, offering strategic recommendations across the entire SOC, guiding users toward the easiest wins and providing step-by-step guidance to improve their security posture. Additionally, agents operate as specialized packs, not one cumbersome chatbot, each tailored with specific personalities and datasets that integrate seamlessly into the workflow of analysts, engineers, and managers to deliver targeted, impactful assistance.
With Exabeam Nova integrating multiple AI agents across the SOC workflow, what does the future of the security analyst role look like? Is it evolving, shrinking, or becoming more specialized?
The security analyst role is definitely evolving. Analysts, security engineers, and SOC managers alike are overwhelmed with data, alerts, and cases. The real future shift is not just about saving time on mundane tasks—though agents certainly help there—but about elevating everyone’s role into that of a team lead. Analysts will still need strong technical skills, but now they’ll be leading a team of agents ready to accelerate their tasks, amplify their decisions, and genuinely drive improvements in security posture. This transformation positions analysts to become strategic orchestrators rather than tactical responders.
Recent data shows a disconnect between executives and analysts regarding AI’s productivity impact. Why do you think this perception gap exists, and how can it be addressed?
Recent data shows a clear disconnect: 71% of executives believe AI significantly boosts productivity, but only 22% of frontline analysts, the daily users, agree. At Exabeam, we’ve seen this gap grow alongside the recent frenzy of AI promises in cybersecurity. It’s never been easier to create flashy AI demos, and vendors are quick to claim they’ve solved every SOC challenge. While these demos dazzle executives initially, many fall short where it counts—in the hands of the analysts. The potential is there, and pockets of genuine payoff exist, but there’s still too much noise and too few meaningful improvements. To bridge this perception gap, executives must prioritize AI tools that genuinely empower analysts, not just impress in a demo. When AI truly enhances analysts’ effectiveness, trust and real productivity improvements will follow.
AI is accelerating threat detection and response, but how do you maintain the balance between automation and human judgment in high-stakes cybersecurity incidents?
AI capabilities are advancing rapidly, but today’s foundational “language models” underpinning intelligent agents were originally designed for tasks like language translation—not nuanced decision-making, game theory, or handling complex human factors. This makes human judgment more essential than ever in cybersecurity. The analyst role isn’t diminished by AI; it’s elevated. Analysts are now team leads, leveraging their experience and insight to guide and direct multiple agents, ensuring decisions remain informed by context and nuance. Ultimately, balancing automation with human judgment is about creating a symbiotic relationship where AI amplifies human expertise, not replaces it.
How does your product strategy evolve when AI becomes a core design principle instead of an add-on?
At Exabeam, our product strategy is fundamentally shaped by AI as a core design principle, not a superficial add-on. We built Exabeam from the ground up to support machine learning—from log ingestion, parsing, enrichment, and normalization—to populate a robust Common Information Model specifically optimized to feed ML systems. High-quality, structured data isn’t just important to AI systems—it’s their lifeblood. Today, we directly embed our intelligent agents into critical workflows, avoiding generic, unwieldy chatbots. Instead, we precisely target crucial use-cases that deliver real-world, tangible benefits to our users.
With Exabeam Nova, you’re aiming to “move from assistive to autonomous.” What are the key milestones for getting to fully autonomous security operations?
The idea of fully autonomous security operations is intriguing but premature. Fully autonomous agents, across any domain, simply aren’t yet efficient or safe. While decision-making in AI is improving, it hasn’t reached human-level reliability and won’t for some time. At Exabeam, our approach isn’t chasing total autonomy, which my group at OWASP identifies as a core vulnerability known as Excessive Agency. Giving agents more autonomy than can be reliably tested and validated puts operations on risky ground. Instead, our goal is teams of intelligent agents, capable yet carefully guided, working under the supervision of human experts in the SOC. That combination of human oversight and targeted agentic assistance is the realistic, impactful path forward.
What are the biggest challenges you’ve faced integrating GenAI and machine learning at the scale required for real-time cybersecurity?
One of the biggest challenges in integrating GenAI and machine learning at scale for cybersecurity is balancing speed and precision. GenAI alone can’t replace the sheer scale of what our high-speed ML engine handles—processing terabytes of data continuously. Even the most advanced AI agents have a “context window” that is vastly insufficient. Instead, our recipe involves using ML to distill massive data into actionable insights, which our intelligent agents then translate and operationalize effectively.
You co-founded the OWASP Top 10 for LLM Applications. What inspired this, and how do you see it shaping AI security best practices?
When I launched the OWASP Top 10 for LLM Applications in early 2023, structured information on LLM and GenAI security was scarce, but interest was incredibly high. Within days, over 200 volunteers joined the initiative, bringing diverse opinions and expertise to shape the original list. Since then, it’s been read well over 100,000 times and has become foundational to international industry standards. Today, the effort has expanded into the OWASP Gen AI Security Project, covering areas like AI Red Teaming, securing agentic systems, and handling offensive uses of Gen AI in cybersecurity. Our group recently surpassed 10,000 members and continues to advance AI security practices globally.
Your book, ‘The Developer’s Playbook for LLM Security‘, won a top award. What’s the most important takeaway or principle from the book that every AI developer should understand when building secure applications?”
The most important takeaway from my book, “The Developer’s Playbook for LLM Security,” is simple: “with great power comes great responsibility.” While understanding traditional security concepts remains essential, developers now face an entirely new set of challenges unique to LLMs. This powerful technology isn’t a free pass, it demands proactive, thoughtful security practices. Developers must expand their perspective, recognizing and addressing these new vulnerabilities from the outset, embedding security into every step of their AI application’s lifecycle.
How do you see the cybersecurity workforce evolving in the next 5 years as agentic AI becomes more mainstream?
We’re currently in an AI arms race. Adversaries are aggressively deploying AI to further their malicious goals, making cybersecurity professionals more crucial than ever. The next five years won’t diminish the cybersecurity workforce, they’ll elevate it. Professionals must embrace AI, integrating it into their teams and workflows. Security roles will shift toward strategic command—less about individual effort and more about orchestrating an effective response with a team of AI-driven agents. This transformation empowers cybersecurity professionals to lead decisively and confidently in the battle against ever-evolving threats.
Thank you for the great interview, readers who wish to learn more should visit Exabeam.
Credit: Source link
