With AI evolving rapidly, safeguarding machine identities is more crucial than ever. Learn how kill switches and identity management play a key role in securing AI-driven systems.
Hello Kevin. We are very excited to have you onboard. Could you tell us about your journey that started in cybersecurity and now has led you to be known as a renowned author?
I started my career journey as a developer and found myself working most often on cybersecurity issues. Applications needed to authenticate users and their inputs that I was building – what became more than the application was the security behind it. I now have more than 25 years of experience in cybersecurity, working with industry leaders like RSA Security, PGP Corporation, IronKey, CipherCloud, and Xcert. As the Chief Innovation Officer at Venafi, a CyberArk Company, I head up machine identity security for workload identity, Kubernetes, and artificial intelligence. I also lead CyberArk’s technology ecosystem and developer community, ensuring we future-proof our customers’ success.
You have 25 years of experience, working in Germany as well as the US. What significant changes have you seen and implemented to sustain the evolution of the technology in all these years?
We’ve worked to get ahead of the attacker – always looking for ways to authenticate users, keep private data, and now most importantly, authenticate every machine from code to the cloud.
AI is on the rise and has been mitigating most of the tedious tasks, but we know it definitely comes with its own set of risks. What specific risks have you seen on the rise from AI generated codes?
New AI technology – from AI agents to AI coding assistants – creates new opportunities for attackers to authenticate at machine speed and also creates uncertainty about the source and integrity of code. Recent research underscores a growing challenge: 83% of security leaders report that developers are using AI to generate code, but 66% find it difficult to keep up with these rapid technological advancements. Additionally, 92% of security leaders expressed concern about the risks posed by AI-generated code.
If the machines are here and security professionals are so concerned, what do we do? Humans and machines have at least one thing in common: they both require identities. We use machine identities to identify machines running and communicating and use code signing to authenticate code from open source. All of this allows us to use the internet, install apps on mobile devices, and fly safely on today’s latest digital aircraft. Applying these same machine identity techniques – when secured – solves the challenges that AI agents to AI coding assistants will present.
On that note, tell our readers what AI ‘Kill Switch’ is and how it functions?
In industries like manufacturing and chemical processing, kill switches are common – they provide a safe way to stop a dangerous situation from getting out of control. How can we develop a ‘kill switch’ for AI so that if a machine goes rogue, we can still control and stop it from creating harm? When we talk of an AI ‘kill switch,’ we are not talking about one switch, and it would not be a physical switch either. There is a single kill switch per model based on its identity; it will have unique identities from training to production, protecting it at every stage. AI is just another machine, and understanding this will eliminate breaches we’ve seen time and time again where identity security – of APIs, of code, of cloud, of malware – has been an afterthought.
Please provide examples or scenarios where an AI kill switch can prevent a major security incident?
We authenticate every model, and every model authenticates its actions. With machine identity security, we can uniquely authorize and if needed, revoke access. So whether it’s the model executing against a large vector database or connecting to transaction processing, when we revoke the identity, we eliminate access and stop the model from running. That’s the power of a kill switch. In essence, removing one of these identities is like taking its passport away, making it incredibly difficult for the entity to function. If an AI system is compromised by hackers, using this kill switch can prevent it from communicating with specific services or shut it down entirely – preventing further damage and ensuring the threat is contained.
What kind of industries do you think would benefit mostly from AI kill switches?
Every industry from finance to logistics. Business is now machines, and quickly the most important machines will be AI.
As we are entering the quantum-future, what kind of challenges will AI security face?
Quantum computers will make AI incredibly more powerful, and this powerful AI will pose even more security risks than AI does today. For example, today, we have polymorphic malware – meaning it can change itself programmatically with AI. Beyond that is super polymorphic malware, which will be even more powerful than polymorphic malware. AI has and will continue to introduce increasingly complex attack vectors. Theoretically, quantum-enabled AI could create authenticated identities on demand and target any organization.
How can this kill Switch be implemented to address these challenges?
A kill switch is about always authenticating every model each time it runs – knowing what work it’s doing and authorizing the action. Activating the kill switch could prevent a compromised AI model, such as the super polymorphic malware, from communicating with specific services or even shutting it down entirely. This would prevent further damage and ensure the threat is contained.
What methods do you use to keep Venafi’s technology Quantum future-proof when the AI keeps on evolving at a faster pace?
Machine identity security is at the core of post-quantum readiness and is the biggest responsibility for security teams in post-quantum preparedness. ISVs (independent software vendors) will develop quantum updates, but it’s the enterprise’s responsibility to know, change and validate the machine identities that would be vulnerable to a quantum attack.
Do share some advice for our fellow tech leaders about the future of AI and how to sustain its security.
AI developers should focus on implementing stronger identity controls to bring kill switches, just like we’re used to with possibly dangerous equipment and systems. This will help prevent AI systems from being compromised or exploited for malicious purposes. By using robust identity controls linked to a kill switch, businesses can control the use and safety of AI – and if needed, immediately terminate compromised or misbehaving models wherever they are running.
Kevin Bocek
Chief Innovation Officer at Venafi, a CyberArk Company
Leading Venafi’s growth in new innovations, Kevin is at the forefront of Venafi’s cutting edge machine identity management for workload identity, Kubernetes and AI. He also drives Venafi’s award-winning technology ecosystem and developer community to futureproof customer success and is responsible for the company’s Machine Identity Management Development Fund, which has sponsored innovations with more than 50 developers globally.
Kevin brings more than 25 years of experience in cybersecurity with industry leaders including RSA Security, PGP Corporation, IronKey, CipherCloud, Thales, nCipher and Xcert. He has authored several books and is often sought after for comment by the world’s leading media, such as The Wall Street Journal, The New York Times, CNN, BBC, Reuters, Süddeutsche Zeitung, and Handelsblatt, along with security press including SC Magazine, Dark Reading and Heise. Kevin holds a B.S. in chemistry from the College of William and Mary and an MBA from Wake Forest University. He is a member of The Forbes Technology Council and advisor for cybersecurity startups.
About Venafi, a CyberArk Company
Venafi, a CyberArk company, offers the most comprehensive solutions to address critical challenges in PKI, certificate management and workload identity management. Through centralized visibility and automation, Venafi helps customers monitor and secure any machine identity, anywhere, across extended enterprise networks. As an innovative leader, Venafi solves today’s greatest machine identity challenges while anticipating those of tomorrow.
By combining Venafi’s best-in-class machine identity management with CyberArk’s leading identity security capabilities, these two category creators together establish the world’s first platform for end-to-end machine identity security at enterprise scale.