3134: Transforming Cloud Security: The Power of Agentic AI with Sysdig

[00:00:04] What if AI could act not just as a tool, but as a team of domain experts working seamlessly to tackle complex tasks?

[00:00:13] Today I'm going to be talking about a big topic that is filling up our news feeds, Agentic AI.

[00:00:19] It's already gaining momentum in both technology and culture, particularly in areas where speed, precision and adaptability are essential.

[00:00:28] What I'm talking about there, of course, is cybersecurity.

[00:00:30] So today the CTO and founder of Sysdig is going to be talking to me.

[00:00:36] He's a leader in cloud security, known for building the first AI-powered cloud security tool based on Agentic AI.

[00:00:44] And my guest brings a wealth of experience in network and cloud security.

[00:00:48] So together I'm looking forward to discussing why Agentic AI is growing in popularity,

[00:00:53] the challenges around its adoption such as latency and cost, and how this paradigm is redefining enterprise cloud security.

[00:01:02] Is this the next evolution of AI applications? And can it live up to its promise?

[00:01:09] Not a question for me to answer. Time for me to get today's guest on.

[00:01:14] So a massive warm welcome to the show.

[00:01:17] Can you tell everyone listening a little about who you are and what you do?

[00:01:22] First of all, thank you for having me.

[00:01:24] My name is Loris DeGioanni and I am CTO and founder at Sysdig.

[00:01:29] And you say that though, but you've been at the forefront of open source innovation with tools such as Sysdig and Falco.

[00:01:38] So I've got to ask you, I always like to dig a little bit deeper on the origin story of my guests.

[00:01:43] What inspired you to found Sysdig and then later focus on leveraging Agentic AI for cloud security, which is a huge topic right now?

[00:01:53] But I feel there's a big story behind it all. What is that?

[00:01:57] Yeah. So first of all, Sysdig is one of the leaders in cloud security.

[00:02:04] We offer a platform that secures people's journey in the cloud, offering a range of functionality from risk and compliance, vulnerability management, detection and response, and user intent on security.

[00:02:27] Pretty much everything that has to do with security, securing people's application when these applications are running the cloud.

[00:02:35] Sysdig is my second company.

[00:02:37] My first company was called Case Technologies and was the company behind a very well known and popular open source network analyzer called Warshark.

[00:02:46] Warshark is a tool that I developed when I was still in university in Italy.

[00:02:55] And it's a tool that focuses on offering you full visibility on computer networks and the applications that are running on the networks.

[00:03:06] And that's what I've done for the majority of my career for the first 10 years of my career.

[00:03:13] And then I realized, you know, the company was acquired in 2010.

[00:03:19] And I realized that what we were doing by offering, you know, like visibility using network packets and analyzing the traffic that goes through the network was not easy to do anymore.

[00:03:33] Because in the cloud, you know, it's not easy to have a point where you can go and tap and collect all of these packets.

[00:03:41] But at the same time, the stuff that we're doing, I used to say, you know, during those years, packets never lie, you know, because if you can see, you know, the activity on the network, you absolutely have the source of truth, you know, of something that is happening.

[00:03:56] And so when starting CISD, essentially, I try to think, okay, in a world where the technology stack is evolving and the world is changing and everybody's moving to the cloud, what is the best way essentially to offer like the deep visibility and the ability to collect runtime threats in a responsive way so that people can protect their infrastructures?

[00:04:19] This problem is even more important in the cloud because our threat research team showed that on average, an attack in the cloud, less than 10 minutes, you know.

[00:04:29] So in such a short amount of time, you need to detect that something is happening and you need to take action, you know, and do something to protect your software, your infrastructure.

[00:04:40] And what Sysdig does today, you know, we created essentially a technology that is the best one to tell you, you know, today, what every other cybersecurity tool will tell you tomorrow, you know, and tomorrow is too late.

[00:04:55] So we detect very quickly and we're able to apply these insights that we are able to collect to protect in a broad way your cloud application.

[00:05:03] So this is a story, you know, where it comes from and where Sysdig is today, essentially.

[00:05:10] I love that.

[00:05:12] And just a few months ago, Gart named Argentic AI, as I think it was the number one strategic trend to watch in 2025.

[00:05:21] And since they announced that, it's been gaining traction both culturally and technologically.

[00:05:26] But from your perspective, as someone in the heart of this space, why do you think this form of AI is becoming so popular?

[00:05:33] And what are the unique opportunities that it brings to cloud security?

[00:05:38] So in general, I would say AI, as we all know, is again changing technology.

[00:05:50] And I think we are barely starting seeing the value that it can add, you know.

[00:05:57] Of course, it's extremely useful to have something like chat GPT being able to, like, proofread your emails or help you with writing blog posts or summarizing documents and so on.

[00:06:12] But I think that there's a wave, the real wave of stuff that is coming will be applying these little human-like brains to many important use cases that have been challenging historically, you know, for humanity.

[00:06:31] I operate in the cybersecurity space.

[00:06:34] Since then, my company operates in the cybersecurity space.

[00:06:36] And there's a lot of opportunity in cybersecurity to essentially, you know, offer a solution that can complement, assist, and support humans in the very complex task of securing software applications and protecting them from attacks and threats.

[00:07:01] Attacks are becoming faster and faster, are becoming more and more sophisticated.

[00:07:05] Attacks are becoming more and more sophisticated and humans can only scale up to a certain point.

[00:07:11] So this is an area, one of the many areas, but I think an important one, where AI can really make a difference.

[00:07:19] And agentic AI specifically is, in my opinion, a core framework that can be used to make AI scale in complex, sophisticated,

[00:07:35] mission-critical use cases, like, for example, cybersecurity.

[00:07:42] We developed a CSD, an AI assistant called CSDX Sage, which is essentially, you know, like state-of-the-art in terms of offering, like, full, strong AI-based functionality to people that are operating our platform and, in general, trying to protect their cloud software infrastructure.

[00:08:03] Sage is something that we figured out relatively early on that we would make it scale only up to a certain point using, like, classic.

[00:08:17] It's funny to say classic when we're talking about AI, but classic prompting and fine-tuning techniques.

[00:08:23] And so we started experimenting quite early on into essentially the ability to use agents to be able to apply the Sage capabilities to multiple domains in a way that is accurate on one hand, but at the same time scales to very complex tasks.

[00:08:44] So, Sistig, you built the first AI-powered cloud security tool based on agentic AI, which is incredibly cool.

[00:08:53] I've not heard anything like this before.

[00:08:55] So can you tell me a bit more about how the technology works?

[00:08:58] And also, what is it that makes this different from other AI-driven security solutions?

[00:09:03] Because it is often deemed quite a crowded market.

[00:09:07] So what makes it stand out, do you think?

[00:09:10] Yeah, and it's always a challenge to talk about this without being able to demo it.

[00:09:16] You know, normally you do a demo and in a few seconds you can make it, you know, like very clear how this is unique.

[00:09:24] But describing it, you end up, you know, having to use words that are like, yeah, it's a crowded, especially cybersecurity.

[00:09:32] There are many vendors.

[00:09:33] Everybody claims everything, you know.

[00:09:35] So, but in general, what we are seeing today in cybersecurity is typically relatively confined applications of AI.

[00:09:51] The majority of which consists into training an AI to be able to interface with some kind of data storage or data repository to convert natural language questions and interactions into queries for this data store.

[00:10:17] And this is a very useful use case.

[00:10:20] Very often, you know, like security signals and security data end up in Splunk-like storage.

[00:10:29] And extracting insights from this data can be very challenging because there's a lot of data, because this data is heterogeneous, because the query interfaces for this data tend to be complex and require, you know, a lot of expertise and so on.

[00:10:46] So, typically what you can do is you can ask a question like, I don't know, where are my security risks and the AI can convert this into a query to some of this data and give you the results.

[00:11:03] Sage, Sage is designed to be more like a true assistant.

[00:11:09] So, you can interface with Sage, have full conversations, including follow-ups.

[00:11:18] You can, you know, start from the high level, drill down into specific problems.

[00:11:23] And what Sage does is it's interfaced with the SSD secure product through APIs.

[00:11:32] And it's able to behave as much as possible as a real user that is being trained to be a domain expert in the areas where our product operates.

[00:11:46] So, a domain expert in the product itself, but also in just the general cloud security domain.

[00:11:56] And Sage is designed to understand where you are in the user interface and so operate with you in context.

[00:12:05] So, you can ask Sage questions like, what is this?

[00:12:10] And Sage not what this is because it's sitting, you know, in the product together with you, knows what you're seeing, what you've clicked, how you got there, and so on.

[00:12:22] And so, it's almost like having more like a human that is there as the same context that you have can operate the product near you and together with you and can perform operations with you.

[00:12:37] So, based on this description, it's pretty clear that this needs to be versatile.

[00:12:46] It's much more than just converting like a sentence in English into a query to a database, but it's more like having real context, being able to predict what the user is doing, being able to support what the user is doing, and being able to carry on, you know, like a real process.

[00:13:06] It's a vulnerability management, a reduction campaign, or a threat investigation, or this kind of stuff, together with the user and as much as possible as a real user.

[00:13:17] These raise challenges because even just what the basic use case that I was describing, converting a sentence into a database query is something that is very complex.

[00:13:32] It's hard to convert to a accuracy and quality and cost and requires a lot of prompting skills and fine-tuning skills and a bunch of stuff like that just for that single specific task.

[00:13:51] Okay?

[00:13:52] So, essentially, what you need to do is you take a general purpose large language model and make it very good at just that single specific task.

[00:14:01] Just doing that typically tends to exhaust what you can do with an LLM, even a top-tier one, you know?

[00:14:11] And it's like you've already taught enough and you're already at the borderline not being able to teach that single task.

[00:14:21] So, now the question is, this is one of the many things that I describe the AI needs to do, right?

[00:14:27] So, how do you scale that?

[00:14:30] The way you scale it is sort of instead of creating one single expert, you create more than one expert.

[00:14:39] And then you try to make them work together in a way that mimics as much as possible a team of people.

[00:14:49] What happens when you need to solve a problem that is too complex for one single person?

[00:14:56] What you do is you create a team, you hire experts in different domains, you assemble them, you try to manage them, you give them a goal and the purpose.

[00:15:08] And then, hopefully, you hire a team that is smart enough, is skilled enough that they can operate together as a team toward the goal.

[00:15:19] So, this is our approach essentially to authentic AI.

[00:15:22] It's like we quite often hit the limits of an LLM through prompting and fine-tuning.

[00:15:29] The same way you would hit the limits of a single expert when you need to do a complex task.

[00:15:34] And we are essentially working on assembling a team that works together with the user.

[00:15:39] So, at this point, it's not an assistant, a single assistant for the user, but it's more like a team of assistants that operate together to support the user.

[00:15:50] And while authentic AI offers tremendous promise, it's also worth highlighting that when people think of authentic AI, it often comes with challenges.

[00:16:01] And by challenges, I mean things like latency and costs.

[00:16:05] So, on that side of things, have you addressed some of those pitfalls and lesser-known features or lesser-known aspects?

[00:16:13] And what lessons have you learned along the way in overcoming these challenges?

[00:16:18] Well, lesson number one is that these challenges that you're mentioning are real.

[00:16:24] At the same time, we are moving toward a trend.

[00:16:32] Like, I remember when we started working a couple of years ago on Sizzix Sage, cost was absolutely our number one concern.

[00:16:43] It was like, oh my God, you know, there's no way we can offer this to people without either losing a lot of money or having to charge a lot for people to use this.

[00:16:56] Just because the economics...

[00:16:58] And I mean, what we're trying to do with Sizzix Sage requires top-tier models like GPT-4, Cloud 3.5, the Gemini 1.5, that kind of stuff, you know?

[00:17:12] So, it was a huge concern.

[00:17:16] And it still is, but I would say things are generally improving quite a bit.

[00:17:25] We are seeing every iteration of the models that all of these top-tier LLM providers are offering.

[00:17:32] Every single iteration is becoming more powerful, faster to respond, and also cheaper.

[00:17:41] So, we are seeing improvements there, but still delivering something like this.

[00:17:48] And latency in general is still a problem, especially because when you need reasoning, even just look at O1, you know, the latest model released by OpenAI.

[00:18:00] It's made great progress by implementing multi-step reasoning, essentially, you know, like just in the way they train the model, in the way they offer the service.

[00:18:11] But it is slow, it is much slower, you know?

[00:18:13] So, in general, when you switch from like classic LLM approaches to agentic approaches, latency becomes a big deal.

[00:18:27] And in my opinion, it's an even bigger concern than cost.

[00:18:34] In terms of, let's say, lessons learned and how to approach this, part of this is sort of like, you know, like patent pending stuff that we're doing.

[00:18:49] So, not straightforward for me to disclose what we're doing.

[00:18:54] But I think that in general, what we're finding is that the problem is very challenging, extremely challenging, not completely solved yet.

[00:19:07] But I think that there are approaches that tend to work better.

[00:19:14] And in particular, the ones that distribute more like the reasoning rather than centralizing it and creating chalk points tend to work better.

[00:19:26] At least based on what we're seeing to solve these problems.

[00:19:30] So, it's almost like you need to find out.

[00:19:36] It's really, you know, we're still working on this and I'm not saying that we've completely solved the problem.

[00:19:42] But the solution to these problems almost resembles to management and team organization approaches, right?

[00:19:54] So, the question is, okay, now you have these different things that are experts in different areas that are supposed to work together.

[00:20:01] How do you structure them in a team?

[00:20:05] Is it better to have like a manager, like a project manager that then organizes the work of the other ones?

[00:20:15] Is it better to create a little bit more like of an anarchic approach where everybody operates more independently?

[00:20:24] And at the end, they try to converge by conversing to each other and talking to each other.

[00:20:29] And it's pretty fascinating because it looks quite a bit like having to solve the problem of organizing teams.

[00:20:37] And of course, that means that depending on the task, depending on the complexity, depending on the domain,

[00:20:42] depending on the kind of answers that you want to provide, depending on who your audience is and this kind of stuff,

[00:20:49] you can adopt different approaches and some work better than others.

[00:20:55] And your open source tools, including Sysdig and Falco, have become a critical resource in cloud security and troubleshooting.

[00:21:04] That's something I learned when I was Googling you before you came on the podcast.

[00:21:08] So, I've got to ask, I mean, how has this open source ethos influenced your approach to AI innovation at Sysdig?

[00:21:15] Is it a big part of what you do here?

[00:21:20] Yeah, very much.

[00:21:22] And they're talking about lessons learned.

[00:21:23] Another lesson that I learned is if LLMs are the new interface between men and software,

[00:21:37] between men and data, it's almost like, in fact, for example, you know, many people consider companies like OpenAI disruptors

[00:21:47] for existing, you know, companies like Google, because many of us, you know, what you used to do with search before,

[00:21:57] now you solve the problem by asking a question to an AI.

[00:22:01] Right?

[00:22:03] So, if you extend this comparison, it's almost like the source of the data becomes an important differentiator.

[00:22:14] What I mean is the battle in the next years around AI is going to be fought around which data goes into these models.

[00:22:25] The more data these models consume, it's been proven, you know, the smarter and better they become.

[00:22:31] There are many organizations in the world, like newspapers, book writers, and so on, that are not happy about their data being used to train LLMs

[00:22:44] that potentially then, you know, is used to replace them.

[00:22:48] At the same time, there's also the opposite.

[00:22:54] There's sort of areas, domains like security, cloud security, for example, which is the one where we operate,

[00:23:04] where you want the LLM to know as much as possible about your tools, your workflows, your languages,

[00:23:16] all of this kind of stuff, if possible out of the box.

[00:23:19] How do you do that?

[00:23:21] You make all of this information publicly available so that the LLM trainers can suck it up and infuse it into the brain of the AI.

[00:23:35] What is the best way to make information public domain and accessible by an AI?

[00:23:44] In software, it's open source.

[00:23:46] You know, we, it was amazing, you know, we, Falco, you know, is one of the open source that I have originally created and Sysdig is sponsoring.

[00:23:58] And Falco is a runtime security tool for cloud and containers.

[00:24:04] It's like a little security camera for containers.

[00:24:07] And with Falco, you can define rules using a specific language.

[00:24:10] For example, I don't know, I don't want anybody to start an interactive shell in one of my containers.

[00:24:17] You can express this, you know, in the Falco language.

[00:24:21] And then Falco will monitor this for you across your infrastructure and make sure that if this happens, you are notified.

[00:24:28] You go to ChGPT and it knows Falco and it can create a rule for you.

[00:24:33] It can help you writing one.

[00:24:35] It can fix one for you, you know, if you want.

[00:24:38] And this is because OpenAI clearly has been trained on this.

[00:24:44] And this is because all of this kind of stuff is available online, on GitHub, on web pages or multiple sources.

[00:24:53] And there's a whole community, you know, producing content.

[00:24:55] So for providers of services like us, there's sort of like a search engine optimization that you do.

[00:25:04] It's an AI engine optimization that you do by leveraging open source.

[00:25:09] And it makes AIs much better at doing what your users need to do just because you're so open about the way you do it.

[00:25:19] And you engage a community that produces, you know, like content around what you're doing.

[00:25:25] And with the continued rapid pace of AI development and so many big predictions about 2025 being the year of agentic AI,

[00:25:34] what do you see the biggest risks and equally rewards are of being one of those early adopters of agentic AI in enterprise environments,

[00:25:42] particularly around cloud security, which is an area I know you're passionate about.

[00:25:46] But what are you seeing here?

[00:25:49] Yeah, I mean, in terms of risks, I would say what we mentioned before.

[00:25:54] So it's challenging from the cost and the latency point of view to build something that is like truly agentic on the data set that is as big as what a security tool, for example, a cloud security tool provides.

[00:26:10] So I think that as an industry, we need to converge on, you know, what are the best architectures for this.

[00:26:17] And CISDig absolutely wants to be at the forefront of this, you know, so we're pushing hard.

[00:26:21] We want to keep coming up with stuff that is like bleeding edge and sort of like industry defining for this.

[00:26:29] In terms of opportunities, I think that the sky's the limit.

[00:26:37] I think that we are in a place where I sort of compare these to the rise of SaaS applications, right?

[00:26:47] There's been a huge wave starting like around 20 years ago of converting all of the software that was running on our machines into software that you run in your browser.

[00:26:58] And, you know, like the Salesforce, Salesforce is of the world where there are new industries that are created just because you take an application that is already existing,

[00:27:09] but you offer, you know, like a new interface in this case, a cloud-based interface.

[00:27:15] And every domain, including cybersecurity is being heavily impacted by this.

[00:27:20] And this has created, you know, like huge changes in the industry and huge winners.

[00:27:24] And I think we are at the beginning of something like that.

[00:27:26] AI will create a dramatic shift in how every software product and domain is delivered.

[00:27:36] And I think that the real innovation and the real game changeness of AI will come only partially from the open AIs of the world.

[00:27:47] So from the chats, from the general domain chats, but it could be creatively applying AI to every domain.

[00:27:54] And every domain is different, but there is a potential huge benefit for everybody.

[00:27:57] And cybersecurity is not exceptions.

[00:28:01] Cloud security is not exceptions.

[00:28:03] So I expect that in like three, five years from now, the user interfaces for products like cybersecurity products will be very different

[00:28:13] and would be heavily revolving around just, you know, conversation and leveraging multiple assistants that can work together to speed you up,

[00:28:27] solve problems much more easily and just find stuff that you wouldn't find just because you cannot see everything well.

[00:28:32] They will be able to see everything, but, you know, see it from the perspective of a human being.

[00:28:39] And if we were to look to the future, I would gaze into my virtual crystal ball.

[00:28:44] How do you envision the Gentic AI to continue to evolve?

[00:28:48] And what role do you see Sysdig playing in helping shape this next generation of cloud security solutions?

[00:28:55] Because it feels like an incredibly exciting time.

[00:28:57] It's also very early stages.

[00:28:59] So how do you see all this playing out?

[00:29:01] Yeah, I mean, if I could predict the future, I would probably be investing in the stock market or something like that.

[00:29:10] But what I'm sure is this evolution is inescapable.

[00:29:16] The evolution toward AI is inescapable and the evolution toward more complex AI infrastructures that are likely going to base on agents is inescapable

[00:29:26] because it's just natural evolution and there's so much value that can be brought that everybody will essentially compete in this domain.

[00:29:38] So what I don't know is exactly what will happen,

[00:29:43] but what I will know is that we will for sure move aggressively toward utilizing as product providers

[00:29:56] and as end users utilizing more and more of these architectures.

[00:30:02] Well, I cannot thank you enough for sitting there with me today

[00:30:04] and sharing how a Gentic AI is growing in popularity from a cultural and a technological perspective.

[00:30:11] But before I let you go, I'm going to ask you to leave one final gift for everyone listening.

[00:30:17] And that is a book that has inspired you or means something to you that we can add to our Amazon wishlist for everybody listening to check out.

[00:30:24] What would you like to add to that list and why?

[00:30:27] Yeah, I've recently read a book called The Five Ages of the Universe.

[00:30:34] It's like, you know, a cosmology book, but it talks about the universe and the history of the universe.

[00:30:43] But instead of the past history, because normally all of the books in this domain tell you about the Big Bang

[00:30:48] and how the universe was formed and where we're coming from, which is extremely fascinating by itself.

[00:30:54] But this book is the opposite.

[00:30:55] It talks about how the universe is going to end, essentially.

[00:30:59] So where does it go from here, you know?

[00:31:01] And it's very fascinating because it talks about timescales that are like unimaginably long, you know,

[00:31:10] because the universe is very much in its infancy yet, you know?

[00:31:15] And so understanding how much time there's still in front of us

[00:31:22] and how long, you know, things are still going to be and what's going to happen, you know, how this is evolving.

[00:31:29] I found it put very much in perspective, you know, like our lives, you know, and us as a humanity, you know,

[00:31:35] like our responsibility to be good stewards of our planet, of our universe,

[00:31:43] and understand that our lifespan is just a tiny, you know, dot in something that is much bigger

[00:31:52] and so giant and massive compared to us.

[00:31:54] So it helped me, you know, just put a lot of stuff in perspective in my life, in my career,

[00:32:00] and in general in humanity, you know?

[00:32:03] So I find it to be very fascinating.

[00:32:05] It's a book by two authors, Fred Adams and Greg Lovelin, and I really enjoyed reading it.

[00:32:13] What a great choice.

[00:32:14] I'm going to add it to our Amazon wish list.

[00:32:16] And for everybody listening, where's the best place for them to find you or your team online

[00:32:21] and find out more about anything we talked about today?

[00:32:24] Where would you like to point them?

[00:32:26] Yeah, sysdig.com.

[00:32:27] Our website.

[00:32:28] And from there, you find every other way to contact us.

[00:32:32] So just come check us out on our website.

[00:32:34] Well, I'll add a link to make it nice and easy for everyone looking to find out more on this.

[00:32:40] And I, for one, have just loved hearing more about how Sysdig has built this first AI cloud security tool

[00:32:47] on Agentic AI.

[00:32:48] There's going to be so much talk of Agentic AI this year,

[00:32:51] so I'd love to find out more about what people listening thought of that.

[00:32:55] And also, I think it's so important at a time where everybody's looking at implementing this

[00:33:00] is learning more about the promise and the pitfalls of Agentic AI,

[00:33:04] from latency to cost and how you've overcame them, how you're succeeding.

[00:33:08] It's incredibly useful for people listening.

[00:33:11] So thanks again for taking the time to share that with me today.

[00:33:14] Thank you for having me.

[00:33:15] It's been a great pleasure.

[00:33:16] As we've learned today, AI offers a new way to think about AI's role in cybersecurity.

[00:33:23] Moving beyond isolated tools to AI systems that behave like expert teams.

[00:33:28] Teams are able to solve critical problems quickly.

[00:33:33] And Sysdig's advancements are proof that innovation in Agentic AI

[00:33:36] could be the key to staying ahead of those modern cloud threats that we're seeing out there.

[00:33:42] But where do you see AI heading in cloud security and enterprise environments?

[00:33:48] Are we prepared to embrace the promise while addressing its pitfalls too?

[00:33:54] I'd love to hear your take on this, so please reach out, share your thoughts,

[00:33:58] LinkedIn, X, Instagram, at Neil C. Hughes.

[00:34:01] Let me know your thoughts on this one.

[00:34:03] But that's it for today.

[00:34:05] So thank you as always for listening.

[00:34:07] Keep your comments and questions coming in,

[00:34:09] and I will speak with you all again tomorrow morning.

[00:34:14] Bye for now.

[00:34:18] Bye for now.

[00:34:20] Bye for now.

[00:34:22] Bye for now.

[00:34:22] Bye for now.