Attackers can now compromise cloud environments in just eight minutes, fundamentally changing how security leaders must approach defense in the AI era. CISOs have their work cut out for them. We have a conversation with Sysdig CISO in Residence Conor Sherman to talk about it.
In this conversation, recorded at RSAC 2026 Conference, Sherman shares his insights on the dramatic shifts happening in enterprise security. With threat actors leveraging AI to accelerate attacks and the time from vulnerability disclosure to exploitation collapsing to hours and soon minutes, traditional security approaches are proving inadequate.
In this video, we talk about the dual mandate facing modern CISOs: transforming their own security organizations while advising the business on safe AI adoption. Even seasoned executives with 20 years of experience are returning to hands-on keyboard work in lab environments, with the best of them staying ahead of rapidly evolving threats.
What you’ll learn from this interview
Sherman reveals some interesting insights for security professionals and business leaders. They need a better understanding about the current threat landscape. The discussion covers why runtime security has moved from a specialized concern to a mainstream priority, especially for organizations deploying AI workloads that require both protection and performance.
Ephemeral workloads like containers and serverless functions create new challenges, as security telemetry can disappear in seconds. Kernel-level visibility and active defense mechanisms are becoming essential as the time available for human response continues to shrink.
Key topics covered in this video
- How the time to exploitation has collapsed and what it means for defense strategies
- Why CISOs must balance growth risk against security risk in AI adoption
- The shift from static security approaches to active, real-time defense
- How AI is both threatening and empowering security teams
- Practical steps for evaluating runtime security vendors
- Why security leaders are reconsidering their tool portfolios
- The role of open source in modern security architectures
Advice for security leaders
Sherman’s specific recommendations for CISOs evaluating security technologies could prove valuable. He explains what questions to ask vendors, why independent testing is essential, and which technical details reveal whether a platform can actually deliver on its promises.
The discussion also addresses the reality of security tool fatigue and budget constraints. It offers a fresh perspective on how to think about the security stack in an AI-first world. Starting from first principles about critical assets often leads to simpler, more effective security architectures than simply layering on additional tools.