Alan Shimel sits down with longtime friend and cybersecurity veteran Rich Mogull to discuss his new role as chief analyst at the Cloud Security Alliance. The conversation covers a lot of ground, from the rapid rise of agentic AI to how CSA is working to bridge the gap between high-level security frameworks and the practitioners who actually need to implement them.

Mogull explains how CSA is approaching AI security through two major initiatives. The first is the AI Security Maturity Model, a framework designed to give organizations a practical roadmap for evaluating and improving their AI security posture. The second is the launch of CSAI, a dedicated nonprofit arm focused specifically on AI security research and guidance. Together, these efforts aim to move the conversation beyond abstract principles and into something security teams can actually use.

The discussion also touches on the expanding role of CSA’s enterprise membership program, which is designed to give larger organizations more direct input into the research and standards the alliance produces. Mogull describes how this creates a feedback loop between the people building security programs and the people writing the guidance those programs rely on.

One of the more memorable moments in the conversation comes when Mogull shares a story about using AI-generated code during a live incident response, illustrating both the promise and the unpredictability of these tools in real-world security operations. For anyone navigating the rapidly evolving intersection of cloud security and artificial intelligence, this is a wide-ranging and highly relevant conversation.