Insights from TJ Gonen, Cyber Advisor & Founder, Protego Labs
A year ago, AI security was still a “what if” conversation. Organizations were experimenting with chatbots, exploring proof-of-concepts, and compiling lists of hypothetical risks. Security, if it was discussed at all, was often an afterthought, something to consider later, once the technology proved useful.
Fast forward to today, and the landscape has changed dramatically. The conversation has shifted from if we need AI security to how quickly we can get it in place. Enterprises are no longer playing with AI, they’re embedding it into real, production-grade processes that impact business-critical outcomes.
Recently CalypsoAI’s Head of Strategic Engagements, Shane McCallion, joined TJ Gonen, Cyber Advisor & Founder, Protego Labs, as part of the AI Inference Security Project to discuss just how much has changed in AI security over the past year. Continue reading to get TJ’s insights on the topic and watch the full conversation below.
From Pilots to Enterprise‑Ready: What Changes at Scale
The most significant shift TJ has observed in the AI space is the rapid move from experimentation to deployment. In 2024, many organizations were running small, low-risk pilots. In 2025, they’re building AI into critical workflows, and what “works” in a small POC rarely survives real‑world traffic, diversity of use cases, and organizational complexity. For example, a 5% error rate that’s tolerable in a sandbox becomes a disaster when processing tens or hundreds of millions of requests. TJ’s point: the moment AI touches critical workflows, you need guardrails that hold under volume, across teams, and over time.
Enterprise‑Ready: The Non‑Negotiables
Being enterprise‑ready is a checklist you either meet or you don’t. The bar includes:
- Accuracy at volume: Low false positives/negatives and consistent behavior under heavy load.
- Centralized policy & orchestration: One place to author, roll out, and version controls across many apps.
- Performance SLAs: Predictable latency/throughput with capacity to scale without degrading security.
- Observability & audit: Full‑fidelity logs, explainability, and reporting to satisfy ops, risk, and regulators.
- Deployment flexibility: SaaS, on‑prem, and even air‑gapped when the use case or regulator demands it.
- Governance alignment: Approvals, model provenance, and change control integrated with existing GRC.
- Continuous validation: Automated red‑teaming plus runtime defenses given the continuous evolution of AI threats.
- Data controls: Strong protections against leakage of PII, secrets, and IP in both inputs and outputs.
TJ calls out that this is the difference between a tool that demos well and a platform that survives production.
New Categories and Total Disruption
TJ sees two big impacts this shift in AI will have on the security market:
- Creation of entirely new categories: particularly AI systems that augment human security operations. Tasks like onboarding, compliance checks, and incident triage will soon move from human analysts to agentic AI.
- Full disruption of existing categories: areas like penetration testing, SOC operations, and data loss prevention will be transformed, in some cases replaced, by AI-driven, continuous processes.
This isn’t a 10-year change, it’s a two-to-three-year window before major parts of the cybersecurity landscape look completely different.
Why CalypsoAI’s Bet Resonated
When TJ joined CalypsoAI’s Executive Advisory Board, it was the clarity of focus that stood out. While other companies tried to cover the full AI security spectrum—from browser plugins to code scanning—CalypsoAI zeroed in on securing AI applications in production. The bet was that this application-level security would quickly become a must-have. To TJ, that bet has paid off.
Final Word: The Fun and the Urgency
For TJ, the work is both urgent and enjoyable. Urgent, because the market is moving at a speed that few anticipated, going from playful exploration to critical deployment in under 12 months. Enjoyable, because building solutions alongside the right people makes the hard problems worth solving.
The bottom line: AI security has graduated from a “someday” topic to an immediate requirement. The organizations that move now, while the market is still taking shape, will be the ones best positioned to innovate safely at scale.
