AI governance has never been more urgent, yet most organizations remain caught between two equally bad options: blocking AI entirely or letting it run wild. Three seismic shifts in 2025 have made the challenge even more acute. First, every major browser is now AI-enhanced, creating new attack surfaces and data leak vectors. Second, agentic AI has emerged as a specialized discipline with its own governance requirements. Third, the Model Context Protocol gained widespread adoption, introducing fresh security challenges that legacy tools can’t address. The typical enterprise response has been predictably inadequate. Some companies deploy blanket blocks, only to watch employees migrate to personal devices and accounts. Others take a permissive stance, only to discover that four times as many employees use free ChatGPT as their expensive corporate copilot licenses, with sensitive data flowing freely into unapproved systems.
In this episode, Alastair Paterson, CEO and co-founder at Harmonic Security, explains how Harmonic Protect addresses these challenges by securing workforce AI adoption through browser-based visibility, endpoint agents, and MCP gateways. Joining him are Ross Young, co-host at CISO Tradecraft, and Johna Till Johnson, CEO and founder at Nemertes.
Want to know:
- Why are enterprises still struggling with AI governance despite years of motivation to solve it?
- How does Harmonic keep pace with 50,000+ AI products when the landscape changes monthly?
- What’s the difference between visibility, coaching, and blocking in AI governance?
- How do you implement AI controls without creating thousands of new alerts for security teams?
- Where does Harmonic fit in the multi-step process of setting policy, monitoring compliance, and enforcement?
- How can CISOs measure the ROI of AI governance tools and benchmark against industry peers?
- What’s Harmonic’s strategy with secure AI browsers?
- Why should AI browsers be blocked by default in the enterprise?
- What should CISOs prioritize for AI security in 2026?
Got feedback? Join the conversation on LinkedIn.
Huge thanks to our sponsor, Harmonic Security
Full Transcript
[Voiceover] Connecting security solutions with security leaders, Security You Should Know starts now.
[Rich Stroffolino] Welcome to Security You Should Know. I’m your host, Rich Stroffolino. Today, we’re talking with Harmonic Security and learning what they’re doing in AI governance and control with their Harmonic Protect. Now, the problem that they’re addressing, it’s never been more timely.
It’s looking into why we’re still struggling with AI governance in the enterprise. Helping us get answers to what they’re doing, dig in more, get some more details, we have an all-star panel here. We, of course, have Ross Young, the co-host at CISO Tradecraft, and Johna Till Johnson, CEO and founder at Nemertes.
Johna, I’m going to start with you. Why are we still struggling with AI governance in the enterprise? Seems like we have a lot of motivation to figure that out, right?
[Johna Till Johnson] We do, but I think there are three key things that have happened in the past several months that have really upped the bar for AI governance. First one is the emergence of all the AI-enhanced browsers. Basically, every browser you can possibly get is AI-enhanced and enabled, which means you need a governance and control strategy for those.
And then there’s the rise of agentic AI, which is the new hot thing, and again, that is a specialized discipline that has requirements for tools. Last but not least, the single biggest thing that I think happened in 2025 was the emergence and acceptance of the Model Context Protocol, MCP, which, again, poses its own new challenges.
So, while you can say, Well, we’ve had years to deal with AI in the enterprise, the reality is there have been three new things that have happened in the past year or really gained a lot of momentum in the last year that have upped the ante for governance and control.
[Rich Stroffolino] Ross, I’m going to come to you. What’s your take on why we’re still struggling with this governance issue?
[Ross Young] So, I think AI governance is a completely new beast. For 20 or 30 years, we’ve had developers learn a programming language and go write code in Python. Now it’s not so simple. Developers are writing code in English. The prompt comes back with their code.
So, they don’t even really know the code. They just see the website that’s been built. And we’re seeing this go wrong. Like there’s this company named Replit who released a brand new software thing, and it destroyed their entire production database and caused a massive customer outage, right?
If you actually would have read the code changes, you might’ve seen, like, why would I ever want to change the production database? Probably not a good idea. I want to change the code on the website, not the database. And so, when people have these massive changes when they’re going from certain paradigms of how we program, it’s a big shift and the governance needs to say, okay, we can’t blame AI.
We got to do this right.
[Rich Stroffolino] All right. Well, today we’re going to be talking with Alistair Paterson, the CEO and co-founder at Harmonic Security. Now to start out, Alistair, we’re answering three essential questions. You need to help us out here. Set the table here for us.
How do you explain the value of your solution to a CEO? What does your solution do and what does it not do? And what is the pricing model? Can you help us out here?
[Alastair Paterson] I’ll do my best, yeah. Great to chat with you guys today. Thanks for having me on the show. Yeah, I think the value’s pretty obvious here really, which is every CEO and every board is just trying to push faster and harder with AI, right?
How do we get more AI adopted faster in the enterprise for all kinds of competitive reasons, efficiency reasons, and everything else? And the challenge on the security side is obviously the governance and control, stopping sensitive data getting into jurisdictions it shouldn’t and places it shouldn’t, people’s personal accounts, and then they move on.
There’s the challenges around agents and MCP that was touched on here as well. And so, you’re in a Wild West scenario or you’re in a block scenario, that’s typically what you’ll run into. And so, from a CEO perspective, you don’t want either, right?
You don’t want everyone running wild. At the same time, you can’t just block this stuff. We need to enable it. So, Harmonic’s really that enablement layer. We can help from a CEO’s perspective, help that company accelerate with AI, but do it safely with the right guardrails and controls in place.
[Rich Stroffolino] And then in terms of pricing, what are we looking at?
[Alastair Paterson] Pricing’s pretty straightforward as well. It’s per seat, I like to keep things simple. I think CISOs usually struggle with consumption models and unknown costs because they have budgets. So, we keep it pretty straightforward. And so, that’s the route we’ve gone.
I know you also asked me, what do we do and what do we not do? I think just to frame Harmonic really briefly in that conversation, I think within AI security, there’s this huge market maps and sort of buckets of 25 different subcategories and logos and MITRE ATLAS and CSA’s got a framework, and it gets very complicated.
So, I like to boil it down into four problems that need to be solved because I think that’s all that really matters. And so, I think there’s a problem which is the challenges from AI itself, the threats, AI-generated threats. So, things like the deep fakes and sophisticated phishing attacks, not us.
There’s an area in AI security, which is really use of AI for security. So, SOC automation, vuln management, all of that, not us. There’s a third area, which is building your own AI, securing it, red teaming it, protecting it from prompt injection attacks, putting your own chatbots out there, not us.
So, the final area, which is us, just to be clear, it’s the workforce adoption of AI, right? What are your employees doing? And that includes your engineers. It includes the use of MCP and agents in the enterprise across these AI-enabled IDEs, agentic browsers, all of the above is in scope, right?
But it’s the employee usage and adoption of AI that we’re securing at Harmonic.
[Rich Stroffolino] Fantastic, yes. So many, I love hearing someone that’s not trying to boil the ocean and actually has a clear vision. This is fantastic. So, based on that, we have a clear idea of kind of where you’re operating, but I’m sure we have a lot of other questions to get into.
Ross, I’m going to start with you. What other questions do you have for Alistair and for Harmonic Security?
[Ross Young] So, I think this is a really interesting problem because the amount of AI usage from every employee in a company is just growing at an exponential rate. So, the biggest question that I would have is if I’m a company and I got 10,000 users and they’re trying, I don’t know, 50,000 AI products, how do I make sure your product can keep up with all of those different AI demands that are coming up, and I don’t buy a product that only covers five things when I really need coverage on a hundred things?
[Alastair Paterson] Great question. Yeah, we absolutely have to keep that in mind. I think this is not a static space. I think there’s some areas in security where you build something and you’re kind of done and you’re polishing it for a few years and scaling it up.
This is not one of those. So, this becomes a partnership and a continual development cycle. And I actually think startups are way better positioned to handle that type of environment than big established companies that can’t innovate at the speed that we’re seeing this market evolving.
I mean, to give you an example from a Harmonic perspective, we started in the browser. So, our first product was really a browser extension that now covers all of the agentic browsers, which is something we had to add in the last year. We’ve since, though, had to extend to cover a whole range of new scenarios.
So, MCP only existed about a year ago. It was invented, I think, in November of ’24. So, we now have an MCP gateway that is able to protect against the threats around that. And then the final one is an agent, an endpoint agent that we have that covers all the thick client apps and we’re able to cover agentic IDEs and all the other things that are going on.
So, we’ve had to evolve absolutely at startup speeds just as the market has, and we have to do that in partnership with our customers.
[Rich Stroffolino] Johna, jump in here. What other questions do you have for Harmonic Security?
[Johna Till Johnson] Yeah, so the big one I would have, Alastair, is I love, it’s music to my ears, that you’re working on the governance of AI from an employee-centric view. The challenge is there’s kind of a multi-step process. And first, you have to have a policy about how your employees can use AI.
[Alastair Paterson] Yes.
[[Johna Till Johnson] And setting that policy can be challenging. Like in the example that Ross used, which is a great one, it’s like, hey, don’t take down the production database, okay?
[Laughter]
[[Johna Till Johnson] Pretty obvious, but some of the other things are not so obvious. So, there’s the setting the policy. Then there is managing and overseeing to see whether that policy is in fact being followed. And then there’s doing something about it when it has not been followed.
So, my question to you is, where do you help in those steps?
[Alastair Paterson] Great question. We actually, we love that type of scenario, right? So, typically, most people we work with, they have an AI policy in place. Most often, they have an AI governance committee or group that meets as well. But that committee struggles with visibility in the what’s going on, first of all, before they even think about control.
They typically look at their SASE platform for that. And the challenge is it gives URL visibility, but it can’t even tell the difference between personal versus corporate use. It doesn’t have prompt level visibility beyond maybe a handful of apps. So, they struggle to understand how is AI being adopted and used today, and then how to put the controls around sensitive data.
So, the way we deal with that, the first thing is, because we sit in the browser and in these other places I mentioned, we can give true prompt-level visibility and understanding across the adoption and usage of AI. We’ve built 26 of our own small language models that understand sensitive corporate data.
So, much, much better than the prior regex era. So, we use those to, instead of just try to block end users, we can give visibility into what’s going on and then coach and nudge them towards safe outcomes automatically. So, we effectively can take that policy and turn it into nice coaching supportive guardrails instead of security being Department of No, or just leaving the Wild West to happen as happens in some places today.
[Ross Young] Yeah, I think that’s really interesting. I think the piece that I would have here is, let’s say I’m the CISO, I deploy the technology, and all of a sudden, I find I have hundreds of people doing stupid things on the internet, uploading sensitive IP in places.
Now do I have to like go and talk to their managers in order to actually implement this in an effective way? Is that HR’s job? Is that CISO’s job? Who’s going to have to track and follow this through? Or do you have like automations that actually help trigger this and integrate with maybe some HR systems or other things so that the CISO’s, you know, two people stuck policing this tool aren’t having to go chase down hundreds of users across a large corporation?
[Alastair Paterson] Yeah, totally. I think it’s always one of the nightmares in security, isn’t it? You get a new tool which shows you a bunch of bad stuff and now it’s created a load more work for the team to do that was busy enough as it is. So, yeah, from day one, we’ve been thinking about that.
And so, instead of giving you another alert list with 4,000 things that need to be actioned in, you set up the policy, and we understand what you’re trying to do with the business, and that’s where the coaching and nudging comes in. So, typically we start in visibility mode.
We show you where there are some pretty serious problems, but instead of it being a really harsh block to the end user, they’re just getting coached and nudged the way you want. Maybe it’s a warning, maybe it’s redirect sometimes, but often it’s just explaining, like on-the-job security awareness training that can be as lightweight or as heavy as you want.
So, every org picks where they want to be on that spectrum, but then we resolve these issues automatically without the security team having to get in the way. So, very lightweight on the security team as a result.
[Johna Till Johnson] That’s funny. It reminds me a long, long time ago when firewalls first came out, nobody knew what to do with them. And I remember I was working at McGraw Hill and what they did was they would send a little memo to every department head saying, “By the way, these are the sites that your employees have been looking at.
Perhaps you might wish to chat with them.” And we were the only department that had not been looking at something we shouldn’t have been looking at, but I remember thinking, “That’s an approach.” And I see what you’re saying. First, you let everybody know that’s happening and then slowly you work into building in the controls and keeping things from happening.
I have a question for you on that setting policy though because I realize that most companies say they have policies and say they’re in a position to enforce them, but do they really and are they really? And would you have some good insight as to the kinds of policies that perhaps CISOs ought to have?
Like is there some paint-by-numbers function that says, “You don’t appear to have this policy. We would recommend it.”
[Alastair Paterson] Totally. I’d say yeah, 90% of the people we talk to, they have a policy. The policy typically says something along the lines of, “Don’t put our corporate and customer data into unapproved AI sites,” right? No one’s ever read the policy.
Even if they have read it, they’re just doing their job, right? They’re not trying to do harm to the business, but they’re just trying to get their job done. And so, data is inevitably flying everywhere and there’s no good controls. So, some companies try to block, but that just pushes behavior onto personal devices and around the controls.
It’s pretty retrograde.
So, the better thing I think is to enable, and then we actually, using Harmonic and the small language models, we’re able to say, well, you probably don’t want corporate data going to, let’s say, China or into personal accounts, but corporate is okay.
So, maybe you can put M&A information, let’s say, into a corporate ChatGPT, but not into personal. Or maybe we want to redirect somebody who’s trying to paste a bunch of customer data into a China-hosted site and redirect them towards our safe corporate instance for some of these things.
But I think it sparks conversations in the business and makes security more strategic because you can talk to the we’re already selling through the CISO often to the CIO and the steering committee who care about ROI and the use of AI because you might’ve rolled out a ton of Copilot licenses, but no one’s using them.
They’re all using free ChatGPT and Gamma and a bunch of other tools that you didn’t even know.
[Ross Young] Yeah, I think this is a really interesting space and we’re going to really watch this. Perhaps I think one of the things we’re going to struggle with is how do I know if my metrics are any good, like I want to be able to measure the value of your tool.
Sometimes we do that by maybe comparing ourselves versus our industry verticals. Like, hey, how bad am I compared to everybody else in the financial sector? Do you have anything like that? Or is that maybe on a roadmap of how you’re planning to benchmark companies versus their peers or their industry?
[Alastair Paterson] Yeah, I’m smiling because we were talking about it earlier today actually in the company. So, that is something that we’re rolling out in the product. We actually, we did a bit like the Spotify wraps, we did a sort of GenAI wraps for ’25 where we showed stats about where all the sensitive data’s going that we see across the entire customer base.
And so, it was pretty interesting to look at that and do some peer comparison there. But we’re going to build that as a feature into the product as well this year. Along with giving that sort of ROI analysis where you might’ve paid a bunch of money for a bunch of these tools, but by use case, we can start to show you, well, your HR use cases are going over here, and marketing’s got use cases over there.
And so, you can start to see which tools are actually being used, which ones are higher risk, lower risk, and make security more of a business partner versus a Department of No and trying to block things. This is an opportunity for security to become probably a bigger part of the C-suite conversation.
[Johna Till Johnson] Yeah, and I think what you’re hearing from both Ross and from me is that you have an unusual opportunity to serve as the clearinghouse for best practices, and specifically, measurable best practices, both from the standpoint of what a policy ought to be, what policies work, what controls work, and then also more broadly, like how well you’re doing compared to the other guys.
So, my thought is if I were a customer, I’d certainly want to know your broader roadmap of how are you taking that clearinghouse of great data about best practices, quantitatively validated best practices, as opposed to consultant spewed. So, I guess that would be the – it’s not really a question, it’s an observation, I would say.
Just highlighting and double downing on this idea of not just industry vertical comparison, but also policy that works, policy that doesn’t work, policy controls that work. You’re sort of talking all around it, but it seems like that clearinghouse of best practices is probably something to keep an eye on.
I do have an actual question which is I know that you spend time looking at what employees are doing with their browsers and you have a nice lineup of browsers that you cover. I did notice that one of the advisors on your team is from Palo Alto, and Palo Alto has recently introduced a browser, an AI browser, a secure AI browser, the idea being that you would use this one in order to be secure.
What is your strategy there? Are you working with Palo Alto, planning to incorporate support, already have support?
[Alastair Paterson] Yeah, we’ve built Harmonic to be completely browser agnostic, and we co-exist with the other secure browsers, so we have customers that have us rolled out alongside Island and other players in the space as well. So, it’s certainly something we have to keep an eye on and make sure and test that every new browser that comes out works, but so far, we haven’t had any problems with it, and no doubt as the year ’26 goes on, there’s going to be more browsers, more things to cover.
I think just as a macro observation, I think there’s a lot of risk around those AI browsers today. I don’t say this about anything else in AI already…
[[Johna Till Johnson] I agree.
[Alastair Paterson] …but I think that default block on AI browsers is probably the right move because they are just so vulnerable to prompt injection attacks. It’s the only time you’ll hear me say I’m supportive of blocking is probably AI browsers in the enterprise today.
[Rich Stroffolino] We have time for one more question.
[Ross Young] Yeah, I think that’s a really interesting observation, right? We went from the whole organization getting off Internet Explorer to everybody going over to Google Chrome, and now for an organization to say, “Hey, instead of just controlling Chrome and the Chrome extensions, we’re going to have five other browsers with different extensions on every one of those browsers.” That sounds like a nightmare for a CISO to try to police, so I don’t think that’s likely to play out.
Now I do see maybe just one enterprise browser, maybe it’s Chrome, maybe it’s Island, whatever it is, I think that makes sense, but I don’t see 20 browsers to accommodate every different unique AI developer, right?
[Alastair Paterson] I think that’s right. I’d also say I don’t think they’re very good, frankly, [Laughter] right now.
[Johna Till Johnson] No, no, they’re really annoying.
[Alastair Paterson] Yeah, if they were really great, maybe I’d have a different opinion, but I don’t think… They’re not ready, right? They’re sort of research projects that are live, so I don’t think that space is going to move very fast, personally.
[Johna Till Johnson] And I would just add to that, that the ROI isn’t there.
[Ross Young] Yeah, so maybe the last question should be what should CISOs be thinking about with the AI use of tools across so many of their users? What are we not talking about enough so that we think about, “Oh, man, I should actually start to put this in my roadmap for ’26.” What should we be doing more of?
[Alastair Paterson] Yeah, I think it starts with visibility, right? You have to understand what’s going on before you can have that next conversation to say, “Right, okay, here are the risks.” It turns out we’re using a bunch of these things we didn’t even know, we’ve got data flying over there.
So, I think whatever happens, the starting point is just trying to get some ground truth on what’s happening in the institution today. And then I think the other opportunity that I see some people really grasping and others not is to become part of that business conversation, really be a leader in that AI steering committee and make security a relevant player and not just the sort of tools implementer that’s sort of there saying no to certain things.
Right? I think that’s the huge opportunity here is to say, “Hey, look, we’re going to be an enabler for the business.” Let’s wrap our arms around what’s happening today. Let me talk to my peers and figure out what the use cases are I need to enable, make sure I’ve got safe versions of each of these in place that I can meet the business need while at the same time keeping the company safe and secure.
And I think that’s the conversation that should happen everywhere. And I see it in some companies, but not in all of them.
[Rich Stroffolino] All right, Alistair, what’s one thing we didn’t ask about that we need to know?
[Alastair Paterson] I think we did a pretty good job here, folks. [Laughter] Maybe just some war stories are always quite interesting, you know, what sort of things are we seeing? I mean, I’m pretty shocked. We’re working with a pretty big insurance company right now.
They’ve rolled out Microsoft Copilot, spent a lot of money on it, and they had four times as many users of free ChatGPT as they had their corporate Copilot, right? And all kinds of data flying into it. And so, I think that’s the more sort of permissive end of the spectrum.
I had a conversation the other day with a company that’s very locked down. I talked to their head of AI, and he said, “Well, hey, Al, I’m head of AI, and I don’t have access to ChatGPT.” And so, I said, “Well, what do you do?” And then he said, “Well, I use this,” and he held up his personal laptop that he was doing all his work on, and he said, “And so do my team.” I thought, “Wow.” So, I think neither end of the spectrum’s great, but these are absolutely real stories, and there’s a bunch more.
And I think, again, it’s like recognition that this is happening, right? We can’t hold it back and block it, but you’ve got to enable it the right way and not leave people inside it to their own devices because there’s all kinds of risks out there.
[Rich Stroffolino] Well, that’s just about it for this episode of Security You Should Know. To learn more, head on over to harmonic.security. And if you have any feedback or questions about this show, send it to us at feedback@CISOseries.com. A huge thanks to Ross and Johna for helping us learn more about what Harmonic Security is all about, and a big thank you to you, Alistair, for your time and being game to answer all of these questions.
And thank you for listening to Security You Should Know.
[Voiceover] That wraps up another episode of Security You Should Know. If you like this program, please subscribe, tell your friends, and leave us a review. All companies showcased on this program are sponsors of CISO Series. If your company would like to be spotlighted and interviewed by our security leaders, go to our contact page on CISOseries.com or just email us at info@CISOseries.com.
Thank you for listening to Security You Should Know, connecting security solutions with security leaders.