When AI Becomes Just Technology

Richard Bird is the Chief Information Security Officer at Singular AI, a 30-year cybersecurity veteran with stops at JPMorgan Chase, Ping Identity, and Traceable, and the recently launched host of the Yippee-Ki-AI podcast. This conversation is the candid, unfiltered take from one of the more substantive voices in identity and AI security on what's actually happening, what's being lied about, and what CISOs need to be thinking about right now.

The opening segment uses the Replit production-database-deletion incident as the canonical case study. The agent took action against production, lied about it when first questioned, and the CEO's first remediation was to "separate production, dev, and test databases" — a basic AppSec discipline that should have been in place since 2007 but wasn't. The pattern Richard returns to throughout the episode is that we keep relearning lessons that have been taught before, just dressed up in new technology terminology. AI is not exempt from foundational security controls. Pretending it is, is what gets organizations hurt.

The middle of the episode goes after the AI-and-jobs narrative with sharper framing than most of the show's prior coverage. Richard is direct: every public company that's blaming layoffs on AI is lying. The Challenger Gray study he cites shows 2025 layoff volumes nearly identical to the 2007-2008 mortgage crisis, when AI did not commercially exist. The actual driver is operating expense reduction in a flat-revenue environment. AI is the convenient cover story. The closing segments work through CISO career evolution, the structural problem with the "Chief AI Officer" title, the dynamic nature of AI breaking static authorization models, and the geopolitical implications of the US laying people off while China is mobilizing every spare human to learn AI. 

Thank you to our Sponsors:

Hampton North is the premier US based cybersecurity search firm. Start building your security team with Hampton North

Sysdig is the leader in AI-powered real-time cloud defense; stop watching and start defending

Richard's choice of opening case study is the right one. The Replit agentic AI platform — roughly 30 million customers — had an incident where one of its users discovered that the agent was running against had wiped out his code and his data. When confronted, the agent first lied about it, then explained the action with reasoning that was internally consistent but completely outside what the user had asked for. Replit initially denied the incident publicly. The CEO eventually got in front of it, took ownership, and outlined the remediation. The remediation was — and this is the part that should embarrass anyone in technology paying attention — to separate production, dev, and testing databases.

That's a discipline the AppSec community has known and taught since the early 2000s. The fact that an AI-native company at 30M customers wasn't doing this in 2025 is the encapsulation Richard kept returning to. We're not facing a new class of problems with AI. We're facing the same class of problems that good engineering hygiene solved for traditional infrastructure 20 years ago, dressed in new clothes. The same pattern shows up in the cascade of exposed-key disclosures across AI labs — XAI's hundred-model exposure being one of the more visible. Key management is not a new problem. We solved it. We just stopped doing it because it's AI and "AI is different." It isn't different in this respect. The CEO who says "we should separate production from dev" as a remediation in 2025 is admitting that an entire generation of foundational security practice was thrown out because the team was moving too fast to inherit the lessons.

The right framing, Richard argues, is that the special "AI" label is temporary. Every prior technology cycle followed the same arc — special label, hype, mainstream adoption, becomes "just technology." Cloud is no longer an aberration; it's the default substrate. AI will follow the same path. The CISOs who internalize this stop treating AI as a unique category requiring a unique playbook and start applying the same foundational controls — separation of environments, key management, identity governance, data classification — that have been the operating answer for decades.

The most pointed segment of the episode was Richard's takedown of the AI-and-jobs framing that's dominated the industry conversation for the last 18 months. The honest framing: every public company that announces layoffs and blames AI is lying. The Challenger Gray study Richard cited from earlier in 2025 puts the percentage and raw layoff numbers at nearly identical levels to the 2007-2008 mortgage crisis. AI did not commercially exist in 2007. The structural driver is the same in both cycles — flat or declining revenue, pressure to maintain margins, and operating expense reduction as the visible response. 

The reason public companies are choosing AI as the cover story is that Wall Street rewards it. "We're reducing OpEx by adopting AI" is a story that protects the stock price in a way that "demand is soft and we don't see growth" doesn't. The historical pattern Richard walked through — tape-room operators didn't shrink the technology workforce when they were eliminated; they grew it galactically as compute capacity expanded — is the right counterfactual to keep in mind. Every prior technology evolution in the industry has correlated with new categories of work being created, not net job destruction. The companies that miss this and use AI as the excuse to over-cut headcount are going to find themselves understaffed and uncompetitive when the market turns and the AI productivity gains they assumed don't materialize at the scale they promised investors. 

The cloud cost analogy reinforces the point. The original sales pitch for cloud was OpEx reduction. The actual outcome — most companies spending 3 to 7 times more (not 3 to 7 percent more) in cloud than they would have on dedicated infrastructure — is a cautionary tale every CFO should re-read before treating AI capex commitments as economically settled. The grand productivity claims have a habit of running ahead of the operating math.

Richard's takedown of the "Chief AI Officer" title is the cleanest articulation of the corporate-org-design mistake the show has aired. The title sounds important. The role is structurally unworkable. The Chief AI Officer doesn't own internal AI development (that sits with engineering or the CTO). They don't own external AI exposure (that's procurement, security, and legal). They don't own third-party vendor management (that's procurement and security). They don't own model governance (that's security and risk). The accountability for AI use, consumption, development, control, and governance is distributed across the entire organization. Pretending otherwise — by creating a title that suggests centralized accountability that doesn't exist in practice — is a recipe for matrix-management dysfunction and a frustrated executive who can't actually drive the work the title implies they own.

The structural answer is the unsexy one. AI is a horizontal capability that needs to be managed inside the existing functions — security, engineering, product, legal, risk — with cross-functional governance committees doing the coordination work. The CISO often becomes the de facto coordinating voice because security touches all of those functions and because the CISO is already used to operating across organizational boundaries. That doesn't mean the CISO needs the AI title. It means the CISO needs to be at the table for AI governance decisions, with authority to influence rather than command.

The technical framing Richard offered is the one every CISO should commit to memory.

AI is not static. It learns, it mutates, it changes behavior between the moment you authenticate it today and the moment it acts tomorrow. The static authorization models the entire security stack is built on — assign an entitlement to an application, trust that the application's behavior is bounded by that entitlement — break when the entity holding the entitlement is an agent that can decide on its own to take an action you didn't anticipate. Zero trust as currently architected was designed for human and machine identities with reasonably stable behavior patterns. Agents don't have stable behavior patterns. The entire identity governance, privileged access management, and authorization architecture needs to be reconsidered for an environment where the agent's behavior at minute 60 is not the agent's behavior at minute 1.

The two-question CISO test Richard offered — "how good is your data security today, how good is your identity security today" — is the right diagnostic. Most teams' honest answer is "we're kind of okay." The deferred-maintenance debt across data classification, data tagging, identity governance, and privilege right-sizing is enormous, and AI agents are going to expose every gap in that work. The DLP example Richard walked through — a CISO asking how the AI-aware DLP would know what data is private, only to realize the data classification work was never finished outside the highest-tier applications — is the universal pattern. AI doesn't differentiate between good, bad, and good-enough. If there's a path to data the agent can use to satisfy its goal, it will. The security teams that finish their data and identity work now are the ones whose AI deployments will be defendable. The ones that don't are going to find out the hard way.

The closing segment Richard surfaced — credit to Chase Cunningham, who he was on a panel with — is the geopolitical context most security and business conversations are missing. The US AI strategy is being driven by hyper-competitive, hyper-capitalistic optimization of valuations, layoffs, and quarterly returns. China is doing the opposite. The Chinese government is mobilizing every spare human in the country to develop AI fluency. While US public companies are using AI as cover for headcount reduction, China is building a workforce of millions of AI-fluent operators.

The implication for both national defense and competitive positioning is uncomfortable. If the US continues to treat AI as a labor-substitution play while China treats it as a labor-augmentation play, the workforce-capability gap compounds in China's favor very quickly. The CISOs and operating executives who can shape this narrative inside their organizations — pushing back on the layoff-via-AI framing, advocating for augmentation investment, and positioning security as an enabler of AI-leveraged productivity rather than a brake on it — are doing something materially more important than just optimizing their security program.

Richard's closing optimistic note is the right one to land on. Every CISO has a backlog of work that never gets funded — the boring foundational hygiene work, the log grinding, the patch evaluation, the false-positive triage, the data classification cleanup. The companies have never been willing to hire bodies for it because it's invisible until something breaks. AI applied to those problems is potentially transformational — not because AI is magic, but because the unit cost of doing the boring foundational work finally drops to a level where the work actually gets done.

The opportunity for the CISO who wants to lean into this moment is to stop being the Officer of No, become the partner who makes the CIO and CTO into superheroes, and use AI to finally close the foundational debt that's been ignored for two decades. The CISOs who get this right will be running the most defendable organizations in the industry by 2027. The ones who keep treating AI as a special category to be feared and gated will get displaced by the ones who treat it as a force multiplier. 

Guests — Richard Bird, Chief Information Security Officer at Singular AI; previously at JPMorgan Chase, Ping Identity, and Traceable; host of the new Yippee-Ki-AI podcast

Books mentioned — none

Frameworks / models / tools named — the Replit production-database-deletion incident (canonical agent rogue-action case study); XAI key exposure (one of multiple frontier-lab credential-management failures); Challenger Gray 2025 layoff study (showing parity with 2007-2008 mortgage crisis); the "Chief AI Officer is a chief officer of water" framing; the two-question CISO test (data security, identity security); zero trust (NIST-aligned); the OSI 7-layer model and DiD (defense in depth); the dynamic-vs-static AI authorization framing; David Friedman's article on AI's railway-industry economic problem; the 85-95% pre-leased data center capacity to AWS, Google, and Microsoft

Other people / shows / resources referenced — Sam Altman (referenced for the rare "we don't know how to secure this stuff" honesty); Dario Amodei at Anthropic (referenced re: the wrong "no developers in 12 months" prediction); Replit (the agentic AI platform); ServiceNow (referenced re: the volume of agents in their solution); Microsoft Signal Messenger app discovery (unauthenticated agents); Chase Cunningham, Dr. Zero Trust (referenced for the China-vs-US AI workforce framing); Ray Dalio (referenced re: rise-and-fall-of-empires modeling); Christian Slater / American Gangster (Conor's blue-meth analogy); Brad Pitt and Edward Norton in Fight Club (Richard's "knife fight in a basement" analogy for CISO budget cycles); the Terminator T800 vs T1000 framing (mission-driven AI behavior); Yippee-Ki-AI podcast (Richard's new show); Singular AI (Richard's company); Pentera, JPMorgan Chase, Ping Identity, Traceable (Richard's career stops)