In this episode of The CTO Show with Mehmet, Mehmet sits down with Jason Remillard, Founder of Data443. Jason brings more than 30 years of cybersecurity, data security, infrastructure, and enterprise risk experience. The conversation focuses on the gap between AI adoption speed and the security operating models still built for slower systems.
The episode reframes AI security as an execution and visibility problem, not only a model risk problem. Jason argues that security teams lose when they only block users, rely on slow approval workflows, or assume old SOC models can handle AI agents, MCPs, SaaS sprawl, and machine-speed data movement.
If you are leading cybersecurity, enterprise IT, AI adoption, or digital infrastructure strategy, this conversation gives you a practical lens for where the real exposure is forming.
About the Guest
Jason Remillard is the Founder of Data443, a data security company focused on securing data across systems, users, and enterprise workflows. His career spans more than 30 years, from early systems operations and ISP infrastructure to enterprise security and regulated environments.
Jason has worked across cybersecurity, data protection, ransomware recovery, threat intelligence, DLP, attack surface management, and AI-related security challenges. His perspective is grounded in the operational reality of how users, security teams, and business units behave when controls create friction.
LinkedIn: https://www.linkedin.com/in/jremillard/
Website: https://data443.com/
Key Takeaways
• AI agents expand the attack surface faster than security teams can govern with manual workflows.
• End users bypass controls when security becomes a blocker to legitimate business execution.
• DLP cannot solve data loss when users can photograph, move, and re-enter information elsewhere.
• Security teams need to enable safer decisions, not only enforce binary allow-or-deny rules.
• Inference can reduce AI security costs when models are trained for specific enterprise use cases.
• Threat intelligence must track agents, connectors, APIs, and machine actions as risk-bearing actors.
• Post-quantum risk matters because encrypted data can be stored now and decrypted later.
• Cyber resilience starts with assuming breach, not assuming the perimeter still holds.
What You Will Learn
• The reason cultural failure still sits behind many enterprise security failures.
• How AI agents change visibility across SaaS, APIs, Shadow IT, and enterprise data flows.
• Why traditional exception management breaks when AI decisions happen in milliseconds.
• How inference can help security teams operate faster without relying only on GPUs.
• What MCP and agent-to-agent workflows mean for API governance and connector risk.
• Why post-quantum security is already relevant for long-lived sensitive data.
• The practical starting point for cyber resilience when attacks cannot be fully prevented.
Episode Highlights
00:00 — Jason Remillard frames three decades in cybersecurity
04:30 — Security failure starts with not-my-job thinking
08:30 — DLP breaks when users bypass friction
12:00 — AI agents change enterprise visibility
13:30 — Approval workflows cannot match AI speed
17:30 — Non-human actors create identity risk
20:30 — AI defense depends on trained inference
27:00 — Multimodal input changes user behavior
28:30 — MCP turns APIs into hidden risk
31:00 — Attackers gain the same AI velocity
35:00 — Quantum risk makes stored data vulnerable
39:00 — Resilience starts by assuming breach
Resources Mentioned
• Data443: Cybersecurity and data security company founded by Jason Remillard
• Intune: Endpoint management platform discussed in the ransomware recovery context
• DLP: Data loss prevention controls discussed throughout the episode
• ServiceNow: Mentioned as an example of slow approval workflows
• SharePoint and OneDrive: Mentioned in the context of enterprise AI access to internal repositories
• ChatGPT: Mentioned as an example of AI tools used with enterprise data
• MCP, A2A, ACP: Agent and protocol concepts discussed in relation to AI security
• Salesforce and SAP: Mentioned in the context of AI-driven system integration
• SIEM: Discussed as part of traditional security operations
• CrowdStrike, SentinelOne, Microsoft Sentinel, Microsoft Defender: Mentioned in relation to playbooks and security response
• Google: Mentioned in relation to post-quantum timelines
• PGP, SSL, OAuth: Mentioned in the encryption and trust discussion
• Snowflake and SQL Server: Mentioned in relation to tokenization and database security
• Kafka: Mentioned in relation to rebuilding and resilience decisions
• NVIDIA H100: Mentioned in the AI cost and GPU discussion
Listen Now
Available on all major podcast platforms and YouTube.
Connect with the Show
Follow The CTO Show with Mehmet for more conversations at the intersection of technology, startups, and venture capital.
