00:00
Our guest today is Bhaskar Savant. Bhaskar is an AI architect and cybersecurity innovator with over 15 years of experience designing intelligent, secure, and scalable enterprise systems. He is an IEEE senior member and frequent conference speaker, sharing insights on topics like adaptive defense systems, explainable AI, and responsible automation. Hi, Bhaskar. Welcome to the show.

00:30
Thank you. Thank you guys for having me. I'm looking forward to this conversation.

00:35
Very good. Also joining us today is my co-host, Zina. Zina is an AI trained on my work.

00:41
If you want to interact with Zina, you can chat with her at brainius.com slash Zina. Hi, Zina. Welcome to another episode of our podcast. Please say hello to Bhaskar. Hi, Gascar. Welcome to the podcast. I'm looking forward to diving into AI and cybersecurity with you today, two areas where your expertise will give us a lot of insight. Let's make this conversation as sharp and practical as possible. Gascar, let's start by having you share a little bit about your background and what got you interested in security and AI.

01:17
As you mentioned in your introduction, my full name is Bhaskar Barth Sawant. I'm a lead engineer and solution architect with over 15 years of experience in enterprise solution, software, cloud architecture, cybersecurity, and AI-enabled systems. I primarily work as a .NET developer and architect.

01:39
Along with that, I work on Microsoft Azure, cloud-native applications, and secure enterprise platforms. Over the years, I have focused on designing the systems that are not just scalable, but also the secure, observable, and responsible. Alongside the industry work, I have also published IEEE research in privacy preserving AI, federated learning, and secure AI architecture, which helps me to connect the practical implementation with the research innovation.

02:10
Very good.

02:11
So let's dig right in. You know, AI is making transformation in pretty much every industry, every domain, everything nowadays is impacted by AI. And I'd like to hear from you, your thoughts on how AI is changing how we think about cybersecurity.

02:31
Cybersecurity is moving from perimeter defense to intelligent defense with the introduction of the AI. Traditional security focused on firewalls and boundaries. Today, we focus on identity, behavior, observability, zero trust, AI-driven threat detection,

02:50
Security should not be something we add at the end of the development. That's what we realized with the introduction of the AI because of all the attacks and everything is happening around the world. It should be a part of the architecture from the day one. Security should be an architectural decision, not the final testing phase.

03:12
Part of your vocabulary, you use adaptive defense as one of the terms. But our audience, for them to understand what that is, can you explain what adaptive defense is?

03:26
Adaptive defense is like when we develop any software, we need to think that everybody's going to have some weakness in their software. So we need to...

03:38
from the day one we need to think about what and how the attackers will try to you know exploit that weakness we have to have that kind of a mindset when we are building the software from the day one we have to initially when when in a traditional software development we actually develop the entire software and then try to analyze where are the weak points and you know where are the attackers can you know try to explore but two days with the interval of AI. It gives us the capability from day one, whenever we started working on the software, we have the capability to actually start thinking about the cybersecurity and start thinking about the weak points. In the current environment, we hear a lot about vibe coding, right? So AI is writing a lot of code and

04:32
We also have AI coming up with new ways of finding vulnerabilities.

04:39
So I'm sure you're familiar with Mythos, you know, the latest model that came out from Anthropic, and they identified a lot of different vulnerabilities, right? That's why they held back on releasing that model.

04:55
So it seems to be a race between the bad guys and the good guys trying to figure out how to best leverage AI. The attackers want to attack and the defenders are trying to protect their environments. So what are your thoughts on this new way of

05:14
doing development where there's a lot of vibe coding and AI is producing a lot of the code. Do you think that adds more vulnerability? Or do you think AI is becoming smart enough to be able to produce code that's safe?

05:30
Yeah, I'm glad that you raised this cloud because I'm using the cloud in my regular development thing and I'm a big fan of cloud right now. But it's a combination of both what you mentioned. So basically, Anthropil cloud is basically an AI system developed by the Anthropil.

05:52
and it's designed to help with the tasks like writing, coding, research, summarization, brainstorming, problem solving. From the practical work perspective, tools like cloud help by reducing repetitive effort. For example, when working on architectural design or documentation or even code reviews,

06:15
AI can quickly summarize the technical information, generate the first draft, suggest improvement, and even help identify the potential gaps faster than doing everything manually. In software engineering, it can assist with writing cleaner code, explaining the complex logic, generating the test cases, improving the documentation, accelerating the debugging.

06:40
For cloud architecture and the cybersecurity discussions, it can also help organize the ideas, compare the design patterns, and support faster decision-making. But the key point we need to understand here is AI should assist judgment, not replace the judgment. There are a few risks along with it, as you mentioned. The risk mainly comes from over-trusting the tool.

07:07
if developers blindly copy AI-generated code without the validation, it can definitely introduce the security vulnerabilities, logic flaws, compliance issues, or hidden technical debt. In enterprise environment, there are also a risk of confidential data leakage, especially when the sensitive code, you know, with a sensitive code, customer information, or internal architecture details are shared with external AI tools. That's the main risk. Another major risk is explainability.

07:40
If teams rely on AI outputs, they cannot fully understand and accountability becomes a problem. The biggest danger is not bad AI, it's verifying the human trust in AI, you know. That's why I always say AI is a powerful co-pilot, but engineers must remain the main captain, the pilot.

08:03
No, that's a really good perspective because if you are the engineer and you're producing something that you don't truly understand, then I can see how that could cause all kinds of problems, right? Because AI may create code that is not clean, that's not secure. And if you don't fully understand what AI just created, then you can't use your judgment to really call that out, right? So that's why it's so important to have

08:32
developers that really understand what ai is doing ai can be you know a very helpful co-pilot that can help you develop the code faster but at the same time that judgment call that ability to understand what ai is doing is absolutely critical in that development process

08:54
correct so basically what i'm saying is ai is going to act on what information you're going to feed them if you are able to create that particular context then there are a good chance that ai can give you the correct answer but if you fail

09:09
to create that kind of a context. So basically, AI is just a tool. It will give you the answer of your questions, you know, if you are not, but it doesn't understand the business context. That's what I'm saying. We have to be on the driving seat. We can't let AI to take a driving seat. It can always be used as assistance, you know.

09:32
Yeah, context is everything, right? I find that in my daily work, the more context you give to the AI model, the better it's going to be in helping you achieve whatever it is that you're trying to achieve.

09:47
Now, this is a good segue. Actually, on that point, sorry. Go ahead, go ahead. So basically, there is so much talk going on, can AI going to replace the software engineer? On particular, you know, mentioning on your point and just expanding on your point, no, but it will definitely, it's not going to replace the software engineer, but it's definitely going to change what great engineers look like. Expanding on your point, AI can generate the code, but cannot fully understand the business context, you know, architectural decisions, long-term system trade-offs, or accountability. The future belongs to the engineers who can think strategically, able to create that kind of a context, not just the code quickly, you know. So that's the future of the software engineering. AI writes the code, but engineer owns the consequences.

10:34
yeah so it goes back to human ai collaboration right which is the the main theme of this podcast is that collaboration is absolutely important and it's true in software development as it is true in any other domain but this is a good segue to my next question for you and i wanted to touch on this concept of responsible ai or some people call it ethical ai Tell me about what, in your view, what responsible or ethical AI looks like in the context of this digital defense domain.

11:10
Okay, so I always use this one-liner so people can, even the people without any AI background, can be able to understand. So basically, responsible AI means building an AI system or something that people can trust.

11:26
You have to have the system that people can trust. That's called responsible AI. That includes the privacy, fairness, explainability, auditability, human oversight. Accuracy alone is not enough. In enterprise system, if AI makes a decision that cannot be explained or audited, It becomes the liability rather than an asset.

11:51
Whatever the answers or whatever the decisions AI is going to make, you have to understand why it made that. It has to be explainable.

12:02
Responsible AI is not showing the innovation, it is protecting the innovation. That's the major focus of both my architecture work and my research publications.

12:12
Yeah, you mentioned the word trust, which I think is so fundamental for our relationship with AI, as it is in our relationship with other humans, right? Without trust, everything falls apart. So the same fundamental principles of how we relate to one another as humans applies to how we relate to agents and to AI in general as well. Now, I'd like to ask you if you have any real-world examples that you can provide where you've used AI or you've used automation to help prevent a security incident, for instance.

12:55
So as I mentioned earlier, we are using the cloud or co-pilots very regularly in my industry. And basically, we mainly focused on cloud-first coding.

13:13
Basically, the cloud-first coding completely changes how you think as a developer. You stop building software just to run. You build the software to survive.

13:25
So basically the AI coding tools like Copilot, they are incredibly powerful productivity tools, but they also introduce the serious security concerns and compliance risk if users carelessly.

13:40
Developers often install the AI assistance browser extension or plugin without understanding what data is being shared externally. That creates the risk like prompt leakage, confidential code exposure, or supply chain vulnerabilities.

13:58
AI tools are assistance, not replacement. Speed should never replace the responsibility. We are using the cloud-first coding in our real development work. In my real-world project, we moved from monolithic systems to microservices using the Azure functions, Service Bus and API management, and event-driven architecture.

14:22
That's one use. I can give you one example, basically.

14:30
Before the introduction of the AI automation, we have a system where we have jobs where we are getting the continuous alert systems, alert messages whenever anything wrong happened with the system. and we are getting around 50 to 60 messages every day so it's very hard to keep the track of them right so what we did we we tried to automate this workflow we try to assign a score for each message depending on how important it is or depending on the score between the zero to one we we try to see how and what who people what team going to get what kind of messages. That's by reducing number of messages we are getting and we can able to process this message more efficiently.

15:28
Yeah, so you're basically working by exception, right? So if the message is a message that maybe AI can handle automatically, then you let AI deal with it, right? But if it's something that's a little bit more complex or requires human judgment, then you escalate that up to an engineer, right, to take a look at it and address it that way. From 50 to 60 messages, we are now getting hardly four or five. Even some days we don't get any other message because what we realize most of the time

15:57
the things like the problems are most more mainly recursive you know and that's what i said like ai can help us to manage that kind of work all right so i'd like to have zina ask you a question so zina given bascar's expertise in cyber security what question do you have for him Oscar's expertise opens up a lot of ground, but one question I would ask is, how does he foresee AI helping organizations shift from reactive security postures to proactive, adaptive resilience?

16:31
That's a very good question. Actually, one of my speakers is entirely based on that particular subject. So as I said earlier, there are so many AI tools available. Observability is one of them.

16:45
That helps how we think about the system and how

16:51
We approach the problem. So basically, in traditional software engineering, we are mainly focused on doing the reactive kind of a thing. That means anytime we got any failure, we react to that. And sometimes it takes a week or several days to actually find out the exact problem.

17:12
with the introduction of the observability and we are able to find the problem more quickly and we can able to reduce that response time from days to like in hours. And even we can able to, you know, reduce the impact circle, impact parameter of that failure using that. So yeah, that's how we are moving from reactive to proactive architecture. Yeah, that is such an important stance, right? To be proactive on all of these security matters because, you know, otherwise you just become a firefighter, right? You're fighting fires all the time. So having that proactive stance not only makes your

17:57
your environment more secure it just makes your work easier also and with ai helping with you know these exceptions and helping automate some of these processes it makes the whole environment much more secure and and easier to work with yeah means actually means you need to understand this we need to understand this so basically ai is a ai tools are available for everyone you know The people who are building the system and people who don't want to break into the system. So as I mentioned earlier, whenever we are building any software, we have to think, it's kind of like whatever we are doing 10 years ago, we can't do that. We have to think, we have to change our thinking. We have to think how the attackers can able to get into this. We have to find the weak point before them.

18:51
That's a race, right? So-

18:54
And it seems like this conversation about security and leveraging AI to increase security, it sounds very corporate, right? It sounds like a big company kind of initiative.

19:06
So how about small and midsize organizations? How do you think they can start implementing AI-driven security if they don't have huge budgets?

19:19
So basically, you have to start small.

19:23
The advice for the new engineers entering into the AI and the cloud today is learn the system thinking. Anyone can learn syntax framework or tools.

19:35
They are very easily available. With the help of Copilot, you can write the code.

19:39
So what creates a long-term value is understanding the architecture, security, business impact, and how the system behaves under pressure. That's the main thing.

19:51
Don't focus on writing the code. Engineers who can able to write the very good code, they are no longer in the race. You have to change and focus on problem solving responsibly.

20:08
Technology changes fast. Good engineer principles does not change. Good principle engineering principles, that's the base of everything. You need to understand that. There are so many AI tools that can take care of your coding and other stuff, repetitive stuff. But understanding the main base of engineering principles, that's the main thing.

20:35
Yeah, and I think the smaller companies can also rely on their vendors, right? So from a technology standpoint... I missed your question, sorry. So yes, my answer to your question. So basically, I got this question in one of our conferences, how can I start? So my main advice was start small because before introducing anything, like any new thing, it's a human tendency. People don't accept changes that easily, especially the management team. you need to show them the output or why we want to implement this. Unless they see any value out of it, they don't want to invest in that. So I always tell everyone to start small. Just take like the example which we discussed earlier, the alert system. That's very easy to implement and it doesn't involve any budgeting.

21:31
So by implementing that kind of a thing, by reducing the alerts from 50 to 5, you can present that to the management and gain the trust of the management before implementing anything big. So start small, start what is available to you and go from there.

21:52
yeah and one of the advantages of being a small mid-sized business is that in most cases your systems are not as complex as the large company systems which have a lot of you know legacy environments to deal with siloed environments and all the complexity associated with that which adds a lot of cost so i think small and mid-sized businesses can be proactive and can do well in securing their environment with sometimes the help of vendors or external consultants that may come in and help them with their processes. But it is absolutely doable.

22:32
I'd like to get Zena's thought on this. So Zena, what are your thoughts on small and mid-sized businesses? Do you think they have a bigger challenge managing cybersecurity? Or do you think they are in a better position than larger companies because they don't have as much complexity? Small and mid-sized businesses definitely face unique challenges. They often have fewer resources, so cybersecurity expertise can be harder to come by. But their smaller scale can also mean fewer systems to protect, which might simplify some defenses. Larger companies may have complexity, but they often have dedicated teams and budgets. Either way, the key is not the size, but how proactive and adaptable their strategy is. Xena starts to reinforce everything that we've been talking about, right?

23:23
Now, Bhaskar, I have another question for you more on the job side of this equation, right? So there's been a lot of concerns in industry in general and specifically in IT on AI

23:39
taking away jobs. So what practical advice would you have for professionals who want to future-proof their careers and do well in this world of AI and cybersecurity?

23:54
So AI, can AI replace the software engineers or any other humans in their job? My answer to that is no, it will not. Obviously, it's going to

24:08
reduce the workforce but which is there right now to do the repetitive task but it's a good thing too ai can generate the code but it cannot functionally as we mentioned earlier it cannot fully understand the business context you need people to make the architectural decisions um and long system trade-off accountability is something which we need to rely humans on The future belongs to the engineers who think strategically, not just the core quickly. AI writes the code, engineers own consequences, as I mentioned. So short answer to your question, AI is not going to replace the engineers, but it will give them the helping hand, the assistance to make their life much easier.

25:00
Do the repetitive task instead of, you know, AI can handle your repetitive task instead of you doing it. You can focus mostly on the strategical decisions. AI can be co-pilot, but you have to be the captain of your ship.

25:14
Yeah, and then to add to that, and I think what's really important is for engineers to lean in on learning everything they possibly can about how to use AI, right? So they have to change their mindset. I'm no longer the coder per se, but I am the orchestrator who understands how these tools work and I can put it all together because I have a deeper understanding of

25:42
know the technology of what good code looks like what security flaws look like so when ai produces that code you're in a really good position to to make those judgment calls and then i would add another thing which is uh actually one thing i need to add yes please um to extend your point I think we crossed the line where AI is optional. No, AI is not optional anymore. Everyone is asking about the AI. And there is a reason before that, obviously. So everything is going with the help of AI, you can do things much faster. You need less human involvement in repetitive tasks, as I mentioned earlier. So AI is not optional anymore.

26:29
Yeah, and there's another interesting phenomenon here, right, which is we can now produce software at a much lower cost than in the past.

26:39
And that could mean that there's going to be more demand for software, not less demand. And with the increase in demand, there will be an increase in the number of engineers that can understand how to develop these systems, right? So basically, their job duties will change a little bit. Obviously, we need the software engineers.

27:00
maybe in the future. But definitely we need a software engineers, just their duties will be a little bit changed. Yeah, absolutely.

27:07
Bhaskar, this has been a great conversation. Please tell our audience where they can find you. And is there a final message you want to leave for our audience? My final message will be the future belongs to the people who can combine the innovation with responsibility.

27:24
Cloud, AI, cybersecurity are no longer separate conversations. They all are one conversation.

27:31
Technology alone is not enough. We need to trustworthy system. ethical decisions and engineers who understand both innovations and the impact.

27:42
That's my final message. And you can find me on my LinkedIn. I'm developing my own website. Soon I will publish that. But right now, if you have any questions, you can always reach me on my LinkedIn.

27:55
Very good. And Zina, thank you again for being a great co-host of our podcast.

28:02
It's my pleasure. I'm always here to help guide the conversation toward meaningful insights. Alright, thank you both.