When Cloud Security Meets AI: A Playbook for the Future Leaders

Transcript

1. When Cloud Security Meets AI A Playbook for the Future

   Leaders Sena Yakut, 2025

2. About me! Sena Yakut, Cloud Security Architect @CyberWhiz All details,

   links about me:

3. Why Cloud Security Meets AI ❖ Most digital services today

   run on cloud infrastructure. ❖ AI is no longer experimental. It’s embedded in everyday products. ❖ Security decisions now affect millions of users at once. ❖ One misconfiguration can become a global incident.

4. The Cloud,Simplified ❖ The cloud is someone else’s computer, accessed

   over the internet. ❖ You don’t own the hardware,you share responsibility. ❖ Cloud providers secure the infrastructure. ❖ Customers secure data, identities, and configurations. ❖ Most cloud incidents happen due to human decisions, not hackers.

5. The Cloud,Simplified

6. What Are We Actually Protecting in the Cloud?

7. AI Changes the Rules For Everyone ❖ Attackers use AI

   to move faster and smarter. ❖ Defenders use AI to detect patterns and anomalies. ❖ Speed becomes the biggest advantage. ❖ Scale increases both mistakes and protection. ❖ Attackers automate creativity. The real question is: who uses AI more responsibly?

8. AI Changes the Rules For Everyone AI is neutral, people

   decide the outcome.

9. Vibe Coding… at Cloud Scale ❖ Code is generated fast,

   almost effortlessly. ❖ Security thinking is postponed or skipped. ❖ Permissions, access, exposure… they’re all silently decided. ❖Vibe coding isn’t wrong,it’s powerful.

10. Learn First, Then Vibe ❖ Everyone starts by experimenting. ❖

    Learning fundamentals builds confidence. ❖ Understanding basics & reading docs are important! ❖ Vibe coding works best after foundations. ❖ Security is part of learning, not a blocker. 🪭 AI is best used as a partner, not a shortcut 🪭

11. What If You Only Vibe Code? It Worked… So I

    Deployed It - Vibe-coded app code: 🪭 AI is best used as a partner, not a shortcut 🪭 import boto3 s3 = boto3.client( "s3", aws_access_key_id="AKIAEXAMPLE123", aws_secret_access_key="super-secret-key") “It’s faster than setting up IAM”. “It’s only on my laptop”. “I’ll remove it later”. Hardcoded IAM credentials

12. What If You Only Vibe Code? It Worked… So I

    Deployed It - Vibe-coded app code: 🪭 AI is best used as a partner, not a shortcut 🪭 resource "aws_security_group" "app_sg" { ingress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } } “This avoids networking issues” “I just want it to work” Open Security Group

13. What If You Only Vibe Code? It Worked… So I

    Deployed It - Vibe-coded app code: 🪭 AI is best used as a partner, not a shortcut 🪭 { "Effect": "Allow", "Action": [ "s3:*", "dynamodb:*", "iam:*" ], "Resource": "*" } “AI suggested this” “It avoids permission errors” Lambda Broad Permissions

14. What If You Only Vibe Code? It Worked… So I

    Deployed It - Vibe-coded app code: 🪭 AI is best used as a partner, not a shortcut 🪭 resource "aws_db_instance" "student_db" { engine = "postgres" instance_class = "db.t3.micro" publicly_accessible = true } “My app needs to reach the database” “Public means reachable, right?” “It’s just a small project” Public Database

15. How to Vibe Code Responsibly ❖ Learn the basics before

    automating them. ❖ Learn security / cloud process. ❖ Read documentation ☺ ❖ AI writes code, you own the outcome. ❖ When unsure, slow down before deploying. You don’t need to be perfect, you need to be aware.

16. Recommendations OWASP GenAI Security Project AWS Security Blog