Why AWS doesn’t let AI run the show (yet) - Ctrl Alt Lead podcast

Five simple lessons AWS uses in its own AI ops

AWS CISO Chris Betz explains why AI still needs a human hand on the wheel. From sandboxing to red teaming, here’s how AWS keeps its agents in check.

In this episode of Ctrl Alt Lead, AWS’ Chief Information Security Officer Chris Betz tells Tom why human oversight still matters in a world of fast-moving AI.

AI agents are improving quickly, helping developers and businesses work faster. But they also bring new risks. Chris outlines five simple lessons AWS has learned while building and using AI internally, which include treating AI output like any other untrusted input; keeping access credentials separate from prompts; and testing generated code in a sandbox before using it in production.

It sounds easy, but the number of companies who have had security incidents from these relatively simple factors shows that you can't forget the basics.

Chris also talks about the need for audit trails and transparency. If an AI agent makes a decision, users and security teams need to understand how it got there. That helps spot mistakes and improve systems over time.

Tom and Chris touch on how security teams can use red-teaming techniques to stay ahead of fast-changing threats. Chris explains that security leaders shouldn’t wait for regulation to catch up: they need to act now and share what works.

In a more personal moment, Chris shares how he recently used generative AI to help his son build a simple video game. It worked - but not perfectly. That hands-on experience, he says, shows why it’s important to keep humans involved in AI development and decision-making.

Whether you’re a CISO, developer or IT leader, this episode of Ctrl Alt Lead offers clear, tested guidance from an industry giant on how to work with AI - without giving up control.

To access the full podcast watch the video, use the web player, or find Ctrl Alt Lead now on Spotify and Apple Podcasts.