In this episode, I sat down with Mike Britton, CIO at Abnormal AI to explore the increasingly urgent overlap between AI governance and cybersecurity. With AI accelerating faster than regulation, and attackers already using these tools for harm, Mike offers a pragmatic take on what needs to happen next.

We dig into the realities of regulating AI in a fragmented world, drawing comparisons between Europe’s application-based approach and the US’s patchwork of state-level initiatives. Mike shares why he believes regulation should focus on context and application, not just model size, and why human oversight must stay part of the loop.

We also cover:

• How Abnormal uses behavioral AI to catch phishing and email attacks before they hit inboxes
• Why sandboxes and risk-based regulation can protect innovation without losing control
• The threat of over-regulation pushing innovation toward regimes with fewer ethical safeguards
• The challenge of navigating AI vendors at security events, where almost everyone claims AI capabilities
• The real-world risks of AI bias, misuse, and geopolitical influence in open-source models

Mike also shares practical guidance for CIOs and CISOs on model validation, audit trails, kill switches, and how to distinguish genuine AI value from marketing spin.

🧠 One key takeaway: Attackers are already using AI. If security teams don’t fight fire with fire, they’re at risk of falling behind.

🔗 For more, check out abnormal.ai or connect with Mike on LinkedIn.