In this episode of Chasing Entropy, Dave Lewis sits down with Jaya Baloo, co-founder and COO/CISO of Aisle, to unpack one of the most important shifts happening in cybersecurity right now: the collision of AI, vulnerability management, and operational reality.

Jaya’s career spans telecom, cryptography, enterprise security, and AI-driven security research. The conversation moves from early BBS war dialing and CompuServe stories to the modern challenge of defending organizations against increasingly autonomous systems.

A major focus of the episode is the growing hype around AI-powered vulnerability discovery. Jaya breaks down why the conversation around models like Anthropic’s Mythos misses the larger issue. Organizations already struggle with asset visibility, remediation backlogs, inconsistent logging, and weak operational hygiene. AI did not create those problems. It accelerated the consequences.

The discussion also explores how smaller, open-source models can rival or exceed the results of heavily funded proprietary systems when paired with the right orchestration and context. Jaya explains how her team at Aisle used lightweight models to identify vulnerabilities in OpenSSL, including issues other systems missed entirely. The takeaway is clear: the model itself is only part of the equation. Execution matters more.

Dave and Jaya also examine the governance failures emerging around enterprise AI adoption. Internal copilots, third-party integrations, and poorly understood permission models are creating new forms of insider risk. One example from the episode highlights an employee querying an internal AI assistant about coworkers, only to have the system surface sensitive HR information. The technology followed instructions correctly. The organization failed to define appropriate boundaries.

The conversation turns toward leadership and board accountability, particularly how CISOs are expected to manage risk they did not create. Jaya argues that security teams are often left cleaning up years of operational debt accumulated elsewhere in the business. She is especially critical of “risk acceptance” culture, warning that organizations normalize small unresolved issues until they compound into systemic failures.

Other topics include:

• Why cybersecurity should be treated as foundational infrastructure for innovation
• The operational gap between finding vulnerabilities and actually fixing them
• The limits of current third-party AI governance
• Why curiosity remains one of the most valuable traits in security leadership
• How teaching others sharpens technical understanding
• The importance of working with people you trust and respect

This episode is a practical discussion about what security leaders should focus on now, before AI-driven attack capabilities mature further. The message is direct: stop treating AI as a future problem. Fix the fundamentals, understand your environment, and build systems capable of responding at machine speed.

Listen to the full episode to hear Jaya’s perspective on AI security, vulnerability management, and the operational realities most organizations still avoid confronting.