Companies may have cybersecurity teams in place, yet many remain unprepared for the ways AI systems actually fail, according to an AI security researcher. Sander Schulhoff, author of one of the first prompt engineering guides and an expert on AI system vulnerabilities, stated on a recent episode of "Lenny's Podcast" released Sunday that numerous organizations lack the skilled personnel needed to comprehend and mitigate AI security risks. Traditional cybersecurity teams are trained to fix bugs and handle known vulnerabilities, but AI behaves differently. "You can patch a bug, but you can't patch a brain, " Schulhoff explained, highlighting what he sees as a fundamental disconnect between how security teams approach problems and how large language models fail. "There’s a disconnect between how AI functions and classical cybersecurity, " he added. This gap becomes evident in practical deployments. Cybersecurity experts might examine an AI system for technical issues without considering: "What if someone manipulates the AI into performing something improper?" Schulhoff, who manages a prompt engineering platform and an AI red-teaming hackathon, noted. Unlike conventional software, AI systems can be influenced through language and subtle instructions, he emphasized. Schulhoff mentioned that individuals experienced in both AI security and traditional cybersecurity would know how to respond if an AI model is tricked into producing malicious code—for example, by running the code in an isolated container to prevent the AI's output from harming the broader system. He believes the convergence of AI security and conventional cybersecurity represents "the security jobs of the future. " The emergence of AI security startups Schulhoff also criticized many AI security startups for promoting guardrails that fail to provide genuine protection.

Because AI systems can be manipulated through endless tactics, claims that these tools can "catch everything" are deceptive. "That’s completely false, " he said, predicting a market correction where "the revenue will drastically shrink for these guardrails and automated red-teaming companies. " AI security startups have been benefiting from strong investor interest. Both Big Tech and venture capital firms have heavily invested in this sector as companies race to secure their AI systems. In March, Google acquired cybersecurity startup Wiz for $32 billion to bolster its cloud security services. Google CEO Sundar Pichai acknowledged that AI introduces "new risks" at a time when multi-cloud and hybrid environments are becoming more widespread. “In this context, organizations are seeking cybersecurity solutions that enhance cloud security across multiple clouds, ” he added.