Alex Stamos has 23 minutes to stop an AI chatbot leaking data (Live Tabletop Exercise)

Jul 1, 2026

What does a security leader actually do when an AI chatbot starts confidently revealing customer data that was never supposed to see the light of day?

Alex has spent his career at the intersection of security and the hardest problems in tech—Chief Security Officer at Yahoo, Facebook, and SentinelOne, founder of the Stanford Internet Observatory, and now Chief Product Officer at Corridor, a startup focused on the security and safety of AI coding agents. If anyone knows what it looks like when AI ships faster than security can keep up, it’s him.

In this episode, host Khush Kashyap drops Alex into a fictional scenario: He’s roleplaying the CISO at Buzzmatrix, a fictional 400-person AI SaaS company with a lean security team and no in-house incident response. Late on a Friday, the VP of Marketing pushes a new AI chatbot live without security review. By Monday, customers are posting screenshots of the bot serving up order histories, account details, and support summaries—some real-looking, some hallucinated. Across a series of escalating injects, Alex has to decide what to take down, who to wake up, when to bring in legal, and what he owes customers.

Alex walks through engaging outside counsel, the GDPR clock, forensic vendor management, and the leverage a CISO actually holds over an uncooperative vendor. Along the way, he makes the case that the existential threat in most incidents isn’t the lawsuit, it’s the erosion of customer trust. At the end, he renders his verdict: real incident or constructed fiction?

The Tabletop is by Vanta, the leading Agentic Trust Platform helping security leaders manage compliance, reduce risk, and prove their programs work—before the incident, not after. Learn more about Vanta: https://bit.ly/4vJ1cdQ.

Time Stamps
[00:00] “Our lawyers will destroy you guys in court”
[00:46] Welcome to The Tabletop: Meet Alex Stamos and Today’s Scenario
[01:06] Setup: CISO at BuzzMetrics, a 400-Person AI SaaS Company
[01:24] The Friday Launch: Marketing Ships an AI Chatbot Without Review
[02:11] Inject One: The Screenshots: Real and Hallucinated Customer Data
[03:57] Pull It Down or Assess First? Triaging the Marketing Bot
[04:27] Inject Two: The Conversation: Customers Claim the Data Is Theirs
[05:03] Why You Don’t Post Before Legal Signs Off
[07:10] Do You Owe a Response When the Data Is Fictional?
[07:48] Inject Three: The Training Set: Real Tickets, No Scrub, No Consent
[08:14] Now It’s a Real Breach: Outside Counsel, Regulators, and the GDPR Clock
[10:52] When Does the Investigation Itself Become a Liability?
[11:47] Forensics Inside the Vendor and the Hugging Face Nightmare
[12:51] Vendor Leverage: “You guys are showing up in our write-up”
[14:55] Over-Legalization: Why Lawyers Shouldn’t Drive Incident Decisions
[15:29] Litigation Risk vs. the Existential Risk of Lost Trust
[16:43] Root Cause: Launch Calendars, Data Controls, and a Culture Not Paranoid Enough
[20:03] The Wake-Up Call: Staffing a Product Security Team After an Incident
[20:15] The Moment of Truth: Real Incident or Fiction?
[21:16] Off the Table: The One Question to Ask Before AI Touches Customer Data
[21:32] The Privilege Differential and Why You Can’t Trust AI Access Control