Risky Business - Soap Box: Where does AI fit into cloud security?
Episode Date: May 15, 2026In this sponsored soap box edition of the Risky Business podcast Patrick Gray chats with Toni de la Fuente, the founder of Prowler. Prowler started off as a bunch of sc...ripts in a trenchcoat, then became an open source cloud security tool, and it’s now a venture-funded cloud security business. In this interview Toni talks us through how AI is changing the game for him as an open source project owner, and as a vendor. In short, reports of the death of IT and security tooling at the hands of frontier models have been greatly exaggerated. This episode is also available on Youtube. Show notes
Transcript
Discussion (0)
Hi everyone and welcome to this special soapbox edition of the Risky Business Podcast.
My name's Patrick Gray.
The soapbox editions of the show are wholly sponsored and that means everyone you hear in one of these editions of the show paid to be here.
Today we are chatting with Tony De La Fuente, who is a founder of Proula.
And Proula's got an interesting backstory actually because it started off as a tool that Tony used to, you know, he wrote it himself,
basically a bunch of scripts in a trench coat and he wrote it.
to do certain security things to a bunch of AWS accounts he was responsible for.
And from there, it just sort of grew, got a little bit more complicated.
He open sourced it.
And one thing led to another.
And now it's an immensely popular project with, what is it, 13,000 plus GitHub stars at the moment, right?
So it's got a really active community behind it.
It's a great tool.
It doesn't just do Amazon anymore.
It does all of the major cloud providers plus SaaS as well.
So Google Workspace, M365, all of that.
So, you know, once a year, Tony and I get together for one of these longer-form interviews,
and we just sort of chat all about the world as he sees it.
And I guess this year it'll come as no surprise that we're chatting about all things AI.
And from a few different angles, too.
So for starters, you know, how is AI changing running a open source project?
Like, is that, you know, is every single commit now coming?
Like, is that all AI generated code?
And it turns out, not surprisingly, the answer is yes.
Secondly, you know, is Tony concerned that when you're building a open source plus kind of business, is he worried that people are going to try to vibe code the sort of enterprisey features using open source prowler as a base?
So it's like a bit of an interesting business conversation there.
And you know, what does this tell us about the SaaS business more broadly?
I think as you'll hear, we sort of came to the conclusion that you can vibe code an equivalent to SaaS software, but it doesn't mean you.
should because that's probably still going to be a pain in the you know what.
And you know, we also talk about how Tony sees Proula playing in the agentic world.
You know, what does Agenic Cloud Security actually look like?
What's his take on that?
And, you know, as you'll hear, he thinks, and I think reasonably so, that tools like Proula
are very useful in the AI world because they're sort of a little bit more deterministic than a model.
You know, you can go ask a model, hey, you know, here's an API can.
go secure my cloud infrastructure, and I think we know that's going to end really badly.
So, you know, getting AI agents to use tools seems like the way everything's sort of shaking out.
Anyway, I will drop you into the interview now, as Tony explains that, yes, all of the code being
submitted to Brala these days is indeed AI generated.
I hope you enjoy this interview.
You can go to the repository to see the open pool requests.
pretty much, I would say 100% of the code is generated by AI now.
Of course, that is not bad at all.
So as far as you, as long as you have the proper guardrails in place.
Of course, in terms of tests when it comes to accepting the code,
the basic test for security, etc., I mean, Linters, etc.
But also something that we see, and that is very positive when it comes to coverage, is the community is adding more and more controls into Prouder.
So instead of thinking that AI will know what to do in the cloud for security, we are still building deterministic controls.
And the community is sending to the contributing with those deterministic controls into Prouder, because at the,
the end of the day, the right or wrong configuration is something based on the output of an API,
right? But at the same time, it's not just a single bullion result. It's that result along with
everything around, right? To get the context, actually. And for that, AI is great to get that context.
And with graph databases, bullion results based on the determinants.
information you get the whole picture of what's going on in the cloud and what is
actually the important thing to do right not just but I mean this is this is this is
this is the whole thing right I think there's a bit of clarity now that wasn't
quite there even a year ago there was this sort of thinking that oh I is going to
come along and it's going to replace all of the tools and we've even seen stuff like
the so-called Sasspocalypse right where the shares in a whole bunch of Sass
companies lost a bunch of value
because everybody's like, oh, SaaS,
SaaS is dead.
I mean, I think what we're seeing,
you know, sure there's going to be some pressure on SaaS and whatever,
but when it comes to like hard tools, right?
Stuff like Burp Suite, stuff like prowler.
I mean, good luck trying to get an, you know,
you're going to be better off getting an agent to use the tools.
I think we've got to start seeing these agents
as replacing a lot of the drudgery,
a lot of the manual labor.
But I don't think the agentic age necessarily is going to really
replace a lot of these tools, right?
I mean, what do you think of that idea?
When it comes to knowing what to do in any cloud to secure the cloud,
we can go to the easy part, the easier part which is, okay, let's secure AWS.
I mean, everybody knows about AWS or even Azure, right?
Or Google Cloud, well-documented, kind of well-exposed into the APIs, regions.
It's easy to understand, right, more or less.
But it's a life organism.
It's not something that you go like a Terraform file,
that the Terraform file is static, right?
Of course, you can go through all the Terraform lines
and to see if it's right or wrong.
As we can see, pretty much any cloud code
or any EDI can do that, very secure.
When we are talking about the cloud,
we are talking that first, we need to know the endpoints,
the regions, APIs,
services that are available, how those services are configured today, but how are they going to be
configured tomorrow because cloud providers are adding new features all the time, changing API
end points all the time, adding new regions all the time, all that stuff is a life stuff that
you need to know where to go to get that. And this is exactly the point, right, which is that if you
are in a situation where you're trying to get an LLM to do that for you, you're basically giving it a
prompt that's more or less a spec
right for the software in the first place
because you've got to tell it to do so many things
and make no mistakes right
and it will make mistakes
that it just sort of doesn't seem quite feasible
to do this well
just raw
with it with an online you know
LLM with a frontier model it just doesn't seem
like a good idea it's going to take a lot of time
first is going to be costly
of course and it's going to
be very random.
So to trust their results.
But that's it. But that said, you take some tooling, whether that's
Proula, whether that's something else.
You know, it's got those vibes.
Like you give it Proula and you say,
I want you to use Proula to do X, Y, Z.
I'm guessing you have done that.
Yeah. Actually, now, when you use cloud code and you,
I mean, of course you can configure Prouler MCP,
which means that you make your AI-driven ID.
cloud security expert, not only knowing about what to do in cloud.
You know, we're talking about MCP.
That's so 2025, Tony.
Yes, bad.
Yes, but.
Yes, but still works, yes.
But I guess what I'm asking is like, you know,
how have you gone with getting some of these frontier models to use Proula?
Like, is it easy?
Yeah, so the point is you can tell Cloud Code,
hey, taking into account the,
prescriptive guidance of the prerrower gives you in terms of controls remediation's
uh detections remediation compliance etc tell me how my ex whatever cloud is working out so it's
deterministic part with you know a pinch of AI instead of AI go and see what's going on right
which is yeah and hope for the best exactly so we are we are driving yeah at the end of the
what we are doing with Prouler Hub, our registry, is like a huge prompt for AI to know what to do in the cloud, in any cloud.
So actually with Prouler Studio, which is another open source tool that we have created on top of cloud code,
is basically a workflow that allows you to create detections, remediation, based on the deterministic database of Prouler, right?
for any cloud provider, you can tell, hey, I need to know what's wrong in Google Workspace,
for example. It's going to create you the basics and not that basics,
I mean, artifacts to find the issues in the cloud, and then you are going to be able to correlate
those issues with other results. I mean, right now, we put, so we have detections and
remediation, but we put the results, the findings into a graph database and also the relational
database in order to link all the results and correlate all the results for a proper results, right?
No, 100%.
But here comes a curlier question, right?
So I think we've established that even in the AI-IH, we still need tools, right?
the models still need tools to use to do specialist tasks, right?
Because, okay, sure, could you vibe code something that would kind of do it?
Yeah, maybe is it going to be a pain in the, you know what?
Yeah, it definitely will be.
But I guess my question is, you're running a open source project.
So I'm wondering how concerned you are by the idea
that someone could take the open source component of prowler
and then vibe code the sort of enterprise,
features because if I'm you, I'm not worried that nobody's going to need prowler anymore.
But I am starting to think, well, you know, are they going to need the optimized for
business part or are they going to create their own prowler SaaS and just, you know, do that that way?
I mean, I think those sort of risks are overstated, to be honest, because no, even if you can vibe
code it, nobody wants to spend their time doing that.
But I'm really curious to hear your thoughts there, Tony.
Well, that is the risk of building a successful open source project, but not from today because of the AI.
Also, 10 years ago was the same issue.
Yeah, but now it's easier.
Now it's easier, right?
You would admit that the calculus has changed a little bit.
Yeah, now, of course, now you can build in a week what you could build like 10 years ago in five months, right?
But also, if you move back, even back 20 years ago before the explosion of open source,
happens the same. I mean, with open source, we manage to build software way, way faster, right?
Because you are using components. I mean, people is not typing all the modules, all the components of software anymore, right?
So with AI is the same, but the holistic way, in the holistic way.
So when you have a successful project that does a good job, it has a big community,
Of course, everybody is going to use you, right?
Because it doesn't make any sense to build another tool to do the same
because you have already that tool and you have already that community, etc.
That is happening.
And that was happening five years ago even before having AI with Prouler.
So a lot of companies are using Prouder underneath.
But they are not Prouder.
They can use Prouder as a component in their infrastructure
and that is what is happening.
So, but my question is, so what is the goal of software?
Of course, is solving a problem.
And then what is the goal of the company on top of the software is to make business on
top of that?
So I think it is easier or should be easier to make a profitable business on top of that
opportunity than on top of nothing, right?
So for us, it's key to have a lot of.
company is using Proller. At the end of the day, Prouler is for cloud. And cloud is a business
itself. It's not like Prouler is for something free. Prawler is for something that everybody's
paying. So the money is there. So I don't see a problem if somebody says, okay, Prouder is very
helpful. I'm going to build something on top of Prouler. I see actually an opportunity.
Let's see how big that opportunity is. And of course, there is people that.
is going to take advantage of the open source nest and freedom.
Well, I just mean, I just mean, I'm not, I'm not even talking about competing companies.
I'm talking about like, I'm an enterprise person.
I see that I could use prowler.
I could probably vibe code up a bit of an interface, you know, some of the enterprise features
that I need, you know what I mean?
Then I don't have to buy your product.
That's all I'm wondering.
I mean, I think most people, they can't be bothered doing that.
They're probably going to just spend the money.
But, you know, I just wonder what you're thinking is there,
because the calculations around build versus buy
when it comes to open source projects,
it's changed.
That calculus has changed quite a lot.
Yeah.
So recently, there is a,
I mean,
many companies are saying,
okay,
why I'm going to pay for a SaaS
if I can build it in-house?
So, right,
that is happening now.
Of course,
that is with this SaaS apocalypse.
But we will see what's going on in a year
from now,
in two years from now,
when those very well-done, bike-coded applications
to solve a problem are becoming a monster,
are becoming a Frankenstein.
And the two guys that were building that,
they decide to leave the company.
So let's see what we get with AI and with those frankenstains, right?
And how to maintain those.
So because, again, that is some sort of similar story
happened with open source back in the days.
Like, okay, I don't have to buy something because I already have MySQL, right?
And now I have a 3 terabytes my SQL database and call somebody to optimize those queries, right?
So I think something similar can happen or it's probably going to happen with AI and BiveCoding Monsters.
What we truly believe is that generating a context of, with open source, or even without open source,
but following best practices about how to add components,
how to add more capabilities on top of a platform is key.
Of course, as I said before, in Prouler, all the code is AI generated right now, right?
From community, even ourselves, of course, we have to review the code.
We have to test the code, to QA the code.
Before going to production, we have, of course, dev, staging,
and also different ways of rolling out features into production,
including paid-only features that we have.
But the point is, are we going to be able to maintain all that code properly
to offer a proper service?
That is the goal of software vendors, right?
Or services.
Yes.
When you have your own...
It's really great.
It's really great what you're saying,
because I totally agree with you to the degree that I actually,
actually bought some shares in SaaS companies after the SaaSpocalypse because of exactly what you're saying, which is everybody's like, oh my God, I can be my own software company. And it's like, okay. But meanwhile, the SaaS companies, they're also doing a whole bunch of AI delivered code, but at a much bigger scale and you can kind of cook up in your, you know, I mean, it's a metaphor, but your basement, right? So their stuff's going to get better and your stuff is going to be a bad approximation of what they had before. They started using AI and they just sort of think, yeah, it's, it's,
I think the death of SaaS, the death of tools, it's been greatly overestimated,
greatly.
Reports of the death of SaaS, reports of the death of IT tooling have been greatly overstated.
Yeah, yeah, totally.
And again, let me add this again to make sure for everybody to understand, to see if you
agree with me on this.
With the growth of software back in 15 years ago, 20 years ago, with open source, was kind
of the same now, right? Now, everybody is building tools because developing is a commodity,
anybody. So from the idea to the software is like, the idea is the prompt to build the software
right now, right? Go to lovable, go to any other tool to make that. So we are in this
similar paradigm, which is great that software is a commodity, software can be created by anybody.
but software is not only creation.
Software is about maintenance.
Maintenance.
Evolving, knowing why you are building
because it's like, do you think
a guy, of course,
in a garage can create
a cross-strike, the new cross-strike?
We can probably do
effective XDR, right?
You and I, you know, we can do
some sort of XDR, but this is not
about an XDR.
Not an XDR I'd want to run, you know?
Exactly.
This is not about solving a single problem or an important problem.
This is beyond that.
We are talking about it.
The way I see it, right, is like with all of this software as a service,
what you're really paying for is the expertise.
And that's not changing.
You've been paying for the expertise of people to deliver to you,
you know, basically an application over web that is being constantly updated,
constantly maintained. I mean, that's why it's as a service. It's the service part of as a service.
Okay. And it's just okay. So the delivery of that service is changing a bit, but that doesn't
mean we don't need the service anymore. We don't want to all become software companies.
You know, and there's all that that thought bubble about how every company is a software company
these days. And like, I guess for, you know, I guess for large enterprise, that is partially true.
But that doesn't mean that you want to have to recreate every bit of tooling that you use in
your enterprise just because you can vibe code stuff now like that just seems insane you
know and I think you know I think I mentioned it earlier we had a great chat with
the people at Portswiger talking about burp and like okay you hear about you know
Claude being used to do off-sex stuff but like what are you going to give it netcat and
curl and tell it to go do a pen test like it's not gonna it's that's not gonna work it
needs to use tools so I see like a lot of a lot of open source tools open source tools
open source tools are going to be very, very important to the frontier models for them to use to do things.
I mean, I guess it's just like where I wonder, right, where I think we've got to work it out and what you're going through right now is the future of the open source part of it is very clear, right?
You just keep going.
You know, there's going to be more code.
There's going to be, you know, new features and everything's going to accelerate.
And when it comes to it, but when it comes to the business side of it, that's where you've got to sort of innovate and think, well, how do I make this?
you know, this an appropriate commercial software as a service tool that people are going to want to
buy in the AI age, right? How are we going to get this thing to play nicely with the agentic
approach? I mean, that's about where you are, right? Yeah, exactly. So now it's not only needed,
which is needed as well, but it's not only needed a proper UI, proper way for a human to interact
with software. But also, you have to have that software to be able to be interacted by an agent
or multiple agents, right, in order to know what to do, how to use it, etc. To extend that,
also, you have to have your proper skills or skill set in the software to get everybody know,
hey, if you want to add this or to do that, do it this way. Or you have to have those guardrails
around the software to be agentic. That is why we call Prouler the agentic cloud defender.
there because it's not only the human that can go through APIs and dashboards and beautiful
charts, all that stuff, to see what's going on, but also an agent to see, okay, this is the
data, this is the correlation, give me what is next, right? Based on, again, deterministic
information, not just guessing or magic AI type of information that nobody trusts. So,
So that is the, those kind of guardrails that we are building around cloud security are
key for the human, of course, interaction, but also for those agents, that at the end of the
day those agents are going to make decisions for the humans and then it's like a close
loop, right?
Because it's not only about detection, it's also about remediation, it's about
real-time detection, real-time remediation, and that loop over and over.
Let's say that you need to have your, beyond the major cloud providers,
whatever cloud in Europe, that you have to have GDPR.
The French are building their own one.
It's like we will call it the no-donald dot cloud, right?
Yeah, I mean, pretty much any country is building their own cloud now,
and we are supporting those clouds in many different ways.
So if you go to those clouds and you pull, I mean, you plug prowler into those clouds
is a matter of knowing what to look at, but also making sure you are remediation those issues.
It's not only about detection again, it's about remediation in real time, but moreover, in the
infrastructure as code before is, I mean, to prevent that to happen, right?
All that stuff is, of course, you have to do.
tell AI how that has to be because in many cases those clouds are very proprietary.
I mean, things are you don't know until you look at them, like stack it in some cases in
Germany or many others in different different countries.
Or in other cases, we have not realized that they are based on open source, like open stack,
for example, or even closed clouds like VMware BCF.
So everybody has their own flavor or even just pure Kubernetes,
which makes a different story that we also support as well.
But, yeah, the also frameworks around those detections and those remediation.
And the attack paths around those are key in order to, of course,
control whatever the AI can do with the data.
So you have to tell the AI, okay, if this happens with this stuff and this other resource here, this is an attack path, for example, and this is going to be bad.
So that was my next question, which is what's the vision for how all of this works, right?
Like, is it the, you know, is there just an agent sitting there doing stuff all of the time where, you know, your platform just keeps kicking the agent to perform certain tasks, do assessments, do remediation,
based on the assessments or is there a human in the loop or like what's the what's the vision for how
the whole thing is actually going to work so the the way we see it is um you you have three main
sources of truth right one is what you understand for cloud security which is the the registry of
artifacts to to know what to detect let's go very basic so if uh ns3 bucket is open
with it's open, it's raise a flag, right?
And if it's open because it has to be open, no worries.
If it's open with PII, big red flag, right?
All that stuff is some sort of deterministic, right?
So the agent needs to know what is right and wrong.
Second, you need to know if it's right or wrong what to do, right?
So that part is also the deterministic.
You can add some pinch of AI on top of the remediation.
but the remediation has to be told somehow, right?
Also, how that impacts to your compliance framework around.
So if you need to be compliance with something,
that needs to be mapped with something.
And of course, you can let AI to do that,
but it's probably going to be wrong.
So you need to have that mapping in a place, right?
Well, but I mean, you can have Prala do it,
but AI can be kicking off the scan
and actually matching it and telling you if it's done.
Exactly.
Exactly.
So everything that we are talking are the deterministic part on top of everything that an agent can do.
An agent, not only triggering an scanner or triggering a remediation or whatever around the cloud,
but also getting to know what to do, confuting or muting what is not important,
creating groups for account groups for your different teams.
hiding or exposing information, etc.
So it's not only about if you have properly configured your specific cloud.
It's everything around the operation of cloud security, of the cloud infrastructure.
And that is beyond...
I mean, I think of these agents, right?
Like, I joked recently that, you know, all these agents out there doing offensive stuff.
I call it like the threat environment now is you've got to deal with infinity script
kiddies, right? And if you think about it on the, on the, you know, the defensive side,
it's almost like you've got access to infinity 18 year olds who can code really good software,
but like they're 18 year olds. You know what I mean? You got to give them pretty clear
instructions. Well, they're going to do something insane. Actually, we are now, everybody is now
a script kitty, right? What is, is, is, is, uh, by coding, right? Well, script kiddies,
script goodies can vibe code O'Day now, right?
It comes back to the picture of the person giving the monkey the machine gun, you know?
Exactly, exactly.
Yeah, that is, I mean, that is the reality of something that somehow is,
is what is happening with this software.
And I think it's good.
I think everything that is happening with AI and agents
around AI and around tools is good because it's pushing us to the next level of
hardening systems, which is what I like the most.
Of course, attacking and doing all that red teaming activities are great.
But for me, what I like the most is, okay, now that we know how a bad actor can do stuff,
let's try to secure that, which is harder.
It's more difficult.
So here's the funny thing, right?
is that your business, okay, so you're doing all of the agentic stuff with it.
Okay, it makes sense, right?
But fundamentally, you're not an AI first business.
You're not an AI first tool.
You're a deterministic tool.
You're an old school security control.
What I found really funny about the last six months is it's the old school security controls
that are getting heaps of interest.
So like, there's all of these AI startups that are AI first, everything,
and they're all really like, wow, agentic this and agentic that.
But honestly, the people who are getting the crazy purchase orders at the
moment, they seem to be the ones who are making the, you know, belt suspenders, like basic
security controls, like, hey, maybe we should check our cloud exposures now that we have
Infinity script kiddies in our environment, maybe using stuff like Praula and its competitors,
let's be honest, right?
Like, maybe actually paying some attention to cloud security is going to be a good idea in this
AI age.
So I guess my question to you is, has the concern around, you know, attackers
being AI enabled now driven interest and growth because I would be stunned if it had not.
Yes, it is, it is not out because at the end of the day, we have to, a customer has to make sure
they have a very solid foundation of security in the infrastructure to prevent not only easy
or soft attacks, but also very advanced attacks and threat actors.
Yeah, so basically you are finding that it is driving interest at the moment.
Yeah, but not only in the major cloud providers, but also in SaaS, important SaaS providers around the cloud.
Like I'm talking about GitHub, I'm talking about Microsoft 565, Google Workspace, Bersel, and many other SaaS says that they are all connected together
because when you push the new new applications to the cloud, they're using authentication here.
Data.
Well, and that's the stuff where we've seen a lot of attacks lately, right?
Like all in the paths where those things all sort of rubbed together and meet, you know?
Yeah, so that is why we are adding beyond infrastructure as service providers,
like traditional cloud service providers to other SaaS providers,
that they are also handling a lot of power when it's.
comes to deploying a tool with vibe coding or with whatever way, right?
That is why we are adding also now lovable as well.
We have Bersel, we have Cloudflare, we have many like of course Kubernetes, of course
OpenStack, Aliba Cloud, Oracle Cloud, etc.
So because now people is not deploying everything in one single place.
It's deploying every day of workloads touching multiple cloud.
or SaaS that are key for their infrastructure.
Yeah.
So how far along are you with the whole agentic push too with Proula?
Is that done?
You know, if I sign up as a, you know,
Proula cloud user, am I greeted with some wonderful chat interface these days?
Or like, where is that at?
So, I mean, we have, of course, in our UI,
what we call Proure Lighthouse AI,
that you can talk to Prouler and ask pretty much,
anything from discussing about findings, remediation, attack paths, etc.
To ask, okay, prepare a presentation for my CISO
about the compliance status of our Azure infrastructure, things like that.
But also from your AI-driven ID, like CloudCode, windsurf, copilot.
You can connect to Prouler and do everything from there.
from creating real-time dashboards and reports to even run remediation
because you can connect GitHub, Prouler, etc.,
and do all those remediation based on the findings automatically
and create the pull requests, et cetera.
So those new ways of using and hardening the cloud
are perfectly possible now with Prouler.
That is why we call ourselves the agentic cloud defender.
The agentic cloud defender.
Well, look, Tony, I reckon we're going to wrap it up there, mate.
But it's always a real pleasure to chat to you and to hear from you on what you're working on.
You know, it sounds like Proula is an absolute beast at the moment.
And it's just getting more and more beastly.
Great to chat to you, my friend.
And I'll look forward to chatting to you again in the future.
Thank you. Thanks for having me.
Bye.