Guest: Rupesh Chokshi (LinkedIn)
Company: Akamai
Show Name: Secure By Design
Topic: Agentic AI

OWASP provides the frameworks. But frameworks do not stop attacks. Security teams need to translate OWASP guidelines into real operational security across web applications, APIs, and LLM environments. That gap between guidance and execution is where most organizations struggle.

Rupesh Chokshi, Senior Vice President and General Manager of Application Security at Akamai, explains how to bridge that gap. In this clip from his conversation with Swapnil Bhartiya, Rupesh breaks down the practical steps security teams must take to operationalize OWASP in the age of agentic AI.

From Risk Assessment to Real Protection

OWASP offers critical security guidance for web applications, APIs, and LLM security. But guidance alone does not create a secure posture. Security teams must ask the harder questions. What are my control flows? Where is data exposure happening? What is my risk tolerance? Where should I prioritize resources?

Rupesh emphasizes that security teams cannot solve everything on day one. The goal is to build the right risk profile and apply intelligence where it matters most. That means tying security measures back to business systems and understanding what you are exposing, whether through agentic AI, web applications, or GenAI applications powered by LLMs.

The challenge is not lack of knowledge. The challenge is prioritization. Security teams must map OWASP frameworks to their specific threat landscape and business context. Generic compliance does not equal real security. Organizations need to assess their unique risk exposure and allocate resources accordingly.

Boardroom Conversations Are Shifting

Security is now a boardroom conversation. Last year and early this year, AI discussions centered on productivity. Do more with less people. Automate tasks. Move faster. Every enterprise leader saw the value proposition and wanted to participate.

Now the conversation is evolving. Enterprises are moving from AI 1.0 to AI 2.0 and 3.0. Boardrooms are asking different questions. How will agentic AI create new business models? How do we participate in that commerce? How do we differentiate in an AI-driven market?

Rupesh notes that companies exploring these opportunities are in early days. But over the next 12 to 18 months, the ones participating now will have significant advantages. Agentic browsers and agentic AI use cases are emerging. Enterprises must prepare for that world.

The key point is that security must be at the core, not bolted on later. Organizations want to benefit from AI advancements, but they need to do so in a secure fashion. That requires priming and preparing infrastructure, policies, and teams for agentic AI workloads.

Learning from Real Traffic Patterns

Akamai’s Saudi report provides critical intelligence on traffic patterns, vulnerabilities, and the evolving bot, abuse, and fraud landscape. This research helps organizations understand what threats are emerging and where to focus defenses.

Rupesh is clear that participation in agentic AI is not optional. Organizations must figure out how to participate securely. The market is moving. The question is whether your security posture can keep pace with your business ambitions.

Watch the full interview to hear more about how Akamai is tracking these trends and what security leaders should prioritize.