About
Anand is the Co-Founder of CompFly AI, where he leads product strategy and go-to-market execution. He brings 15 years of deep expertise spanning compliance, audit, M&A, and cybersecurity, having spent his career in the highly regulated, global financial services sector with leadership roles at Ernst & Young, Franklin Templeton Investments, and Dolby Laboratories. Anand has been featured in The AI Journal, and TechBullion, and has published research on AI governance on SSRN and FinExtra. He is a member of The Conference Board's Chief Audit Executives Council and the OpenAI Forum. He holds a CISA certification, a Master's in Engineering from Lehigh University, and an MBA in Finance from The Wharton School at the University of Pennsylvania.
Anand Salodkar
Published content
expert panel
The foundational philosophy of zero trust can sound deceptively simple: Verify everyone, trust no one and keep attackers from moving freely. In practice, though, it’s not that neat. Businesses change, employees need access to new tools, cloud environments expand and attackers keep finding fresh ways to test old assumptions. New users, new systems, new attack vectors: The environment that zero trust is meant to protect keeps changing, which means it’s time to move beyond philosophies and frameworks and implement realistic, forward-thinking architectures. The essential question is whether an organization can clearly see what’s happening across its systems, contain damage when something goes wrong, and keep operations running without forcing people to work around security controls to get their jobs done. The answer lies in shifting focus from implementation milestones to measurable outcomes: protecting the most critical assets, supporting the way people actually work, and measuring progress through outcomes rather than activity. The goal of zero trust isn’t to prove that every possible risk has been eliminated. It’s to show that an organization is becoming harder to compromise, faster to respond and easier to operate securely. Members of the Senior Executive Cybersecurity Think Tank have years of experience and deep expertise in enterprise cybersecurity strategies, threat detection, risk management and zero-trust architecture. Below, five of them discuss how to define “good enough” zero trust progress in practical terms and the real-world signals that tell leaders they’re reducing risk, not just adding friction.
expert panel
A code audit might catch a misconfiguration before it ships. A penetration test might expose how a real attacker could chain vulnerabilities together. A bug bounty might surface something neither effort ever would have found. Each of these exercises brings value, but each one only shows part of the picture at a moment in time. But software risk constantly grows and changes as systems, dependencies, attackers and business priorities evolve. Security gaps often live where handoffs break down: between development and release, between internal teams and external researchers, and between finding a problem and implementing a fix. And as AI supercharges the speed at which vulnerabilities can be found, patching cadence matters more than ever. When teams design a security program in which code audits, pentesting and bug bounties reinforce one another across the entire software lifecycle, they’re better positioned to find issues early, prioritize what matters and build safer products without bottlenecks and delays. Moving from point-in-time testing to continuous improvement requires both structural changes and cultural ones, including how findings are tracked and how engineering and security teams collaborate day to day. Below, members of the Senior Executive Cybersecurity Think Tank share what they’ve learned about integrating code audits, pentesting and bug bounties into a security program that keeps improving with every test, fix and release.
expert panel
When they think about cyberattacks, most people likely picture a shadowy human adversary probing a network, finding a crack and then manually extracting valuable data. Even though such attacks have been all too common, there was some comfort in the idea that defenders had time, however limited, to detect anomalies and respond. That window may now be closing. Anthropic’s disclosure of a September 2025 breach marked a watershed moment in cybersecurity: Attackers deployed agentic AI to both design and execute the intrusion. As one of the first documented cases of unprecedented AI involvement in a cyberattack, it’s an early sign of a looming threat leaders can’t afford to ignore—AI agents that can recon, adapt and escalate an attack without a human in the loop. While AI can’t carry off an attack completely on its own (yet), it’s already helping hackers pinpoint vulnerabilities and write malicious code. The cybersecurity vulnerabilities autonomous systems target aren’t necessarily new. Misconfigured services, overprivileged accounts and weak identity controls have topped security risk lists for years. What’s changed is the pace and persistence with which these gaps can now be found and exploited—continuously, simultaneously and at machine speed. That puts enormous pressure on defenses that were designed around human-paced threats. Members of the Senior Executive Cybersecurity Think Tank have extensive experience and deep experience in enterprise security strategy, zero-trust architecture, threat detection and cybersecurity leadership. Below, two of them break down the vulnerabilities autonomous systems are likeliest to probe—and detail the defensive models companies need to build before they’re put to the test.