Check out the conversation on Apple, Spotify and YouTube.
Brought to you by:
Amplitude: The market-leader in product analytics
The AI Evals Course for PMs: Get $1155 off with code ‘ag-evals’
The AI PM Certificate: Get $550 off with ‘AAKASH550C7’
Kameleoon: Leading AI experimentation platform
Today's Episode
AI can build a perfect fake of your login page in minutes.
Someone can clone your voice from a few YouTube videos and call your help desk pretending to be you.
This isn't some distant future threat. Jack Hirsch, VP of Product at Okta, sees this happening every day. Okta ($16B market cap) protects millions of logins and Jack has a front-row seat to how AI is completely changing cyber attacks.
And the scary part is most PMs have no idea this is happening to their products.
That's why I brought Jack on the show. He breaks down how to secure yourself - and your product.
I hope you enjoy this special in-person sit down!
Your Newsletter Subscriber Bonus
For subscribers, each episode I also write up a newsletter version of the podcast, as a thank you for having me in your inbox 💜
What AI PMs Need to Know about Security
How to Protect Yourself (If You or Your Company’s Hacked)
How to PM in the AI Era
1. What AI PMs Need to Know about Security
Cyber attacks used to target your servers and networks. Now they target your users directly.
Jack's insight: "Over 80% of breaches now come from attacks on user identity."
Here's what's different:
1a. AI Makes Perfect Fake Websites
Jack built a perfect copy of Okta's login page using a simple AI prototyping tool. It looked exactly like the real thing.
"That's when I realized if we're not careful, the wheels are going to come off the bus."
Anyone can now create convincing fakes of your product's login page. Your users can't tell the difference.
1b. Voices Can Be Cloned from YouTube
Jack shared a story about a Pennsylvania state senator whose "son" called asking for money to get out of jail.
The problem? It wasn't his son. Someone had scraped his son's YouTube videos, cloned his voice, and made a real-time phone call.
Now imagine someone calling your support team, sounding exactly like your CEO, asking to reset a password.
1c. AI Reads Your Entire Codebase
AI can now analyze your entire API and find security holes that would take human hackers weeks to discover.
"AI will take it all in. AI will find the vulnerabilities and will go after them very easily."
The old approach of having siloed teams doesn't work when AI can see everything at once.
1d. Train AI to Attack Your Own App
This is Jack's controversial advice to deal with all this: use AI to find problems in your own product before hackers do.
"If you don't have a security team, create your AI board of advisors and make sure security is on that board."
Every week there's a story about some AI-built app getting hacked. Most could have been prevented by having AI test the app before launching.
2. How to Protect Yourself (If You or Your Company’s Hacked)
Everyone gets breached eventually. Here's how to protect yourself:
2a. Use a Password Manager and Passkeys
"Please, please, please use a password manager."
Different strong passwords for every site. No exceptions.
Even better: use passkeys when available. You just use your fingerprint or face - no password at all.
2b. Secure Your Phone Number
Add a PIN to your phone account so no one can steal your number.
"SMS is a really bad second factor."
If someone steals your phone number, they can get your text message codes and break into your accounts.
2c. Lock Your Credit Reports
This is the most important thing you can do.
"Your social security number is trivial to breach."
Go to the three credit bureaus (TransUnion, Equifax, Experian) and freeze your credit reports for free.
This stops anyone from opening credit cards, bank accounts, or phone plans in your name.
Jack learned this the hard way when someone stole his mail while he was buying a house.
3. How to PM in the AI Era
Jack's team protects some of the world's biggest companies. Here's the top 3 rules they've learned about building AI products that don't get hacked:
Rule 1: Use AI to Help You, Not Replace You
"Use AI to accelerate, not abdicate responsibility."
Everyone should use AI to get better at their job. But don't hand over your entire role to ChatGPT.
Jack caught a PM who wrote a competitive analysis entirely with AI. When they showed it to their sales team, someone who used to work at that competitor said: "This is completely wrong."
They had to go back to square one because the PM trusted AI without checking the facts.
Use AI to get 80% of the way there. Then use your brain for the final 20%.
Rule 2: Understand the Problem First
"Don't forget your PM fundamentals."
It's tempting to jump straight into prototyping with AI. You can go from idea to working demo in minutes.
But Jack sees PMs make the same mistake: they build something cool without understanding what problem they're solving.
"Cool doesn't mean they're going to buy. Cool doesn't mean it's solving the problem."
Before you start prototyping with AI:
Talk to users about their problems
Don't bring up your solution ideas
Understand the pain points deeply
Then figure out if AI can help
Rule 3: Not Everything Needs AI
"We're in an AI hype cycle. Don't fall victim to it."
Sometimes a simple, deterministic solution works better than AI.
Jack's team built an AI tool to explain security logs. But their customers didn't want AI explanations - they wanted reliable, consistent information.
"In security, you want deterministic steps during an incident. You do not want non-deterministic systems making decisions."
Ask yourself: Does this actually need AI, or am I just using AI because it's trendy?
Don’t miss the full episode for Jack’s journey from startup founder to VP of PM and AI at a public company…
Key Takeaways
Where to Find Jack Hirsch
Related Content
Podcasts:
Newsletters:
P.S. More than 85% of you aren't subscribed yet. If you can subscribe on YouTube, follow on Apple & Spotify, my commitment to you is that we'll continue making this content better.
