Foundational Thinking in the Age of AI—with Doug Merritt (Aviatrix)

00:00

Introduction
Prakash frames the conversation: In a moment where tools are getting smarter, our thinking is getting shallower—and foundational principles matter more than ever.

01:15

Meet Doug Merritt
Prakash introduces Doug's background spanning Splunk's cloud transformation, leadership roles at Cisco and SAP, and his current work leading Aviatrix into cloud-native security.

02:10

Why Retirement Didn't Stick
Doug traces his 18-month attempt at retirement—investing, advising, sitting on boards—and the realization that he's an operator who missed the tribe, the mission, and the depth of daily customer contact.

05:10

The Pattern Match with Aviatrix
He explains why he's drawn to overlooked foundational layers—logs at Splunk, networking at Aviatrix.

07:55

First Principles in a Fast-Moving Market
Prakash sets up the core tension: AI is accelerating everything, but foundational thinking and deep understanding are receding just when we need them the most.

09:15

How Speed and Abstraction Erode Understanding
Doug describes two forces working against depth—technology abstracting us further from the metal, and attention-span culture rewarding clickbait over comprehension—and why AI can make both worse if we let it.

12:15

The AI Productivity Trap
Prakash and Doug both admit to offloading thinking to AI and discuss the discipline required to use it as a partner rather than a crutch—including why a simple email can take an hour when you insist on real depth.

15:15

Teeing Up the Attack
Prakash references Doug's post on the LiteLLM supply chain attack and the harder question it raises: Why do so many cloud environments still allow sensitive workloads to talk freely to the internet?

16:25

Anatomy of the LiteLLM Supply Chain Attack
Doug walks through the attack step by step—how the Trivy security scanner was compromised, how malware was injected into published versions of LiteLLM, and how harvested credentials were exfiltrated to attacker-controlled servers.

20:15

The Foundational Control That Would Have Stopped It
He makes the case that basic egress filtering—blocking outbound traffic to unknown URLs—would have trapped the attackers inside the vault with zero consequences, and explains why most cloud workloads lack this basic protection.

23:35

Cloud Providers Sold Speed Without Brakes
A discussion on how permissive outbound defaults became standard because cloud providers prioritized developer speed, why firewalls became an aftermarket add-on, and how this left most workloads effectively naked to the internet.

28:30

Agents, MCP Servers, and the Expanding Attack Surface
Doug addresses the proliferation of AI agents, OpenClaw, local Mac Minis, and MCP servers—and why deploying them without pervasive identity, endpoint, and network controls is an invitation for breach.

31:55

Security at the Speed of Developers
He argues that CISOs must match developer speed rather than slow it down, that security should be infrastructure-as-code embedded in the build process, and that there's no hall pass for falling behind.

36:45

Five Leadership Principles for the AI Age
Doug shares his framework: relentless curiosity, lead with empathy, purpose before action, radical accountability, and celebrate success—and why this sequence matters more than ever in a world of constant change.

39:25

Go Slow to Go Fast
They discuss the tension between speed and understanding, why distillation time is non-negotiable, and the Steph Curry analogy—even the best still do dribbling drills every single day.

43:00

Prioritizing What Amplifies
Doug shares how he structures his time around leverage and amplification rather than transactional responsiveness—and why he still won't let Claude answer his emails.