Episode Details

In this episode of the m365.fm podcast, Mirko Peters sits down with Microsoft MVP, MCT, cloud security expert, and community leader Martin Dimovski to explore one of the most important topics in modern enterprise IT: securing AI workloads and MLOps environments inside the Microsoft Cloud. Together, they dive deep into secure-by-design architecture, AI security risks, DevSecOps, Prompt Injection attacks, identity protection, Microsoft Defender, GitHub Advanced Security, and the future of AI-driven cyber threats. Martin shares his personal journey from IT support engineer into cloud security and AI security architecture, explaining how years of experience in infrastructure, Azure, DevOps, and Microsoft technologies ultimately pushed him toward cybersecurity and AI governance. The discussion highlights why AI security is no longer optional and why organizations that move too fast without proper security foundations could face major problems in the coming years.

WHY AI SECURITY MATTERS NOW MORE THAN EVER

One of the strongest themes throughout this episode is the speed at which organizations are deploying AI systems without fully understanding the security implications behind them. Martin explains that many companies are currently:

• Deploying AI solutions rapidly
• Experimenting with LLM integrations
• Building AI agents
• Creating cloud-native AI workloads
• Using open-source AI models
• Integrating APIs into production environments

But at the same time, organizations often forget the security fundamentals that should protect these environments. The conversation explores how AI introduces completely new attack surfaces while simultaneously amplifying existing security problems.

WHAT “SECURE-BY-DESIGN” REALLY MEANS

A major focus of the episode is understanding the concept of secure-by-design architecture. Martin explains that security should never be added after development is complete. Instead, security conversations must begin at the very first design phase of any application or AI project. The discussion covers:

• Threat modeling
• Architectural reviews
• Identity security
• Authentication planning
• Secure pipelines
• Infrastructure protection
• Secure APIs
• Data governance

Martin shares why collaboration between developers, architects, DevOps engineers, and security teams is absolutely essential for building resilient AI systems. One of the key takeaways:
Security teams should not become blockers for innovation — they should become partners in building secure systems.

UNDERSTANDING MLOPS & DEVSECOPS

For listeners newer to AI infrastructure topics, Martin breaks down the differences between:

• DevOps
• DevSecOps
• MLOps
• Secure AI pipelines

The episode explains how machine learning operations combine infrastructure, automation, data engineering, model deployment, and monitoring into one continuous operational process. Martin also highlights why traditional security approaches are no longer enough once organizations start integrating:

• Large Language Models
• AI agents
• Cloud AI services
• AI APIs
• AI orchestration pipelines

The discussion shows how modern security must now cover not only infrastructure and applications, but also models, prompts, training data, inference pipelines, and AI-generated outputs.

THE REAL DANGER OF PROMPT INJECTION

One of the most fascinating parts of the episode is Martin’s explanation of Prompt Injection attacks. Using simple real-world analogies, Martin explains how attackers manipulate Large Language Models by overriding or bypassing original system instructions. The conversation explores:

• Direct Prompt Injection
• Indirect Prompt Injection
• AI manipula