Inside Mirror Security: A Conversation with Co-Founder Pankaj Thapa

An Exclusive Interview with Pankaj Thapa, Co-Founder of Mirror Security, an AI Security company

In this interview, Pankaj Thapa, Co-Founder of Mirror Security, explores how his company is pioneering AI-driven solutions to combat evolving cybersecurity challenges. He discusses the journey of building Mirror Security from concept to innovation, focusing on intelligence-driven protection, automation.

What are some of the most common blind spots in enterprise AI adoption?

Pankaj Thapa:  One of the biggest blind spots we see is that enterprises are deploying AI without runtime protection.

They launch AI agents and chatbots, but very few monitor how these systems behave in real time. That means breaches can go unnoticed for months attackers don’t need to break in, they simply blend in.

Another issue is what I call the “AI security trade-off myth.” Many organizations still believe they must choose between AI performance and AI security, which is simply not true. Security doesn’t slow down innovation, poor planning does.

There’s also a growing risk around Shadow AI. Employees increasingly use unapproved AI tools like coding assistants and chatbots, creating a hidden attack surface that IT teams can’t control.

On top of that, enterprises are pushing AI to production without adversarial testing. Basic automated red teaming could detect most risks before attackers do, yet it’s shockingly absent in many environments.

we’re seeing a dangerous level of blind trust in AI-generated code. Developers assume AI tools produce secure code by default, but studies show nearly 20% of AI-suggested packages include vulnerabilities or worse, injected malware.

How has AI security moved from a tech challenge to a boardroom concern?

Pankaj Thapa: AI security is no longer a backend IT issue it has become a board-level priority for three big reasons. First, global regulation is catching up with AI adoption.

Laws like the EU AI Act and U.S. AI safety directives now hold enterprises legally accountable for AI misuse and harm. That instantly makes AI a governance issue.

Second, real-world AI breaches are increasing. We’re now seeing vulnerabilities with CVSS scores above 9, compromised AI assistants leaking corporate data, and manipulated LLMs causing unauthorized system access. The business impact is real, and boards are paying attention.

And third, unchecked AI risk is slowing down innovation. Over 60% of enterprise AI pilots never reach production because leadership doesn’t trust the security model. So AI security isn’t just about reducing risk anymore—it’s about unlocking ROI.

What should CISOs and CTOs prioritize to future-proof AI security frameworks?

Pankaj Thapa: The smartest organizations are shifting from reactive defense to continuous AI risk management.

That starts with automated adversarial testing across every AI application chatbots, GenAI assistants, RAG pipelines, and AI APIs. The goal is to simulate real attack behavior and close weaknesses before deployment.

Next, runtime protection has become essential. Just like we monitor APIs, we now need guardrails that monitor AI agents in real time flagging harmful outputs, anomalous user requests, or policy violations before damage is done.

Data security is another priority. With AI handling sensitive enterprise data, encryption must be part of every stage from training to inference. Technologies like fully homomorphic encryption now make it possible to process encrypted data without ever decrypting it, dramatically reducing breach risk.

Finally, AI security needs to be unified not a patchwork of tools. The future is an integrated AI security stack built around governance, visibility, and automated controls.

Are there tools or frameworks to secure AI today?

Pankaj Thapa: Absolutely. AI security is evolving fast, and dedicated platforms now exist for it. For instance, the Mirror Security Platform is built specifically for enterprise AI risk. It covers the entire lifecycle from testing to real-time defense through three key components.

DiscoveR runs automated AI red-teaming and vulnerability scanning across LLMs, RAG systems, and agents. AgentIQ brings runtime AI monitoring with policy enforcement for compliance. And VectaX protects sensitive data using encryption-powered AI processing, including secure vector search.

These types of platforms enable companies to secure AI without rebuilding their infrastructure from scratch.

What role does cross-functional collaboration play in reducing AI risk?

Pankaj Thapa: AI security is no longer something IT can handle alone. Legal teams are responsible for compliance. CISOs own risk management. Product teams own AI development. Compliance owns governance. If any of them work in isolation, AI risk multiplies.

Strong AI security programs succeed because they break silos. They create shared ownership, clear accountability, and common risk frameworks across legal, engineering, compliance, and business. That alignment reduces delays, improves adoption, and most importantly prevents breaches caused by miscommunication.

What advice would you give companies just starting to address AI security?

Pankaj Thapa: Start with awareness, not fear. You don’t need to solve everything at once. Begin by identifying where AI is already being used in your organization officially or unofficially.

Then quickly implement three foundational layers: automated AI testing, runtime monitoring for high-risk apps, and encryption for sensitive data.

Think compliance from day one, especially if you operate in regulated industries. And remember security should enable AI innovation, not stall it. AI doesn’t need to be risky if it’s deployed responsibly.

The companies that act now will lead the market. The ones that delay will eventually spend more after a breach.​​

As the conversation concludes, Pankaj Thapa leaves us with a clear message about the critical role of artificial intelligence in shaping secure digital futures. His perspective reflects a blend of innovation, adaptability, and responsibility.

Read more Success stories of Indian entrepreneurs, Women Entrepreneurs & startups stories at SugerMint. Follow us on Twitter, Instagram, Facebook, LinkedIn