Welcome to the Brilliance Security Magazine Podcast with host Steven Bowcut. In Episode S7E16, Tony Garcia, Chief Information and Security Officer at infineo, joins us to unpack how a fast-moving fintech secures internal AI systems and safeguards the intellectual property they create. infineo is modernizing the $3 trillion life insurance industry by tokenizing policies on the Provenance Blockchain (with over $622 million minted) and reinventing legacy infrastructure with AI and blockchain. Tony explains the security architecture behind that vision, the threat patterns he’s seeing across AI programs, and why he believes security should function as a strategic business accelerator—not a brake.
Summary
Tony Garcia brings extensive cybersecurity leadership experience to the discussion, spanning big tech, defense, federal agencies, and finance. He shares how his diverse background has shaped his philosophy of being a “business-friendly” security leader—working collaboratively to achieve security outcomes rather than hindering innovation.
Tony introduces infineo’s mission to modernize the $3 trillion life insurance industry by tokenizing policies on the blockchain. He explains how this shift is similar to the move from traditional banking to online banking, unlocking new liquidity and investment opportunities.
The conversation then explores the unique security challenges of AI and blockchain infrastructures:
- AI lifecycle risks like model drift, data governance, and model versioning.
- IP risks from using public large language models (LLMs) versus developing internal systems.
- Blockchain immutability as both a strength and a challenge, especially when minting real-world assets like life insurance policies.
Tony outlines foundational security principles for organizations building AI systems, including strong data governance, secure pipelines, rollback capabilities, and a focus on lifecycle management. He emphasizes the importance of balancing privacy, compliance, and innovation—particularly in a field as regulated as life insurance, which intersects with financial and healthcare data.
The episode also tackles the evolving threat landscape:
- AI as a double-edged sword—used by defenders to improve AppSec and CICD processes, but also by attackers to accelerate phishing, malware creation, and exploitation.
- Emerging threats such as data poisoning, model theft, and hijacking AI agents through APIs.
- The growing problem of organizations rushing into AI adoption without applying even basic security controls.
Finally, Tony shares practical advice for organizations beginning their AI journey:
- Start with retrieval-augmented generation (RAG) models and strong governance.
- Treat AI like a lifecycle technology with continuous monitoring.
- Begin with pragmatic consumption models (e.g., Azure-hosted AI with private data) before attempting to build proprietary LLMs.
Dream big about what AI can do for your business—but take a cautious, step-by-step approach.
About Our Guest
Tony Garcia, Chief Information and Security Officer, infineo
Tony is an accomplished cybersecurity leader with over 20 years of experience in technology and security. He has held roles ranging from consultant and strategist to CISO in the U.S. defense industry, working with organizations such as Deloitte, Microsoft, British Telecom, Toyota, and Mr. Cooper Group. Tony holds numerous top industry certifications—including CISSP, CISM, CRISC, CCSK, and ITIL—and a master’s degree in cybersecurity and information assurance. A published author and respected speaker at conferences such as Gartner and RSA, Tony is a strong advocate for leveraging security as a strategic business advantage.
Click the image below to listen to this Brilliance Security Magazine Podcast episode.
Steven Bowcut is an award-winning journalist covering cyber and physical security. He is an editor and writer for Brilliance Security Magazine as well as other security and non-security online publications. Follow and connect with Steve on Twitter, Instagram, and LinkedIn.