Principal PM · AI Security · Microsoft Defender

Asaf Nakash

Building the security layer for agentic software — before attackers do.

I lead AI Security Posture Management at Microsoft Defender, helping enterprises discover their AI agent footprint, detect misconfigurations, and assess and reduce risk efficiently, everywhere the agent runs. I write about what breaks as software becomes agentic in Context Window.

2 Patents in Cloud Security2× Founder (1 acquired)IDF Cyber DefenseMicrosoft MVP
Full background on LinkedInRead the latest

25+

years in security
& cloud infrastructure

2

patents in
cloud security

founder — one acquired
(NASDAQ: MGIC)

8+

years at Microsoft
Defender & Azure

“Instructions tell you what should happen. Guardrails ensure it does.”

— Context Window, Edition #9

01About

How I got here

Seven years in IDF Cyber Defense. Two companies founded — one acquired (NASDAQ: MGIC), one grew to 50+ people and became Microsoft’s #1 Azure partner in Israel. 8+ years at Microsoft building Defender. Two patents. Promoted to Principal PM to lead AI Security Posture Management in Microsoft Defender.

Now I build AI Security Posture Management from the ground up — agent discovery, risk scoring, attack path analysis, compliance mapping to EU AI Act and NIST AI RMF. I write Context Window and speak at global security conferences.

The attack surface is no longer just the model. It’s the system around the model — memory, tools, identity, permissions, and every workflow the agent can reach.

— Asaf

02Writing

Context Window, in writing

All editions

Latest briefing

May 11, 2026 · Edition #14

"Look, an instruction!" That's the bug.

Every week this newsletter covers a new place an attacker hid an instruction, and a new AI assistant that found it and ran it. Last September, ForcedLeak showed Salesforce Agentforce reading hidden instructions out of a Web-to-Lead form and exfilling CRM data through an expired allowlisted domain.

Read more Listen
13
When Trust Is the Exploit

The angle that stuck with me this week isn't about any single vulnerability. It's about what connects them.

12
Three Layers, Three Attack Surfaces, One Agent

Most security teams are securing one layer. The agent already touches three.

View all 11 editions

03Listening

On the podcast

Context Window podcast cover

Context Window

Weekly · AI Security · Podcast & Newsletter

AI-generated voices, AI-curated scripts — human editorial. Each week I break down one signal worth understanding in AI security. Read it in 5 minutes or listen on the go.

Subscribe on LinkedIn Email / Substack
Spotify Apple Podcasts YouTube Pocket Casts Amazon Deezer

“The vulnerability surface didn’t change — but the population that can exploit it expanded by orders of magnitude.”

— Context Window, Edition #7

04Building

Things I’ve built

Product judgment gets sharper when you still make things yourself. Some are serious, some are strange.

Book

The Agentic PM

How product management changes when AI agents become teammates, users, and attack surfaces. Open-source.

Source
Media

Context Window Site

Podcast home — episode archive, RSS, Spotify and Apple integration. Static-first.

Toolsoon

PagerPR

AI-powered personal brand engine for thought leaders and creators.

Hardware

MetBarista

Open-source espresso machine controller — hardware automation meets ritualized product UX.

Source
Game

Chop Chop

Chaotic multiplayer kitchen card game. Designed, playtested, shipped as a browser game.

Source
Experiment

Magic Song Machine

Generative music — AI-assisted composition and sound design.

Source

05Connect

Get in touch

For speaking, advisory, AI security strategy, or just to argue about agentic risk — email is best.

[email protected]

Elsewhere

LinkedInX / TwitterGitHubYouTubeInstagram