How secure is your company’s AI adoption? In this episode of Hack & Tell, Aftra CEO Björn sits down with Linda Dögg Guðmundsdóttir (aka “The Icelandic Cloud Queen”), Microsoft MVP and cloud security expert, to break down the real risks of AI, Copilot, and modern cloud environments, and what companies are getting wrong. You’ll learn why AI security is a business-critical decision, and how poor governance can expose your organization to data leaks, shadow AI, and hidden vulnerabilities. We also learn about her path into cloud and security, her Microsoft MVP journey, and why she branded herself to share knowledge publicly. Björn and Linda compare Iceland’s smaller, budget-limited security market with larger Nordic/global projects, and discuss her talk “Copilot Leaders vs Copilot Guessers,” arguing that AI adoption is a business project, not just IT. They also talk about governance basics (business/technical owners), controlled agent building, testing, and using existing controls like MFA/conditional access plus Purview sensitivity labels and DLP to restrict Copilot’s data access. Key takeaway: If you don’t control your AI usage, your employees — and attackers — will. AI security risks include data leakage, unknown data locations, low-quality or outdated data being used, hallucinations, and “shadow AI” via unmanaged Copilot (or other AI) agents. What you’ll learn in this episode: - Why AI adoption (Copilot, ChatGPT) must be led by the C-suite—not just IT - The biggest mistake companies make: “We’re ready for AI” (when they’re not) - How data leakage happens in AI tools (and how to prevent it) - What is Shadow AI—and why it’s a growing attack surface - The risks of low-quality, outdated, or unknown data in AI systems - How to implement AI governance, ownership & access control - Using Microsoft security tools (MFA, Conditional Access, Purview, DLP) to secure AI - Why AI agents can become unmanaged security risks - The future of AI-driven cyber threats & automated attacks Connect with Linda: LinkedIn: https://www.linkedin.com/in/linda1337/ Website: https://www.icelandiccloudqueen.is/ About Aftra: We help organizations identify and monitor their external attack surface, uncover hidden vulnerabilities, and secure their digital footprint in real time — before attackers do. Learn more about Aftra at: https://aftra.io/ 00:00 Meet the Cloud Queen Linda 00:19 Building a Personal Brand 01:42 What Microsoft MVP Means 02:58 From Art to IT Career 03:54 Iceland vs Global Security 06:39 Copilot Leaders vs Guessers 07:47 Data Leakage and Readiness 08:41 Hallucinations and Bad Data 10:28 Shadow AI and Agent Sprawl 11:38 Governance and Ownership 12:31 Workshops to Find Use Cases 14:20 Controlling Agent Building 15:31 Real Automation Examples 16:25 Low Code Makes It Easy 17:19 AI Review Fragmentation 17:43 Zero Trust For Agents 18:16 Internal Versus Customer AI 18:59 Attack Surface Reality 19:42 Copilot Access Controls 20:27 Purview Data Guardrails 21:36 Shadow AI And Training 22:43 Hard Truths On Security 24:19 AI As A Security Tool 25:18 Next Big Threats 27:42 Securing Iceland Together 29:54 C Suite Security Incentives 31:27 Regulation And Insurance 33:29 Closing And Where To Find #cybersecurity #cybersecuritypodcast #microsoftcopilot #aisecurity #cloudsecurity #microsoftmvp #microsoftsecurity Key topics in this webinar: AI security, cloud security, Microsoft Copilot security, cybersecurity risks, data leakage AI, shadow AI, attack surface management, cyber threats 2026, enterprise AI security, vulnerability scanning, digital footprint security, cyber security

This episode we welcome Linda Dögg Guðmundsdóttir. Linda works as a Cybersecurity Architect Expert & Solution Architect in Iceland. Want to create live streams like this? Check out StreamYard: https://streamyard.com/pal/d/6429287759216640