One Search To Rule Them All: Threat Modelling AI Search
Kane Narraway
BSidesSF 2025 — Here Be Dragons · Day 1 · Main
Enterprise AI search tools like Glean consolidate access to every connected data source behind a single query interface — and that consolidation is precisely what makes them a high-value security target. Kane Narraway from Canva walked through the threat model for AI search, demonstrated real-world authorization issues discovered during Canva's Glean rollout, and drew a direct line from enterprise search to the emerging MCP ecosystem, where the same risk patterns repeat. ---
AI review
Narraway took a real deployment problem at Canva — securing Glean — and extracted a threat model that generalizes usefully to the entire enterprise AI search category and, critically, to MCP. The Atlassian permission-wipe-on-restore finding is the kind of concrete, reproducible bug that makes a talk worth attending. The MCP bridge is the right call for 2025.