In the latest episode of Detection at Scale, we sat down with Gary Hunter, Head of Security Operations at Trustpilot, to explore how security teams can leverage AI agents to scale their impact. Gary brings a unique perspective, having built Trustpilot’s security operations team from the ground up: starting as one of the first two security hires, and growing the team to ten members across security operations, platform security, and GRC.
Gary offers a refreshing take on building security programs under constraints at one of the world’s most recognized trust platforms. His team’s approach to AI, from automated alert triaging to brand protection, demonstrates how smaller security teams can punch above their weight class. The conversation delves into the cultural challenges of introducing AI, the importance of guardrails, and how to free up security professionals from repetitive work so they can focus on prevention and strategic initiatives.
Topics Covered
Bootstrapping Security at Trustpilot: Gary’s journey building Trustpilot’s security operations from two people to a team of ten, starting with understanding business pain points and working backwards from POCs to fill security gaps.
The Alert Capacity Math: Why understanding your team’s capacity—8 hours per day, 15 minutes per alert equals only 32 alerts maximum—forces strategic decisions about automation and horizontal scaling.
AI for Alert Triage and Enrichment: How Trustpilot uses AI within SOAR workflows to automatically triage alerts, parse JSON, apply logic, and route decisions, including transforming complex security alerts into language end users can understand.
Competitive Prompt Testing for AI Adoption: Gary’s approach of A/B/C testing three different prompts with the same input during development, measuring outputs, and promoting the winner to production, democratizing AI learning across the team.
The Intern Framework for AI Safety: Treating AI agents like interns by asking “What would you train them to do before giving them tools to lock users, wipe machines, or take down websites?” Codifying playbooks and implementing infrastructure-as-code for governance.
Multimodal AI for Brand Protection: Using AI to analyze screenshots and HTML of potential brand infringement sites, scoring violations 0-100, and automating responses while maintaining safety checks and keyword filters.
Data Governance and Residency Challenges: The balance between giving AI all the data for training versus careful sanitization, especially under GDPR requirements in the UK/Europe, where data categories in breaches must be explicitly reported.
Enterprise Knowledge Management: Why pointing AI at entire documentation corpora produces confused answers, and the need for curated, well-structured, concise documentation—learning that less is more for both context and processes.
Creating Space for Shift-Left Work: How automating 20% of alert triage effectively adds a team member’s capacity back, reducing cognitive load and allowing focus on prevention over response, moving from security theater to impactful work.
Building Weatherproof, T-Shaped Teams: Gary’s philosophy of creating generalists who aren’t tied to specific technologies, encouraging experimentation with tools that don’t scale costs, and maintaining backlogs without creating team burnout.
The approach Gary describes aligns perfectly with Panther’s AI-powered capabilities—automatically handling the repetitive alert triage and enrichment work that Gary emphasized as essential for scaling lean security teams, while preserving human oversight for critical decisions. By automating the pattern matching, data correlation, and initial investigation that LLMs excel at, security teams can focus on the preventative work and strategic initiatives that truly reduce risk. Learn more about Panther AI and how we’re building the AI-first SIEM that gives security teams their time back.
