In the latest episode of Detection at Scale, I sat down with James Nettesheim, CISO at Block. James’ career spans the U.S. government, including various overseas deployments; a master’s degree in computer security; computer forensics work at the United Nations; leading high-profile incident response at Mandiant; and running incident response worldwide at Google before joining Block. His background in detection, response, and forensics, combined with his experience securing large-scale technology organizations, positions him to discuss the intersection of agentic AI, security operations, and open source principles.
Our conversation explores Block’s journey building Goose, a general-purpose AI agent used across the company, and co-designing the Model Context Protocol with Anthropic. James discusses Block’s “democratizing detections” principle, where nearly half of all new detections in 2025 were created with AI, and how the company balances principled risk-taking with security rigor through data safety levels and AI security principles. His emphasis on human accountability for agent actions, the development of Binary Intelligent Triage, which achieves 99.9% efficacy, and Block’s commitment to open source provide concrete guidance for security leaders navigating AI adoption while maintaining high security standards.
Topics Covered
Building Goose as a General-Purpose Agent: How Block developed Goose as an open source agent for the entire company to perform analysis, deep research, and automate common tasks with recipes, eventually contributing it to the Agentic AI Foundation under the Linux Foundation.
Co-Designing MCP with Anthropic: Block’s partnership with Anthropic to develop the Model Context Protocol alongside Goose, creating a reference implementation platform that unlocked automation across the company by connecting to numerous systems through MCP servers.
Prompt Injection Defenses in Goose: Block’s research into hardening Goose against hidden prompt injection attacks, implementing both deterministic detection and adversarial AI concepts where one LLM reviews commands and context provided to another LLM as a judge.
AI Security Principles and Data Safety Levels: How Block evolved its CDC-inspired data safety levels into AI security tiers, creating an accelerated review path that balances speed with security based on what data agents process and what actions they can take.
Democratizing Detection Engineering: Block’s principle that anyone at the company can write detections using natural language with Goose and MCP-Panther, leading to 40% of new detections in 2025 being created with AI assistance, including contributions from teams outside security, like Bitcoin product engineers.
Binary Intelligent Triage Achieving 99.9% Efficacy: How Block’s system stores historical detections, alerts, and investigations in a vector database to perform semantic analysis on new alerts, achieving near-perfect efficacy and enabling confidence in automated analysis actions.
Human Accountability for Agent Actions: Why Block requires agents to be connected to internal identity so code appears as written by the human operator, maintaining responsibility and avoiding “the agent just wrote that” scenarios, with humans still required to review PRs.
Headless Goose for Autonomous Workflows: Block’s CLI version of Goose that integrates with frameworks to create PRs, JIRA tickets, and automatically fix vulnerabilities from scanner output, while still requiring human approval before code is pushed.
The Future SOC Without Tool Expertise: James predicts that security professionals won’t need expertise in specific tools or domain-specific languages, but will work in natural language, while still requiring a deep understanding of complex technical systems and domain expertise to stay ahead of attackers.
Open Source as Economic Empowerment: How Block’s open-source commitment stems from CEO Jack Dorsey’s belief in economic empowerment and in providing financial tools for everyone, with its secret sauce being the ability to scale and empower people rather than closed-source software.
The conversation with James mentions Panther's partnership with Block on MCP-Panther, which enables natural language detection, alert triage, and investigation while maintaining code-based rigor and a human-in-the-loop approach. By democratizing detection creation through AI agents while preserving accountability and review processes, security teams can scale detection coverage and empower broader organizations to contribute security expertise. Learn more about Panther AI and MCP integration and how we're building systems that combine accessibility with engineering discipline.
