About

CloudSec.ai is where Nate Lee and Peter Høeg Steffensen, co-founders of TrustMind, share what they're learning while rebuilding third-party risk management and AI security for a world where software is written by agents.

Why this site exists

We spent a combined thirty years inside security programs at high-growth software companies: CISO seats, staff engineering seats, board reviews, incident rooms, vendor assessments at 2 a.m. before a customer launch. Every one of those experiences pointed to the same problem: the security industry's tools were built for a world where humans wrote the software and humans reviewed the vendors. That world is gone.

We started TrustMind to rebuild two of the most painful parts of that stack from the ground up for the AI era:

• Third-party risk management (TPRM) that actually reflects the risk a vendor poses to your business, not a checklist of questionnaire answers a vendor's compliance team copy-pasted last quarter.
• AI security programs that assume agents will touch your data, your code, and your customers' accounts, and attackers are already using the same agents against you.

CloudSec.ai is the open notebook for that work: field notes, essays, and arguments we're making publicly because the best security conversations are the ones that get challenged in the open.

Nate Lee — Co-founder & CEO, TrustMind

Nate has spent over two decades inside security programs at high-growth software companies. He was CISO at Tradeshift, where he secured more than a trillion dollars in global trade, including virtual credit cards and a supply-chain financing program run jointly with the world's largest trade bank. Alongside TrustMind, Nate is an Executive in Residence at Scale Venture Partners and a Venture Advisor at Cox Exponential. Earlier in his career he was an engineering director and architect at a Fortune 50 and CISO at multiple high-growth software companies.

At Tradeshift he owned Security, Site Reliability Engineering (SRE), DevOps and platform engineering, IT, and the CI/CD teams together, which gave him an unusually broad view of what it actually takes to ship cloud software quickly, safely, and at scale.

He's a BSidesSF speaker (you can watch his IMAX-theater talk on the blog), co-host of Threats, Pitfalls & Risk Myths, the TPRM Podcast, and the author of an O'Reilly course on AI security. His work on agentic AI risk has been published by the Cloud Security Alliance and cited by OWASP.

Nate writes on CloudSec.ai about AI agent security, prompt injection, autonomous red-teaming, third-party risk, and what changes in a security program when attackers have better AI than you do.

Peter Høeg Steffensen — Co-founder, TrustMind

Peter is a software engineer who became a security engineer because he got tired of watching security teams hand engineers controls that didn't survive contact with a real codebase. Most recently he was Staff Security Engineer at Lunar, a European neobank operating under some of the strictest fintech regulation in the world, where he built security controls that engineering teams actually adopted because they were designed for how modern software gets built.

He's an active contributor to the OWASP Agentic Security Initiative, helping define the emerging threat model for autonomous AI agents: memory poisoning, tool-call abuse, context injection, and the long tail of failure modes that traditional application security misses.

Based in Aarhus, Denmark, Peter brings a European perspective on privacy, GDPR, DORA, and the incoming wave of EU AI regulation. At TrustMind he leads the engineering of how we model and score vendor risk: translating messy compliance inputs into signals security teams can actually act on.

What you'll find here

• AI & agent security: prompt injection, agent guardrails, autonomous red teams, and why "removing humans from the loop" stopped being a philosophical question.
• Third-party & vendor risk: why questionnaires stopped working, what to ask instead, and how to build a TPRM program that scales with a fifty-person company.
• Security program building: how to ship security at the speed of engineering without becoming the team that gets routed around.
• Field notes: conference takeaways, breach post-mortems, and opinionated reads on what the industry is getting wrong this quarter.

What colleagues have said about Nate's past work

From years leading security at Tradeshift, advising high-growth software companies, and helping CISOs navigate customer security reviews.

"Ever an advocate for continuous improvement, Nate ensured we never stood still, and drove us to achieve a truly best-in-class information security program supporting the largest global enterprises on our network. He brings a keen eye for real impacts to the business, working with the largest customers in the world, Nate was able to help us optimize the process for navigating B2B enterprise sales cycles, customer security reviews and all things compliance. Most importantly, he built a partnership-first culture where the Infosec team collaborated across all areas of the business to find timely and innovative solutions that enabled others while improving the security posture."

— Rolf Jensen, SVP, Technology Platform, Tradeshift

"Nate is the rare type of security professional who deeply understands his clients' business and maps efforts directly to solutions for real pain points. His understanding of software development and infrastructure drives strong buy-in from engineering departments, enabling alignment between security teams and the broader organization, an absolutely critical capability in today's rapidly changing business environment. Nate easily builds trust, removing barriers to change and streamlining transformation."

— Levi Geinert, SVP, Engineering Advocacy and Innovation, U.S. Bank

"Security is critical to success when selling to enterprises and Nate unblocked countless deals, winning multiple MVP awards from our sales team. His collaborative, business-first approach to security was welcomed by our internal finance teams where he was able to speak their language rather than focusing solely on technical issues. Customers, partners and sales team members always held him in high esteem for those very same reasons."

— Peter Van Pruissen, CFO, Aria Systems

"CloudsecAI didn't just meet our expectations; they blew them away. Their team was incredibly easy to work with, and the speed at which they delivered such a thorough and comprehensive report was nothing short of remarkable."

— Alex McMurray, VP Sales, Valence

Get in touch

If any of this resonates, or if you're rethinking how your team handles third-party risk or AI agent security, we'd love to hear from you. Reach out at nate@cloudsec.ai or learn more about what we're building at trustmind.com.