Shipping AI is easy. Securing the unexpected isn't. The moment you ship an AI system, you've created a new attack surface, and the most unpredictable part of it is the humans interacting with it. In this talk I'll walk through how we built a security gate for AlphaPatch, Snyk's internal AI assistant, using targeted AI to protect AI. We'll cover the textbook threats (jailbreaks, prompt injection, data exfiltration) and the multi-model security node we built to stop them. But the real insights come from the threats that don't look like attacks at all: the multi-turn escalation that passes every individual check, the innocent question that creates legal risk, and the curious user who asks something you'd never think to test. You'll leave knowing how to treat your own chatbot as an attack surface from day one.