AI agents represent a paradigm shift from conversational AI to autonomous systems that can perform actions. This is achieved through an 'agentic loop' combining Large Language Models (LLMs) with tools, as exemplified by the OpenClaw framework, which enables complex, automated workflows while also raising important security considerations.
Experts analyze Apple's AI future under new hardware-focused CEO John Ternus, the strategic implications of Anthropic's deep partnership with AWS for custom AI chips, the evolving landscape of customer intent in an era of AI agents, and the ironic security leak of the powerful Claude Mythos model.
Lenses.io experts Tun Shwe and Jeremy Frenay discuss the significant security and design hurdles in transitioning Model Context Protocol (MCP) servers from local development to enterprise production. They introduce five core principles for secure agentic design, including shrinking the attack surface and constraining inputs, and detail the necessity of remote MCP servers with robust authentication. The talk provides an in-depth comparison of OAuth 2.1's Dynamic Client Registration (DCR) and the more secure Client ID Metadata Document (CIMD) approaches for managing agent identities, offering a roadmap for building enterprise-grade agentic AI systems with MCP.
This episode of Security Intelligence explores the "Promptware" kill chain for AI attacks, moving beyond simple prompt injections. The discussion also covers evolving cloud attack trends targeting ecosystems over infrastructure, ransomware gangs "living off the land" with native tools, and the critical yet overlooked "rusting edge" of OT security.
This episode explores the security risks of AI, including 'agentic blabbering' in AI browsers that aids phishing attacks, the ability of models like Claude Opus to resurrect vulnerabilities in legacy code, the debate on 'shift left' security practices, and new threats like AI-generated 'ephemeral malware' and the challenges of the post-authentication perimeter.
Agentic AI introduces a massive number of non-human identities that traditional, human-centric Identity and Access Management (IAM) systems are not equipped to handle. This creates significant security gaps, including lack of accountability, overprivilege, risky delegation, and the dangerous 'last mile' problem. The solution lies in adopting a Zero Trust approach with five key imperatives: registering all agents, stripping static privileges for just-in-time access, tying actions to intent, enforcing security at the point of use, and proving control through comprehensive audits. Implementing this requires a combination of orchestration, governance, and unified observability across security, IT, and development teams.