A panel of cybersecurity experts discusses the security risks of the rapid adoption of AI agents, the "move fast and break things" development culture, the lessons from the Notepad++ supply chain breach, and the professionalization of ransomware by groups like DragonForce.
This post explores how to secure modern agentic AI systems by applying the core principles of Zero Trust. It details the unique attack surfaces of AI agents, such as prompt injection and model poisoning, and outlines a comprehensive security architecture including non-human identity management, AI firewalls, and the critical role of human oversight.
Jason Martin of Permiso Security discusses the exponential rise of AI agents in enterprises and the urgent security challenges they present. He covers the concept of Non-Human Identity (NHI), applying Zero Trust principles to ephemeral and over-permissioned agents, and outlines key attack vectors like prompt injection and data poisoning, while also exploring the potential of defensive AI to enhance security operations.
Jeff Crume and Patrick Fussell from IBM's X-Force team share a real-world ethical hacking war story, demonstrating an attack from an 'assume breach' perspective. They break down how vulnerabilities in Identity and Access Management (IAM) and legacy systems can lead to a full compromise, starting from an insider threat and escalating to domain administrator privileges through advanced C2 attacks and lateral movement.
Dr. Vijoy Pandey of Cisco's Outshift incubator discusses his vision for a future where multi-agent human societies collaborate to solve major scientific and physical challenges. He introduces AGNTCY, an open-source project for the "Internet of Agents," designed to address the critical hurdles of agent interoperability and trust through a Zero Trust framework and Task-Based Access Control (T-BACK).
Experts discuss the security implications of Windows 10's end-of-life, the transformative but cautious integration of AI into Security Operations Centers (SOCs), the promise and peril of AI-driven automated code repair, and the ongoing battle against social engineering attacks like payroll fraud.