A panel of cybersecurity experts discusses the security risks of the rapid adoption of AI agents, the "move fast and break things" development culture, the lessons from the Notepad++ supply chain breach, and the professionalization of ransomware by groups like DragonForce.
This post explores how to secure modern agentic AI systems by applying the core principles of Zero Trust. It details the unique attack surfaces of AI agents, such as prompt injection and model poisoning, and outlines a comprehensive security architecture including non-human identity management, AI firewalls, and the critical role of human oversight.
Jason Martin of Permiso Security discusses the exponential rise of AI agents in enterprises and the urgent security challenges they present. He covers the concept of Non-Human Identity (NHI), applying Zero Trust principles to ephemeral and over-permissioned agents, and outlines key attack vectors like prompt injection and data poisoning, while also exploring the potential of defensive AI to enhance security operations.
Jeff Crume and Patrick Fussell from IBM's X-Force team share a real-world ethical hacking war story, demonstrating an attack from an 'assume breach' perspective. They break down how vulnerabilities in Identity and Access Management (IAM) and legacy systems can lead to a full compromise, starting from an insider threat and escalating to domain administrator privileges through advanced C2 attacks and lateral movement.
The video explores the risks of Agentic AI, which acts rather than just chats, and the emergence of 'Shadow AI'—unofficial, unmonitored AI systems. It proposes a unified control plane for AI security and governance, using a continuous loop of discovery, assessment, governance, and auditing to ensure safe automation. The concepts are illustrated with practical use cases in healthcare and public services.
Dr. Vijoy Pandey of Cisco's Outshift incubator discusses his vision for a future where multi-agent human societies collaborate to solve major scientific and physical challenges. He introduces AGNTCY, an open-source project for the "Internet of Agents," designed to address the critical hurdles of agent interoperability and trust through a Zero Trust framework and Task-Based Access Control (T-BACK).