Interview with Sandy Bird, co-founder of Sonrai Security

In this week's interview, we kick off the conversation with how Sonrai's expertise in securing cloud identity permissions had the company well placed to address the explosion of AI agents and the clear risks they represented. On the surface, this looks like a cloud/hyperscaler permissions challenge, but it isn't that simple. As agents like Claude Code, Codex, and Hermes are connected to enterprise cloud agents, the risk spreads outside VPCs and onto endpoints.

Check out the episode to learn more about some of the most common risks Sandy finds and how Sonrai goes about addressing them.

This segment is sponsored by Sonrai Security. Visit https://securityweekly.com/sonrai to learn more about them!

Segment Resources

Making Enterprise AI Agents Accountable with Amir Ofek, CEO and Co-Founder of aizome

Organizations looking to unlock the power of Enterprise AI Agents, and in a controlled and safe way at the speed of AI. Identity is at the heart of it. However, NHI Governance Is Not Enough for Enterprise AI Agents.

The identity industry has responded to the rise of AI agents the same way it responds to every new identity challenge: extend existing frameworks. Map agents to human owners. Enforce least privilege. Govern them like non-human identities.

It is a reasonable instinct. It is also insufficient in ways that matter enormously. Non-human identity security was built for a deterministic world - service accounts, API keys, bots. These identities do what they are configured to do. Their behavior is predictable enough that static governance models work. Enterprise AI agents are categorically different. Not in degree - in kind. They don't execute fixed instructions. They reason, plan, and adapt in response to context. Their scope shifts with every task. Their behavior at runtime can diverge significantly from anything true at provisioning time. Unlike any identity that came before them, they frequently change their intent, at a pace no governance model built for human movers or machine credentials was designed to handle.

Wrapping them in the same framework you use for a service account isn't wrong. It's just insufficient in precisely the places where risk accumulates.

This segment is sponsored by aizome. Visit https://securityweekly.com/aizomeidv to learn more about them!

The Human Authorized. The Agent Acted. Who's Accountable? Interview with Howard Ting - CEO - Opal Security

A self-driving car still has a license plate The accountability didn't change just because the driver did. The same has to be true for AI agents, but most environments can't trace an agent action back through the layers of delegation to the human who authorized it. Howard Ting, CEO of Opal Security, joins Security Weekly to discuss what the accountability model looks like when employees run swarms of agents, and what has to be in place before that accountability chain is tested.

This segment is sponsored by Opal Security. Visit https://securityweekly.com/opalidv to learn more about them!

Next Evolution of Identity Security: AI for Lower Cost, Efficiency & Governance with Ajay Gupta - President & CEO - SDG

Organizations have invested heavily in identity platforms, but many still struggle to maximize security, efficiency, and governance outcomes. As AI transforms both cyber defense and cyber threats, Identity Security is emerging as a critical foundation for securing human and non-human identities alike. In this discussion, we explore how AI is helping organizations reduce costs, improve operations, defend against AI-powered attacks, and address the governance challenges created by AI agents—highlighting the convergence of Identity Security, AI Security, and AI Governance.

This segment is sponsored by SDG. Visit https://securityweekly.com/sdgidv to learn more about them!

Show Notes: https://securityweekly.com/esw-466

Podden och tillhörande omslagsbild på den här sidan tillhör Security Weekly Productions. Innehållet i podden är skapat av Security Weekly Productions och inte av, eller tillsammans med, Poddtoppen.