More The Secure Disclosure episodes

AI Agents Must Have Identity & Access Control w/ Johannes Keienburg thumbnail

AI Agents Must Have Identity & Access Control w/ Johannes Keienburg

Published 17 Mar 2026

Duration: 00:37:08

Autonomous AI agents, with transformative productivity potential, pose significant security, accountability, and governance challenges requiring dynamic access controls, human oversight, and industry-wide standards to ensure safe and regulated integration.

Episode Description

AI agents are here, and theyre already transforming how we work. But beneath the hype lies a massive, unsolved security problem.In this episode, Macke...

Overview

The podcast explores the rapid emergence of autonomous AI agents, likening their current development to a "Wild West" scenario due to a lack of established norms or regulations. It highlights parallels to past technological revolutions, emphasizing the transformative potential of AI agents while addressing significant challenges, including security risks, accountability gaps, and insufficient governance frameworks. Autonomous agents pose threats due to their ability to access systems with broad permissions, operate without personal accountability, and execute actions at machine speed, often beyond human oversight. The discussion underscores the complexity of securing these agents, particularly in managing access rights, which are already a critical issue in cybersecurity (e.g., OWASPs top concern: broken access control). Current systems struggle to enforce "least privilege" principles for AI agents, which interact with multiple systems autonomously, exacerbating authorization challenges.

While the podcast acknowledges the excitement around AIs potential to revolutionize productivitysuch as streamlining workflows and enhancing efficiencyit cautions against uncontrolled adoption. Risks include agents performing unintended or harmful actions, like data deletion or unauthorized access, due to static, overly broad permissions. The conversation critiques existing solutions like LLM-based guardrails as inadequate, stressing the need for dynamic, job-specific access controls and human oversight to manage agent activities responsibly. Proposals include implementing time-bound, task-specific permissions via a "separated access gateway" and prioritizing cross-industry standards to mitigate risks. The text concludes that while AI agents could unlock significant productivity gains, their safe integration hinges on developing robust authorization systems, fostering collaboration, and balancing innovation with security safeguards to prevent misuse.

Recent Episodes of The Secure Disclosure

16 Jun 2026 Your Microphone Became a Keylogger w/ David vonThenen

Machine learning analyzes keystroke acoustic signatures to infer typed characters over remote platforms, highlighting high accuracy with known keyboards, privacy risks from surveillance, and challenges in noise and variability, while proposing defenses and noting AI's dual-use implications.

9 Jun 2026 Understand the Software Supply Chain Chaos w/ Roeland Delrue

Rapidly evolving supply chain security threats, including malicious open-source components and AI-driven malware, demand advanced AI-powered solutions like Akito Securitys self-securing software and tailored tools to address vulnerabilities in developer environments and package repositories.

28 May 2026 Prompt Injection Might Never Be Solved w/ Paul Vann

The text details AI security threats like prompt injection, jailbreak attacks, and distillation attacks, along with vulnerabilities such as AI bias and autonomous agent risks, highlighting detection challenges, emerging malware, supply chain exploits, and the industry's struggle to keep pace with rapidly evolving AI technologies.

22 May 2026 AI Broke the Security Ecosystem w/ Chris Hughes

Evolving cybersecurity challenges include supply chain threats, AI vulnerabilities, and outdated tools, highlighting the need for systemic reforms like developer incentives, regulatory clarity, and industry-government collaboration to address gaps in vulnerability management and the dual risks of AI's role in both threat detection and exploitation.

15 May 2026 PostHog is placing a wild bet on AI Coding w/ James Hawkins

Recommended: Should you go open source?

PostHog's open-source analytics platform prioritizes transparency, developer autonomy, and AI integration while critiquing corporate norms, emphasizing price clarity, building in public, and balancing automation with security governance in product development.

More The Secure Disclosure episodes