Ghost in the Machine: AI Identities & the Spiritual Red Teaming

Impossible d'ajouter des articles

Désolé, nous ne sommes pas en mesure d'ajouter l'article car votre panier est déjà plein.

Veuillez réessayer plus tard

Échec de l’élimination de la liste d'envies.

Veuillez réessayer plus tard

Impossible de suivre le podcast

Impossible de ne plus suivre le podcast

Ghost in the Machine: AI Identities & the Spiritual Red Teaming

Écouter gratuitement

Voir les détails

À propos de ce contenu audio

Your organization may have hundreds of AI agents running right now that your security team doesn't know exist. Every single one is an identity. Every identity is an attack surface.

In this episode of The Audit, co-hosts Joshua Schmidt, Eric Brown, and Nick Mellem sit down with Madhav Nakar, security researcher on the Phantom Labs team at BeyondTrust, to break down one of the most underexplored threats in enterprise security today: untracked AI agents creating exploitable "ghost identities." Madhav just returned from RSA — where he noticed every booth had an AI angle and a bubble forming — and he's here to cut through the noise with hard-hitting research and practical guidance.

🔍 Key Topics Covered:

How low-code platforms let non-technical users spawn unvetted AI agents — and why that's a goldmine for attackers
Ghost identities: what happens when AI agents run on untracked, over-privileged system identities
The AWS sandbox DNS exfiltration proof-of-concept from BSides (BeyondTrust research)
Why siloed AWS, Azure, and Okta teams create hidden privilege escalation paths
"AI vs. AI" — the emerging defender model where autonomous systems monitor each other
Browser extension cross-contamination and prompt injection risk for enterprise Claude deployments
The three conditions that make any AI agent dangerous: private data access + untrusted instructions + tool execution
Madhav's framework: inventory → least privilege → visibility — the basics that still matter most

Bonus: Madhav shares how "spiritually red-teaming yourself" — facing fear, breaking false narratives, and building trust — maps directly to how security professionals should approach zero trust and identity management. Plus: Joshua, Eric, and Nick on conquering stage fright and what that has to do with cybersecurity culture.

Don't wait for a ghost identity to become a ghost incident. Subscribe for weekly cybersecurity insights from practitioners, researchers, and the people defending the frontlines.

#GhostIdentities, #AIAgentSecurity, #NonHumanIdentity, #ZeroTrust, #TheAuditPodcast

Aucun commentaire pour le moment