Sign up to save your podcasts
Or
Share AI Agents Are Malware Now (And We’re Installing Them)
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
AI Agents Are Malware Now (And We’re Installing Them)
AI agents aren’t just “tools” anymore — they’re getting delegated access, running workflows, calling APIs, and making decisions inside your environment. That’s why some security folks are starting to call them malware… with permission.
In this episode of Legitimate Cybersecurity, hosts Frank Downs and Dustin Brewer sit down with Jasson Casey (CEO & Co-Founder of Beyond Identity) to break down what actually breaks in identity and access when software can reason, plan, and take real actions. We cover why prompt injection is fundamentally “control + data mixing,” why agent toolchains resemble living-off-the-land techniques, and why visibility + device-bound identity may be the only sane control plane going forward.
You’ll learn:
Why “delegated auth” becomes the new breach primitive
How indirect prompt injection can persist across an agent loop
What “treat the agent as a user” gets right—and what it misses
Why hardware attestation (TPM/TEE) changes detection and logging strategy
How to think about local agents, plugins, and “willful malware execution” risk
Media / interview: [email protected]
Audio: https://legitimatecybersecurity.podbean.com/
Chapters:
00:00 AI agents: tool or malware-with-permission?
01:02 Meet Jasson Casey (Beyond Identity)
02:03 Delegated authorization: the “easy option is the lazy option” problem
03:30 RAG + RBAC: privilege escalation through indexed knowledge
04:48 Prompt injection = mixing instruction and data (and why that’s provably bad)
06:01 Can injections persist across loops? “Maintain persistence” for agents
07:08 Policies fail when the agent “reaches around the fence”
08:05 Training your org to accept malware-like behavior
09:27 Adoption pressure vs security “wet blanket” reality
11:10 What’s the most weaponizable part of an agent?
13:31 Start with visibility: what’s happening, what has access to what
15:08 The Command & Conquer test: when capability suddenly jumps
20:11 Detection: how do you tell legit agent actions from malicious ones?
21:18 Why device-bound attestation matters (TPM, integrity, authenticity)
23:45 What an agent identity should include (operator + machine + time)
25:59 The logging problem: monitoring humans + agents at scale
27:44 Attestation changes logs: snapshots, reconstruction, reverse queries
29:02 Local agents & plugin ecosystems: “safe because it’s local?”
32:44 “How long before it’s news?” token harvesting and real-world fallout
34:18 AI dating pop-ups + responsibility for outcomes
37:05 Wrap + where to find Jasson
#Cybersecurity #AI #AIAgents #IdentitySecurity #ZeroTrust #PromptInjection #PhishingResistantMFA #CISO #SecurityEngineering #InfoSec #legitimatecybersecurity
View all episodes
By LegitimateCybersecurityAI agents aren’t just “tools” anymore — they’re getting delegated access, running workflows, calling APIs, and making decisions inside your environment. That’s why some security folks are starting to call them malware… with permission.
In this episode of Legitimate Cybersecurity, hosts Frank Downs and Dustin Brewer sit down with Jasson Casey (CEO & Co-Founder of Beyond Identity) to break down what actually breaks in identity and access when software can reason, plan, and take real actions. We cover why prompt injection is fundamentally “control + data mixing,” why agent toolchains resemble living-off-the-land techniques, and why visibility + device-bound identity may be the only sane control plane going forward.
You’ll learn:
Why “delegated auth” becomes the new breach primitive
How indirect prompt injection can persist across an agent loop
What “treat the agent as a user” gets right—and what it misses
Why hardware attestation (TPM/TEE) changes detection and logging strategy
How to think about local agents, plugins, and “willful malware execution” risk
Media / interview: [email protected]
Audio: https://legitimatecybersecurity.podbean.com/
Chapters:
00:00 AI agents: tool or malware-with-permission?
01:02 Meet Jasson Casey (Beyond Identity)
02:03 Delegated authorization: the “easy option is the lazy option” problem
03:30 RAG + RBAC: privilege escalation through indexed knowledge
04:48 Prompt injection = mixing instruction and data (and why that’s provably bad)
06:01 Can injections persist across loops? “Maintain persistence” for agents
07:08 Policies fail when the agent “reaches around the fence”
08:05 Training your org to accept malware-like behavior
09:27 Adoption pressure vs security “wet blanket” reality
11:10 What’s the most weaponizable part of an agent?
13:31 Start with visibility: what’s happening, what has access to what
15:08 The Command & Conquer test: when capability suddenly jumps
20:11 Detection: how do you tell legit agent actions from malicious ones?
21:18 Why device-bound attestation matters (TPM, integrity, authenticity)
23:45 What an agent identity should include (operator + machine + time)
25:59 The logging problem: monitoring humans + agents at scale
27:44 Attestation changes logs: snapshots, reconstruction, reverse queries
29:02 Local agents & plugin ecosystems: “safe because it’s local?”
32:44 “How long before it’s news?” token harvesting and real-world fallout
34:18 AI dating pop-ups + responsibility for outcomes
37:05 Wrap + where to find Jasson
#Cybersecurity #AI #AIAgents #IdentitySecurity #ZeroTrust #PromptInjection #PhishingResistantMFA #CISO #SecurityEngineering #InfoSec #legitimatecybersecurity