DevOps Paradox

DOP 358: Just-in-Time Access for AI Agents


Listen Later

#358: Production is on fire. You need access to one table you have never touched. So you file an access request, then phone the desk to say you filed it, then Slack them to say you phoned, then walk over to say you Slacked. Twenty-five minutes later the incident has resolved itself and the customer has already left.

That is the setup, and Ofir Stein has lived the other side of it. He is the CTO and co-founder of Apono, and before that he was an engineering leader who felt the same pain every day - not because he hated security, but because he hated being blocked. There is a difference, and the whole conversation turns on it. Put productivity on one side, security risk on the other, and access management in the middle. Tighten one and you starve the other. Nobody wants to be slower and nobody wants to be breached, so the honest answer is there is no clean answer.

Then AI agents show up and break the last assumption standing. Software used to be deterministic - your computer could not decide to do something other than what it was told. LLMs can. They can be socially engineered the way people are. Ofir's team built a full AWS environment run by AI agents, opened a Discord channel, and invited anyone to try to trick them. People could. That is the new attack surface, and it moves at machine speed - far too fast for the access reviews and approval chains built for humans.

The guardrails everyone is now scrambling to build for agents should have been there for humans all along. Access is the one thing in your stack that never went dynamic. Servers scale up and down, pipelines rebuild everything, and then access is a static policy someone set two weeks ago when security sat with your manager and guessed what you would need. That is the opposite of how the rest of DevOps works. Ofir's argument is that access should change with context - who you are, whether you are on call, whether there is an open incident - evaluated in real time. For a human that is a faster request. For an AI agent, the decision has to live inside the loop, made by silicon, because no person can approve thousands of operations a minute.

If access is per-operation and every operation is already a specific API call, what is left to scope? If the business context changes by the minute, how do you write guardrails in advance? And once the human is out of the loop, are you not just left with one AI deciding what another AI is allowed to do? Ofir does not pretend that part is solved. What he is sure of is the direction: the doors at the mall open when you walk up and close when you leave, and you never think about them. That is where access is headed - and there is a lot of road between here and there.

Ofir's contact information:

LinkedIn: https://www.linkedin.com/in/ofir-stein/

YouTube channel:

https://youtube.com/devopsparadox

Review the podcast on Apple Podcasts:

https://www.devopsparadox.com/review-podcast/

Slack:

https://www.devopsparadox.com/slack/

Connect with us at:

https://www.devopsparadox.com/contact/

...more
View all episodesView all episodes
Download on the App Store

DevOps ParadoxBy Darin Pope & Viktor Farcic

  • 5
  • 5
  • 5
  • 5
  • 5

5

25 ratings


More shows like DevOps Paradox

View all
Software Engineering Radio - the podcast for professional software developers by team@se-radio.net (SE-Radio Team)

Software Engineering Radio - the podcast for professional software developers

275 Listeners

The Changelog: Software Development, Open Source by Changelog Media

The Changelog: Software Development, Open Source

289 Listeners

Software Engineering Daily by Software Engineering Daily

Software Engineering Daily

626 Listeners

LINUX Unplugged by Jupiter Broadcasting

LINUX Unplugged

274 Listeners

The Enterprise AI Show by Massive Studios

The Enterprise AI Show

149 Listeners

Thoughtworks Technology Podcast by Thoughtworks

Thoughtworks Technology Podcast

43 Listeners

Syntax - Tasty Web Development Treats by Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers

Syntax - Tasty Web Development Treats

982 Listeners

REWORK by 37signals

REWORK

211 Listeners

CoRecursive: Coding Stories by Adam Gordon Bell - Software Developer

CoRecursive: Coding Stories

188 Listeners

DataFramed by DataCamp

DataFramed

266 Listeners

Kubernetes Podcast from Google by Abdel Sghiouar, Kaslin Fields

Kubernetes Podcast from Google

181 Listeners

AWS Podcast by Amazon Web Services

AWS Podcast

203 Listeners

The Stack Overflow Podcast by The Stack Overflow Podcast

The Stack Overflow Podcast

62 Listeners

Latent Space: The AI Engineer Podcast by Latent.Space

Latent Space: The AI Engineer Podcast

101 Listeners

The Pragmatic Engineer by Gergely Orosz

The Pragmatic Engineer

74 Listeners