Listen to our latest episode, Can IAM handle AI? →  https://www.ibm.com/think/podcasts/security-intelligence/ai-agent-access-problem-iam-handle-ai  

Does your AI agent talk too much? It’s not just an annoying habit—it’s a security concern. 

On this episode of Security Intelligence, Sridhar Muppidi, Claire Nuñez and Dave Bales join me to discuss Guardio’s research into “agentic blabbering,” and how attacks can use an agent’s reasoning process against it.  

In experiments with the agentic Perplexity Comet browser, Guardio researchers were able to design foolproof phishing websites just by listening to agent’s running monologue as it traversed the web.  

What does it mean for agentic security when sophisticated AI reasoning processes can be weaponized? 

Then, we chat about Microsoft Azure CTO Mark Russinovich’s discovery that Claude Opus can reverse engineer 40-year-old (practically ancient, by software standards) code. Did AI just expand the attack surface to include every compiled binary ever written? 

Plus: Contrast Security CISO David Lindner claims that shift left has failed. Dramatic increases in the exploitation go vulnerable code—confirmed by the IBM Threat Intelligence Index 2026, among many other reports—suggest he might be onto something. But is there more to the story? 

And, finally, we dig into two new pieces of research from IBM X-Force: One about a new piece of AI-generated malware, and another about reframing how we think about authentication.  

All that and more on Security Intelligence. 

00:00 -- Introduction 

1:19 -- Perplexity Comet’s “agentic blabbering” 

13:06 -- AI resurrects old vulnerabilities 

21:28 -- Did shift left fail? 

30:05 -- AI slop and the post-auth perimeter 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Read more about “Slopoly” → https://www.ibm.com/think/x-force/slopoly-start-ai-enhanced-ransomware-attacks