Antisyphon Training Anticasts

Securing the Cloud in the Age of AI with Andrew Krug

Listen Later

Existential Courage: The Hitchhiker's Guide to Surviving AI in Cloud

🛝 Webcast Slides -
https://www.blackhillsinfosec.com/wp-content/uploads/2026/03/SLIDES_The-Hitchhikers-Guide-to-Surviving-AI-in-Cloud.pdf

Can AI really help secure the cloud, or is it quietly making things worse?

Join Antisyphon instructor and security researcher Andrew Krug for a free one-hour Anti-cast on what really happens when AI collides with cloud security.

  • Andrew will cut through the hype and look at how LLMs affect IAM, monitoring, governance, and real-world risk.
  • Learn where AI helps, where it hallucinates, and how to defend cloud environments without panic.
  • Expect practical insights, grounded strategy, and a bit of cosmic humor. Bring your towel. Don’t panic.


Chapters

  • (00:00) - Intro
  • (02:44) - Our trip through the galaxy
  • (03:38) - What kind of literature is the HitchikerĘĽs Guide to the Galaxy?
  • (04:29) - Don't Panic
  • (05:18) - The Agentic Revolution
  • (05:56) - Cast of Characters
  • (07:44) - The State of AI in the Enterprise - Deloitte
  • (10:53) - How do teams build agents?
  • (12:11) - What are teams using agents for?
  • (13:17) - Why build on Bedrock + AWS
  • (14:17) - Are we learning? Or not learning?
  • (15:58) - Are you the fixed point in a shifting universe?
  • (17:01) - TL;DR the majority of these are the same threats we have been dealing with
  • (18:16) - Prompt Injection is the new SQL Injection
  • (19:13) - Sandbox Escape
  • (20:20) - Shared Structure: General Software & AI Supply Chains
  • (23:03) - The Bad News
  • (24:29) - Threate Vector Coverage
  • (25:24) - The Expanding Universe of Secrets
  • (28:15) - Hope is not a strategy! But a strategy can give us hope.
  • (28:36) - (Yes we AI-Removed Andrew's Coughs)
  • (29:40) - back to: Hope is not a strategy! But a strategy can give us hope.
  • (30:47) - Plan for maximum risk scenarios
  • (33:03) - Squishy Stuff
  • (34:38) - KIRO
  • (37:11) - Infrastructure and Data Protection
  • (39:11) - Priveledge Escalation Paths – https://pathfinding.cloud
  • (40:58) - The AI Stuff
  • (42:01) - So anyway, here's Firewall
  • (43:34) - OpenTelementry
  • (46:47) - You still have to have logs
  • (48:22) - MCP
  • (49:22) - Learn more from Andrew in: Securing the Cloud Foundations
  • (50:23) - Post Show Q&A

    • Credits
    Creators & Guests
    • Andrew Krug - Guest
    • Jason Blanchard - Host
    • Deb Wigley - Host

      • Chat with your fellow attendees in the BHIS Discord server:
      https://discord.gg/bhis
      in the #đź”´live-chat channel

      🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
      https://poweredbybhis.com

      Click here to watch a video of this episode.

      Brought to you by:

      Black Hills Information Security 

      https://www.blackhillsinfosec.com


      Antisyphon Training

      https://www.antisyphontraining.com/


      Active Countermeasures

      https://www.activecountermeasures.com


      Wild West Hackin Fest

      https://wildwesthackinfest.com

      Click here to view the episode transcript.

      ...more
      View all episodesView all episodes
      Download on the App Store
      Antisyphon Training AnticastsBy Antisyphon Training