Sign up to save your podcasts
Or
Share The AI AuthZ Problem: Why Human Least Privilege Fails for Autonomous Agents
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The AI AuthZ Problem: Why Human Least Privilege Fails for Autonomous Agents
Why are security leaders terrified of connecting AI agents to production data? Because unlike humans, AI agents don't apply judgment, and they operate at machine speed, meaning they can relentlessly hunt down production credentials and do catastrophic damage before a human analyst even blinks.
In this episode, Ashish and Caleb sit down with Graham Neray, CEO of Oso, to tackle the massive, unsolved problem of AuthZ (Authorization) for autonomous AI. We explore why the industry's reliance on static, over-permissioned human identities is a recipe for disaster when applied to tools like Claude Code and Notion Agents. Graham explains the dangerous pitfalls of allowing agents to adopt the permissions of their human operators (privilege escalation), versus the complexity of assigning agents their own unique service accounts.
The conversation dives deep into the fragmented agent security market. Should you deploy a browser extension, an endpoint sensor, or an edge proxy?. Learn why blocking destructive actions is a flawed approach (because agents need to destroy things to work), and why the future of AI AuthZ requires dynamic, data-level policies and continuous "human in the loop" validation.
Questions asked:
(00:00) Introduction(02:50) Graham Neray’s Background and the Mission of Oso(04:20) Why No One is Actually Building Their Own Agents(05:50) The Core Anxiety: Connecting AI to Production Data(07:20) Why Humans Have Judgment and Agents Don't(11:00) The Unsolved Crisis of Human Least Privilege(16:50) Agent Identities: Adopting User Permissions vs. Unique Service Accounts(18:20) Case Study: Privilege Escalation in Agent Alpha Testing(20:00) Background Agents and Unique Identities (Notion, Cursor, Perplexity)(22:30) Why You Need a Governance Plane Outside the AI Product(25:50) The False Promise of Blanket "No Destructive Actions" Policies(33:30) How to Deploy Agent Security: Browsers, Endpoints, and Proxies(38:30) Why No One Actually Uses the "Block" Feature in Security(41:50) The Context Problem: When is an RM-RF Command Good vs. Bad?(43:30) The Future of AuthZ: Resource and Data-Level Agent Permissions
Thank you to Oso for sponsoring this episode of AI Security Podcast.
View all episodes
By TechRiot.io
4.9
99 ratings
Why are security leaders terrified of connecting AI agents to production data? Because unlike humans, AI agents don't apply judgment, and they operate at machine speed, meaning they can relentlessly hunt down production credentials and do catastrophic damage before a human analyst even blinks.
In this episode, Ashish and Caleb sit down with Graham Neray, CEO of Oso, to tackle the massive, unsolved problem of AuthZ (Authorization) for autonomous AI. We explore why the industry's reliance on static, over-permissioned human identities is a recipe for disaster when applied to tools like Claude Code and Notion Agents. Graham explains the dangerous pitfalls of allowing agents to adopt the permissions of their human operators (privilege escalation), versus the complexity of assigning agents their own unique service accounts.
The conversation dives deep into the fragmented agent security market. Should you deploy a browser extension, an endpoint sensor, or an edge proxy?. Learn why blocking destructive actions is a flawed approach (because agents need to destroy things to work), and why the future of AI AuthZ requires dynamic, data-level policies and continuous "human in the loop" validation.
Questions asked:
(00:00) Introduction(02:50) Graham Neray’s Background and the Mission of Oso(04:20) Why No One is Actually Building Their Own Agents(05:50) The Core Anxiety: Connecting AI to Production Data(07:20) Why Humans Have Judgment and Agents Don't(11:00) The Unsolved Crisis of Human Least Privilege(16:50) Agent Identities: Adopting User Permissions vs. Unique Service Accounts(18:20) Case Study: Privilege Escalation in Agent Alpha Testing(20:00) Background Agents and Unique Identities (Notion, Cursor, Perplexity)(22:30) Why You Need a Governance Plane Outside the AI Product(25:50) The False Promise of Blanket "No Destructive Actions" Policies(33:30) How to Deploy Agent Security: Browsers, Endpoints, and Proxies(38:30) Why No One Actually Uses the "Block" Feature in Security(41:50) The Context Problem: When is an RM-RF Command Good vs. Bad?(43:30) The Future of AuthZ: Resource and Data-Level Agent Permissions
Thank you to Oso for sponsoring this episode of AI Security Podcast.
More shows like AI Security Podcast
View all
The a16z Show
1,105 Listeners
Risky Business
375 Listeners
CyberWire Daily
1,023 Listeners
Invest Like the Best with Patrick O'Shaughnessy
2,388 Listeners
NVIDIA AI Podcast
347 Listeners
Cybersecurity Today
178 Listeners
Practical AI
211 Listeners
Google DeepMind: The Podcast
197 Listeners
Cloud Security Podcast
57 Listeners
All-In with Chamath, Jason, Sacks & Friedberg
10,197 Listeners
Cybersecurity Headlines
137 Listeners
Cloud Security Podcast by Google
40 Listeners
Honestly with Bari Weiss
8,443 Listeners
The AI Daily Brief: Artificial Intelligence News and Analysis
693 Listeners
AI + a16z
32 Listeners