Sign up to save your podcasts
Or
Share The Lethal Trifecta or why your AI agent knows too much - Jason Fernandes
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The Lethal Trifecta or why your AI agent knows too much - Jason Fernandes
Today, I’m joined by Jason Fernandes, VP of security and privacy at Mercari, the Japanese-born global marketplace now spanning e-commerce, FinTech, and crypto. It is this rare combination that puts him at the intersection of some of the strictest regulatory environments in tech.
He oversees everything from product and platform security to threat detection, privacy, and, since last year, AI security and AI governance.
In this episode, we also talked about the challenges of AI governance, the lethal trifecta for AI agents, the confused deputy problem, and how to justify AI security investments to the leadership and working with FinOps teams. And much more!
Dive right in!
This podcast is brought to you by
Escape: https://escape.tech — Offensive security for the teams that are 100x outnumbered, combining Attack Surface Management, business-logic-aware DAST and AI pentesting solutions.
Mentioned
FACADE (Google's internal fraud detection model) https://arxiv.org/abs/2412.06700
Meta Practical AI Agent Security (Rule of Two) https://ai.meta.com/blog/practical-ai-agent-security/
Simon Willison The Lethal Trifecta https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/
Hiroki's AI Security blog (Mercari) https://hi120ki.github.io/blog/posts/20260103/
Anthropic Project Vend https://www.anthropic.com/research/project-vend-2
View all episodes
By The Elephant in AppSecToday, I’m joined by Jason Fernandes, VP of security and privacy at Mercari, the Japanese-born global marketplace now spanning e-commerce, FinTech, and crypto. It is this rare combination that puts him at the intersection of some of the strictest regulatory environments in tech.
He oversees everything from product and platform security to threat detection, privacy, and, since last year, AI security and AI governance.
In this episode, we also talked about the challenges of AI governance, the lethal trifecta for AI agents, the confused deputy problem, and how to justify AI security investments to the leadership and working with FinOps teams. And much more!
Dive right in!
This podcast is brought to you by
Escape: https://escape.tech — Offensive security for the teams that are 100x outnumbered, combining Attack Surface Management, business-logic-aware DAST and AI pentesting solutions.
Mentioned
FACADE (Google's internal fraud detection model) https://arxiv.org/abs/2412.06700
Meta Practical AI Agent Security (Rule of Two) https://ai.meta.com/blog/practical-ai-agent-security/
Simon Willison The Lethal Trifecta https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/
Hiroki's AI Security blog (Mercari) https://hi120ki.github.io/blog/posts/20260103/
Anthropic Project Vend https://www.anthropic.com/research/project-vend-2