The Security Strategist

AI agents are evolving into capable collaborators in cybersecurity, acting as operational players. These agents read sensitive data, trigger workflows, and make decisions at a speed and scale beyond human capability.Matt Fangman, Field CTO at SailPoint, explains on The Security Strategist podcast that this new power has costs. AI agents have turned into a new, mostly unmanaged identity type. Enterprises are just starting to realise how far behind they are.In the recent episode of The Security Strategist podcast, guest Fangman sat down with Alejandro Leal, Senior Analyst at KuppingerCole. They talked about the implications of AI agents for identity security and the rapid evolution of AI agents, the challenges of visibility and governance, and the need for operational control in managing these agents. The conversation highlights the importance of just-in-time permissions, the evolution of identity controls, and strategic moves for CISOs to manage the risks associated with agent-based operations.AI Agents Creating Brand New Identity LayersFangman notes a turning point in the last 12 to 18 months, driven by the fast development of large language models (LLMs). These models gave agents the reasoning and autonomy to change from toys in a sandbox to real virtual workers.Organizations can now train agents with goals, equip them with tools, and connect them to one another. Since these agents do not tire, slow down, or forget, companies see a chance to grow their workforce without hiring new people.The issue is: They didn’t establish identity controls for these AI workers.“They’ve created a brand-new layer of identities,” Matt says, “but without the protections, ownership, or visibility that exist for humans.”Shadow agents, sometimes numbering in the thousands, operate unnoticed. Identity teams are unaware of them, security teams can’t monitor them, and cloud teams might spot them briefly in a dashboard, thinking they are someone else’s issue. Meanwhile, the agents themselves explore, share tools, and adapt.It’s a governance gap that keeps widening.When Leal asks how the industry should respond, Fangman answers: “Start by treating agents like people. Give them roles. Define what they can access. Apply entitlements. Enforce policy.”When asked for advice for CISOs and what they should do before agents start to overwhelm security programs?The SailPoint Field CTO recommends beginning with inventory. If an organisation does not know what agents exist, what they access, or what they are doing, nothing else matters. Assigning each agent a corporate identity and tracking its behaviour is the essential foundation for everything that follows.TakeawaysAI agents are becoming operational actors in business systems.The lack of visibility into agents creates governance risks.Just-in-time permissions are essential for managing agents.Agents are evolving into peer systems within organisations.Identity management is shifting towards relationships and context.CISOs need to inventory and track agent behaviour.

As businesses approach the holiday season, security teams feel the pressure while online activity increases. At the same time, AI is quickly changing how attacks are launched and how organisations function daily.In the recent episode of The Security Strategist podcast, host Richard Stiennon, Chief Research Analyst at IT-Harvest, sits down with Pascal Geenens, VP of Threat Intelligence at Radware, to discuss why CISOs need to rethink their long-held beliefs about attackers, users, and what “web traffic” really means in an AI-driven world.They talk about the dual nature of AI in cybercrime, the emergence of new tools that facilitate attacks, and the importance of automated pen testing as a defence strategy. The conversation also highlights vulnerabilities associated with AI assistants, such as indirect prompt injection, and emphasises the need for organisations to adopt best practices to safeguard against these threats.Also Watch: From Prompt Injection to Agentic AI: The New Frontier of Cyber ThreatsAI Attacks Lower the Barrier for CybercrimeGeenens tells Stiennon that AI’s biggest effect on security is not a new type of futuristic attack but rather its scale and accessibility. Tools like WormGPT, FraudGPT, and advanced platforms like Xanthorox AI provide reconnaissance, exploit development, data analysis, and phishing as subscription-based services. For a few hundred dollars each month, attackers can access AI-assisted tools that cover the entire cyber kill chain.This “vibe hacking” model resembles vibe coding. Attackers describe their goals in natural language, and the AI generates scripts, reconnaissance workflows, or data extraction logic. While these tools have not fully automated attacks from start to finish, they significantly lower the skills needed to engage in cybercrime. As Geenens explains, attackers can now target hundreds or thousands of organisations simultaneously, a task that once required large teams.Attackers can now afford to fail repeatedly as part of their learning process, while defenders cannot. Even flawed AI-generated exploits speed up scanning, vulnerability detection, and phishing at levels that security teams find challenging to handle. The result is a threat landscape that uses familiar techniques but operates with greater speed and intensity.Also Watch: How Do You Stop an Encrypted DDoS Attack? How to Overcome HTTPS ChallengesAI Assistants & Browsers Creating Invisible Data Leak RisksThe second, and more alarming, change that the VP of Threat Intelligence emphasises occurs within companies themselves. As organisations use AI assistants and AI-powered browsers, they delegate authority along with convenience. These tools require access to emails, documents, and business systems to be effective, and this access creates new risks.Indirect prompt injection, shadow leaks, and echo leaks turn normal workflows into potential attack vectors. For instance, an AI assistant summarising emails may unintentionally process hidden commands within a message. These commands can lead the model to inadvertently leak sensitive information without the user clicking any links or noticing anything unusual.In some cases, the data doesn't even leave the endpoint; it exits directly from the AI provider's cloud infrastructure, completely bypassing established data loss prevention and network monitoring.Meanwhile, Geenens points to a fundamental shift in traffic...

Industrial enterprises are undergoing significant transformation as connected devices reshape the way they operate. IoT platforms provide new opportunities for automation, predictive maintenance, and more efficient device management. But these benefits come with challenges. In this episode of the Security Strategist podcast, host Trisha Pillay speaks with Bernd Gross, CEO of Cumulocity, about how enterprises can navigate these complexities and scale their operations successfully.Gross emphasises that the foundation of successful enterprise transformation is having the right data. Organisations need accurate information, clear visibility into device status, and meaningful context to make informed decisions. Without this foundation, even the most advanced platforms cannot deliver their full potential.Strengthening Security and Lifecycle ManagementAs the number of connected devices grows, resilient cybersecurity and cloud security are critical. Bernd shares practical insights for protecting enterprise systems while maintaining smooth operations, from managing access to ensuring device integrity across distributed networks. Alongside security, lifecycle management ensures devices are monitored, maintained, and retired efficiently. Organisations that integrate lifecycle management into daily operations see fewer disruptions and higher overall reliability.Data Strategy and Automation for Smarter OperationsConnected platforms are only as valuable as the data they generate and the processes they support. Bernd explains that a clear data strategy is essential for enriching information, understanding device performance, and driving operational decisions. Automation also plays a key role, allowing enterprises to act quickly, scale efficiently, and maintain control over complex systems. By connecting device management, enriched data, and automated processes, organisations can respond to challenges faster, optimise performance, and create a foundation for long-term transformation.This episode provides practical guidance for technology leaders looking to improve operational efficiency, strengthen security, and optimise connected platforms. For more insights and resources on connected platforms, visit Cumulocity.TakeawaysCumulocity is a leading IoT platform focused on B2B industrial use cases.Security in connected operations requires both IT and OT security measures.No open ports towards the internet is a critical security rule.Device certificates are essential for secure communication.Lifecycle management is crucial for maintaining connected devices.On-premise systems may not be as secure as perceived compared to cloud solutions.Automation can significantly reduce maintenance costs and improve efficiency.Data enrichment is necessary for effective AI model training.Many enterprises struggle with the data challenge in AI deployment.Clear business outcomes should guide IoT and AIoT initiatives.Chapters00:00 Introduction to IoT and AIoT Transformation04:40 Security Challenges in Connected Enterprises13:01 On-Premise vs Cloud Security Perceptions17:44 The Value of Automation in Device Management21:34 Operational Challenges in Deploying AI at Scale26:11 Transitioning from IoT to AIoT Data Management31:18 Practical Advice for...

Scaling technology globally is one of the most complex challenges for Chief Technology Officers and enterprise leaders. It requires balancing infrastructure, operations, regulatory compliance, and user trust, all while delivering systems that are reliable, secure, and effective across diverse regions.In this episode of Security Strategist, host Trisha Pillay explores these challenges with Grant McWilliam, Chief Technology Officer at Aura. They discuss how enterprises can overcome regulatory compliance, technology infrastructure, and operational challenges while delivering trusted, reliable systems globally.Understanding Regulatory Compliance in Global ScalingGlobal expansion introduces different regulatory landscapes, from data privacy laws to communications standards. While some see these as hurdles, they can become strategic advantages: As Grant says, “Regulatory challenges can be opportunities.” He further explains that building a global framework with room for local adaptation, “design globally, implement locally,” ensures compliance while maintaining operational flexibility.Building Resilient Technology InfrastructureReliable technology infrastructure is just as important for platforms operating across regions with varying telecom networks, mapping systems, and technical capabilities. In mission-critical contexts such as emergency response, reliability is non-negotiable, and technology should never limit service. Redundancy, failovers, and multi-region deployments ensure platforms remain responsive under pressure.Operational Excellence and TrustGary notes that operational pressures grow as organisations scale. Teams need to act efficiently while respecting local regulations and cultural contexts. He emphasises: “Trust is essential in emergency response and emergency response must prioritise user needs.” By embedding processes as backups to the backups and adapting technology to local conditions, organisations build resilience and maintain user confidence. He adds, “Collaboration enhances operational efficiency.”Key Principles for Scaling Cybersecurity GloballyGlobal standards and local adaptation: Establish frameworks that scale but allow local execution.Reliability and trust: Ensure mission-critical systems function under any circumstances.Cultural and operational alignment: Integrate local knowledge and collaboration to make technology sustainable and effective.Scaling technology globally requires balancing cybersecurity, infrastructure, regulatory compliance, and operational agility. In this episode of Security Strategist, the discussion highlights that success comes from combining technical excellence with strategic empathy, ensuring platforms are trusted, resilient, and effective for every user, in every region.TakeawaysScaling technology globally requires navigating regulatory complexity and...

In this final episode with N-able, the guests answer a pressing challenge for today’s MSPs: How to transform security operations into genuine cyber resilience.In this episode of The Security Strategist podcast, Jim Waggoner, VP of Product Management at N-able, and Lewis Pope, CISSP and N-able Head Nerd, sit down with host Jonathan Care, the Lead Analyst at KuppingerCole. MSPs have typically focused on technology layers, like backups, EDR, and MDR. However, as both Waggoner and Pope point out during the conversation, achieving resilience requires a bigger change – in operations, culture, and strategy.Cyber Resilience is Being Prepared For Any AttackWhen asked about redefining resilience, Pope underscores the need to move away from a classic technician mindset. He explains that MSPs should adopt a business-focused approach:“You have to drop your technician glasses and put on your business glasses for a lot of these matters.”Why is this important? MSPs often have a better understanding of their clients’ workflows than the clients themselves. This puts MSPs in a powerful position, but they must look both inward and outward, Pope further explains. He emphasises the need for internal threat modelling, risk registers, and long-term business planning with clients: “You need to have that seat there so you can help them, guide them, and put your fingers on the scales of which direction they plan to take.”Supporting this shift in tackling threats, Waggoner cites an example of tabletop exercises performed at N-able internally. Imagine “you just got a call that someone believes that they've been compromised by ransomware. What do you do?”The exercise didn’t focus on antivirus tools. Instead, it uncovered operational blind spots—like who to call, what steps to take, and how to keep the business running. The key lesson is that resilience is not about preventing every attack; it's about being prepared for the one that will happen.Also Watch: How Can MSPs Stay Competitive with Managed Detection and Response (MDR)?‘Automation Should Strengthen Security Teams, Not Replace Them’AI and automation is the rage in the cyber technology industry at the moment. While AI offers speed and scale, Waggoner warns it can lead to serious overreactions if not managed carefully: “If you're seeing something that looks suspicious and the automated response is to cut off these services, that can be great.” The only way to balance a rogue AI and automation situation is “the human,” he added. The VP of Product Management asserts the importance of safeguards such as manual confirmation prompts, human-initiated rollbacks, and analyst reviews. Ultimately, automation should strengthen security teams, not replace them.“You treat anything and everything that it does as something that a highly clever intern brought to you, but you still have to double-check it,” Pope added to the conversation. The Head Nerd emphasises a key detail often overlooked in AI discussions – precision. MSPs need to distinguish between LLMs, machine learning,...