The Challenge
Product

Platform

Agentic AI Security

Non-Human Identity Security

Secrets Security

Capabilities

Discovery & Inventory

Discover AI agents, NHIs, and secrets across your environment

Classification

Add context to all identities with ownership, permissions, and lineage

Posture Management

Identify and prioritize risks & exposures, and right-size excessive access

NHIDR™

Detect and fix real-time threats and abuse of AI agents and NHIs

Zero Trust, PAM & JIT

Enforce least-privilege access across clouds, agents, and vaults

Lifecycle Management

Manage your identities from creation to rotation and retirement

Integrations
Use cases

Governance and Administration

SOC Automation

Compliance, Posture, and Reporting

Securing Public Cloud and SaaS

Secure the Private Cloud

Mergers & Acquisitions
Customers
Company

About us

Partners

Careers

Contact
Knowledge center

Blog

Videos

Resources

News

Events

Glossary

Home » Knowledge center » Videos

How AI Agents Impact NHIs & The Attack Surface

May 22, 2025

Transcript

00:00:00
So, we’re just letting everybody get settled real quick. And I am trying to get one more person on for for our speakers. So, what I’m going to do is start the introduction of what we’re going to be talking about today and who is going to be talking about it while I help our last speaker come into play. And then, Lolit, I will let you to introduce yourselves. Today we are going to be talking about how AI agents impact non-human identities and the attack surface. So it’s going to be really

00:00:34
actionable. We’re not going to talk about hypotheticals here. And we have great speakers joining us. Why don’t you kick us off by introducing yourself and then we will follow with Lolit. I’m Alvas. I’m the CEO and co-founder of Ento Security. Entoro is a nonhuman identity life cycle management company. We’re helping organization to securely use uh automate and manage the life cycle of nonhuman identities. I’ve been uh personally in the cyber security for almost 20 years now.

00:01:09
Started at the Israeli Defense Force at uh one of the intelligence units over there. uh was doing offensive cyber back then but then so I spent like a six year at the intelligence unit and then moved to the public market and was doing defensive cyber uh on the public market. So prior to enter security, I was responsible for the internal security of one of Microsoft’s uh clouds uh the defender cloud under Microsoft I manage the entire security over there. Uh prior to that I was a chief information

00:01:41
security officer at an healthcare services company and um unfortunately I was breached multiple times in the past by non entities and the last time at Microsoft we had an event over there they stole code. It was was a major huge uh attack on on Microsoft resources and I was trying to figure out how can we better secure non human identities like service accounts and API keys and so forth. One thing led to another and I started Dento that um was the first pioneer uh in the non identity life cycle market. So pleasure to be here.

00:02:20
Thank you for the opportunity. Lalit would you like to continue? Yeah, thanks. Hi everyone. Uh, my name is Lit Cha. I’m the founder and CEO of the non-human identity management group. 30 years in the industry, mainly in the financial sector, primarily investment banking for 25 years. Uh, I’ve been running large global regulatory programs in the sort of human, PAM, and NHI space. More recently, I ran one of the largest cyber NHI programs at a large investment bank where we dealt with over

00:02:56
100,000 NHIS. Last year, I founded the non-human identity management group. My passion for this topic. I decided to create a community, educate and evangelize about the topic. So, I produce a lot of research white papers and formed nhrmg.org, or which has sort of the largest kind of knowledge center to educate the industry on NHIS and I guess I’m now known in the industry as a amazing and Josh um so happy to see you perfect timing and we were just taking a second to introduce the speakers and

00:03:36
then we will go ahead and get started. So sorry about being late just had some some technical issues connecting to Zoom. So thank you. No problem. Okay, so I’m going to go ahead and introduce Josh because he and I have spoken a little bit and he comes to us with dozens of years of experience. He has spent most of his recent stretch at Solar Winds in Austin, Texas. And he brings this incredible perspective of a practitioner who works really closely, really handinhand with the security leaders and

00:04:08
CISO at his company to understand and uh kind of bridge that gap between what the security strategy is on um to the daily execution through his team. Um so understanding kind of what the goal is for everybody and what needs to happen in order to achieve that. Um Josh, I hope I did you justice, but feel free to add anything if I left anything out. No, I think that that was done really well. Um I do have a lot of experience across many different uh security realms and I’ve worked in most security roles. So I

00:04:42
I do like to feel like I come with um a bit of a bit of experience across everything. Amazing. I love it. Okay, I just want to before we dive into the slides, one more housekeeping thing. if you have questions, which I totally encourage. I’ll be moderating them. Please enter them through the Q&A. That will just help keep them the most organized versus using the chat. So, if you have any issues there, I know that I have some internal people on backup to let me know and I can figure those out.

00:05:10
But, let’s go ahead and get started. So, Aentic AI, it’s everywhere. And I’ll take a second. I’m moderating. My name is Kelsey Pcell. I am with Entro Security, but I am not a technical person. So, I’m just going to set the stage and then let the experts take it from there. So, Aentic AI, it’s everywhere. Even all of these headlines that we see, what are AI agents? How are they going to impact us? How do they work? Who is doing what with AI? It seems like you can’t get away from the

00:05:42
headlines. But what exactly is it? So, I’m referring to this Gartner definition. The AI agents are autonomous, semi-autonomous software entities that use AI techniques to perceive, make decisions, take action, and achieve goals in their digital and physical environments capable of planning, breaking down large goals into smaller, manageable tasks, and optimizing processes based on past experience or user behavior. Those tasks are then executed and tracked through tool integration which also extends the

00:06:15
agent’s ability to manipulate and control its environment. So now you know that I’m a really good reader and I can understand things to a certain degree but I am going to pass it off to who is going to bring in uh the level of education that you all expect and love. Yeah. So that’s um a diagram of um how AI agents uh operate. It’s pretty straightforward as you can probably probably see over here. So at the end of the day, AI agents are applications. Yes, they have reasoning. Yes, they have

00:06:50
other stuff that are making it much easier for us to communicate with or for them to give us the right output. But in the end of the day, they are applications and they are working as any application should work. So as you can see as you can see over here you will have your model which is an LLM that can do some reasoning um and is calling some functions and that functions are using uh resources that resources can be other devices can be databases can be other stuff in order to get more data um and to help that function work and

00:07:27
come to the right conclusion. Uh but in the end of the day when looking at um how AI agents truly operate uh it’s pretty clear they they are an application with uh with more uh more functionality. I’m not sure if um if Josh or Li do you have any different perspective about it but uh I think it’s uh it’s pretty clear to me at least. Same. I started this journey and I told Kelsey when we talked last I really started my AI defense journey with like oh we need something special we need something new we need something

00:08:02
and and in reality it’s not we have the tools and the capability today available because we these are just applications like you said it may take some people to uh rep prioritize their security stack to get that capability but it’s all out there and available yeah okay lit any other perspective on that I guess kind more concerned about where things are going to go with agentic AI. I was reading a report earlier this week that you know on average each person may end up having two to three AI agents

00:08:35
that they use. So the proliferation of you know agents is going to increase massively and therefore the impact and growth of NHIS. So that’s quite a scary thought right that we could have in a number of years billions of these AI agents just taking over the world. Um so um very interesting how we put controls and guardrails over these processes which I’m sure we’ll talk about more through the session. Okay, it’s I’m going to have you go from the guardrail comment to talk about what

00:09:04
the initial security impact is on uh from using AI agents and the adoption of them. Right. I think uh if I’ll take a step back over here uh being um in charge of multiple security groups in in my path and maybe Josh can can share his thoughts afterwards but um just taking a step back I think it’s um security information security role within the organization is to never stop the business by the way I think in most cases it’s uh it’s not even possible to stop the business the business would

00:09:36
like to move forward and then adopt new technologies and create more use cases within current technologies and and so forth. And I think we’re seeing it maybe to the extreme now with AI where everybody is testing out different scenarios and different stuff. And of course, the organization wants to control it and and keep it safe. Uh but at the same time, we would like to make sure we’re placing the right controls around everything we’re using. We don’t want to exchange maybe velocity with

00:10:09
security or to exchange new features with security and and security always been like an afterthought. You know the business it’s it’s quite common where the business is adopting new technology and then security is trying to put some controls and guard rails around them. Um and and and we’re kind of seeing the same with AI right now. I think the main problems with AI agents which are again basically programs that are able to read data or manipulate data or change stuff on on your behues are as listed over here. Uh you

00:10:47
wouldn’t want the AI agent to read any sensitive data that are not protected or that he shouldn’t read. So maybe you don’t want him to access credit card data or SSN or maybe ELF data and so forth. I call it like the prompt problem. You don’t want your employees within the company to send send private data to that uh to that AI because you’re not sure if you will output that data to someone that is not authorized. So that’s the probably the the first control we would like to have

00:11:22
while enabling the business to to move forward. Um the second risk is those AI agents can be like DevOps engineers, act like DevOps engineers or production engineers and so forth and they can make changes to your production environment which is always a risk. Um and I’m not sure we’re quite ready with the right controls to feel comfortable in having you know automations such as an AI agents can you go uh one slide back such as the AI agents um to make uh to make production changes of course execute any

00:11:59
privileges workflows that’s uh that’s always a risk because that’s basically literal movement by the AI and also we don’t want him to affect any downstream either teams automations that he that he shouldn’t. So, I think those are the main problems that I’m seeing. But, but Josh, as a practitioner, I would love to hear about that. Yeah. You know, I think you hit on some really important things. I’m kind of jotting down some notes so I can remember, keep up because I know

00:12:27
this is a dense topic. So, in my conversations kind of amongst our our team and and the research I’ve done, a couple things kind of keep coming up. Now, while we did say, “Yeah, these are just applications.” they are more like little intelligences in in the application. So the problem becomes the velocity and the kind of formatting of the input. Previously, you know, application security, we really leaned on input sanitization and kind of scrubbing data to make sure it wasn’t malicious. Well,

00:13:01
with AI and Agentic AI being so local to your machine, those prompts can be so diverse and they can be so wide. You can really put a lot of different data into these models and get back results. Part of that is that part that’s part of the issue is previously, you know, looking for alert parenthesy some quotes to look for for cross-sight script injection. Cool. You know, is very limited range of the data that can be put in. But with AI models and agentic AI, it’s just that that reliance goes away. So that was one

00:13:35
thing I I really thought. And the next is around that visibility. As I’ve looked at many AI defense tools, things like generative AI firewalls um in particular, you’re really starting to see two flavors. You’re starting to see the agent base. Well, now we have agents watching agents. You know, you have this kind of inspector agent looking at all of the AI traffic going out. And then in other models you have a SWIG or a central web gateway or secure web gateway where all your traffic is

00:14:04
getting routed to that. I think you’re going to see that that visibility is going to force people’s hands on how they manage their security stack and how they gain that visibility. Really if you’re not unpacking every SSL packet at your defense perimeter or if you’re more zero trust you maybe you’re doing it in a central web gateway or secure web gateway. But if you don’t have that you’re really going to lose that visibility. Um and then of course I think one note I have here is um the NHI

00:14:31
spraw and I think this is goes to what Levy was kind of pointing out is we’re going to I think my opinion is we will see a massive increase in service accounts or non-human identities to be more modern. We’re going to see this spraw because as we adopt more agents each of these agents and I I was telling Kelsey this. It’s a non-human identity for a non-human intelligence. If we have these non-human intelligence all scattered across our systems, possibly millions across a user base, each of

00:15:02
those are going to need their own identity. So, that’s a great segue into what we’re going to discuss next. Lolite, I think you’re going to have some commentary here, but it’s probably a good good time for us to hone in and remind everybody what non-human identities look like and how we can create this parallel visual between the non-human identities that we’re working to secure and this innovation to adopt agentic AI. Yeah, sure. So clearly non-human identities or they’re also

00:15:28
known as workload machine identities you know I guess old terms would be service accounts APIs keys tokens these are credentials that are used to manage machines applications processes and the sort of interaction authentication between them in an automated way without any human intervention look at you know non-human identities the risks around them have been around since computers ever existed but But uh generally they were the forgotten problem child. The focus was on human access. PAM protecting your perimeters. Generally

00:16:02
NHIS are typically unmanaged with very weak controls. Right? Most of them are quite static in nature. They’ve been created maybe many many years ago and the life cycle processes around them, you know, generally fairly weak. Um, so you know they are becoming, you know, the number one attack vector to compromise systems because they’re easy to discover due to the point Josh made around secret sprawl. You know, 24 million uh secrets in public GitHub repos uh were found last year and we’re

00:16:37
seeing breach after breach around NHIS. You know, we just published a 52 week 52 breach report last week just showing how common it is now for a threat actor to to to discover and compromise NHIS. You know, to the numbers, they typically outnumber human identities by 25 to 50 to one and probably 100 to one when we start dealing with a genic AI. Um, and there’s many issues with these these accounts, right? They’re not secure. hard-coded passwords. Passwords don’t get cycled. Um the many of these

00:17:13
accounts are stale, you know, not been used for many years. So, you’ve got a broad surface area of risk around them. You know, humans use these accounts. So, we’ve got many many kind of exposures today around NHIS that organizations are still struggling to grapple with. And now as we’re going to start to grow the agentic AI systems, you know, if people start using the same techniques, the kind of poor controls around them as they are today with many other systems using NHIS, these agentic AI systems are

00:17:46
going to have high levels of privilege and they’re going to become obvious attack paths for both external internal threat actors. Look, and we’re already seeing breaches around LLM models where API keys and tokens are discovered and that these models have been compromised for dark role playing and other activities. So, look, we really have to think about the security controls around Agentic AI and the guard rails and and make sure we do things a little bit differently with kind of Aentic AI from

00:18:17
how we’ve managed NHIS historically in the past. You know, Lily, I I think that really speaks to kind of what what what I was getting at was this is this is a tale as old as as service accounts, right? Like this has been around this problem’s been around way longer than Agentic AI. What what Agentic AI and and LLM bring to it in general is a a not no longer a need, but a demand for velocity on security teams. Right now, we’re keeping up with with non-human intelligence. We’re keeping up with

00:18:47
these AI systems. We need to be as dynamic as they are and and it’s going to force a lot of people’s hands. Josh, I love that. And I’m uh I moved to this slide because I felt like Lily really covered some of these core risks. And there’s an awesome question that I want to field. And I know Lolite mentioned the ratio and how we were probably going to see that increase with the number of non-human identities to human identities as the adoption of Agentic AI, you know, continues. We’re seeing 92 for every one

00:19:17
non or for every one human identity. 92 non-human identities already. Um and so I see that skyrocketing surely into the hundreds. Josh, there is an amazing question and I think that um your commentary will lead into that really well and it is what is your opinion on AI agents suggesting non-secure approaches such as hardcord hard coding NHIS in code or not leveraging workload identities to avoid long lived tokens. I really hope that’s one of my guys because a lot of my team as we approach this heavily AI

00:19:59
motivated AIdriven decisionm we as the the human intelligence need to be ever vigilant in monitoring what these applications are recommending the OAS top 10 doesn’t go away just because this AI said oh you should do this the the attack path doesn’t go away because it recommends it and not spec speaking specifically but As Leitz pointed out, you know, we we have this real big problem as humans putting hard-coded credentials into code. Well, where do we think the AI learned it? It learned it

00:20:34
from us. It learned it from us doing it. So the longer we lean on these uh AI models being trained off of public data sets that have a lot of errors in them, have a lot of problems in them, we’re going to continue to see AI making suggestions that are bias or might be a hallucination. Um I think it’s the overextension of trust for these systems that’s going to become a major kind of social topic. So don’t do it in short. Don’t listen in short. Don’t listen to it. Yeah, very good advice. And um I

00:21:04
think Leoly ord have some commentary here and I’m going to keep this slide up because we’re talking about these core issues that we’ve identified with the NHI security challenge that we know people are experiencing. Um and one of them is the unencrypted credentials. The credentials that are hardcoded um you know malicious actors are able to find and then we talk about the speed and the learning and the autonomy of AI agents. I can only imagine. So I would love to hear it and Lily if you have anything to

00:21:37
add to Josh’s response. Yeah, of course. I first of all I completely agree. AI definitely learned it from our own bad behavior. Um secrets are being exposed everywhere uh by developers, deopsis who and everybody that needs to either create them, use them, permission them and so forth. Unfortunately, uh they are sending them over Slick and and and other you know committing them into code and CI/CD pipelines. So at the end of the day the AI loans and do the same. Again I I think that the problem is twofolds. One

00:22:12
of them is the the the prompt problem that I said earlier the AI can either suggest to expose private data in our case credentials secrets and non identity that grants permission over our most sensitive environments which is a huge problem. uh and the second problem is that that AI needs to operate within our environment right that agentic AI needs to do stuff it needs to read data you need to write data and so forth so it has its own set of non-human identities which you need to figure out how can you monitor and understand how

00:22:43
it’s operating what it’s doing is everything allowed is everything is doing is something according to your own standards you know the the unknown ownership that’s probably the the biggest problem uh because now you have AI guys that are creating those non human identities, they are permissioning them, they are using them, they are scattering them around and uh it’s going to be a huge issue to understand how to remove them without causing any downtime. Um and that’s uh that’s going

00:23:12
to be definitely the the biggest problem. Idle tokens I haven’t seen any aentic AI clean up after himself and once it’s stop using that nonuman identity basically going and deleting him. So yes, definitely there are a lot of security practices that uh agentic are not following and with the the rapid space of how it’s being moved and used and how many non-whomen identities it’s creating, it’s it’s definitely going to be a severe problem. It’s like you you you said something that made my my hair

00:23:45
chained up on my arms because I’d not really thought about it because it’s so far out of anything I would ever do. But agentic AI systems creating their own non-human identities. Yeah. While I tend to keep account creation, account deletion always something that security professionals should be aware of persistence inside your network and we could go on and on about that. But if I was I’ll tell you right now, if we had an AI come across that, hey, we want this to manage our identities, that

00:24:10
would be a hard cell for me. I’m cool with it doing a lot of things. even even some maybe network management, firewall management, but creation of identities would be that’d be a long conversation with whoever requested it. Yeah. No, I I agree. But uh but at the end of the day, I’m seeing a lot of DevOps agent AI popping up companies that are doing that and basically what they are doing what they are saying is I’m going to manage your infrastructure. I’m going to manage your terapform and so forth. What does

00:24:39
it mean to manage your terapform? It means you’re going to create non-human identities. And what does that mean? That the identical AI will create non human identities and you can do a bunch of stuff with it. Sometimes it’s in in hidden form. I mean just a couple other things to add. Sorry Kelsey. Look these days you don’t need to be a programmer anymore. You just share your prompt of what code you want a model to generate. And we’re seeing research you know to hit six point earlier that code’s being

00:25:07
generated on the fly with hard-coded secrets in there. So these bad practices are being followed with the new AI you know generation of software. Look I think the other big concern is over permissioned NHIS by nature they have high privileges but um if you think of an agentic AI process the kind of the Uber can do pretty much anything and everything within your organization talk across agents. I think there’s a lot of concern around people creating agentic AI processes that are even more overprivileged than what existing NHIs

00:25:40
are today. And I think as an industry we haven’t really figured out how we’re going to deal with sort of permissioning model and how you know AI agents kind of interact with with each other. So, you know, as it says, the the world is moving so fast, you know, and we can’t keep up and um we need to step back as an industry and think about how we’re going to properly secure, you know, these agents that are just going to go, you know, proliferate more and more. And I think we’re going to make things worse

00:26:07
before we’re going to make things better. And really, we do need to take a security first approach. But I think that’s hard to do with just the pace at which AI is moving at the moment, unfortunately. Lolita, I think you really, you know, I could not agree more that we need to be thinking as a security security community really heavily on how we manage these apps. Um, while we haven’t had this issue with an agentic system, we have with other AI kind of marketing tools where uh I’ll sit down with my

00:26:36
business applications team and we’re like, man, this is just wildly overprivileged. I think it’s going to be uh for a little bit at least for a little while it’s going to be the responsibility of your organization to take the time to look at these permission sets and not blindly accept whatever the um kind of guidance stock is. You need to think about what’s the business value of this tool. What am I really trying to do with it? And is this permission fall in line with that? If I

00:27:00
have a marketing tool that scan scour the internet and brings me back a bunch of marketing data, does it need the ability to write to my Salesforce instance? Maybe not. that’s something you and your organization need to look at. But I I completely agree. It’s gonna be it’s gonna be on the side of the practitioner for a while to really maintain that that level of scrutiny. Yeah, I think with over privileged uh tokens the main problem that I’m seeing in the market and we’re seeing in the

00:27:26
market is that you have developers or devops and so forth that they are creating those nonuman identities when they are in the development stage of their application and they don’t quite know exactly what are the permissions they will need. So they just give it admin for the development period of time but then moving to production no one changed it and now you’re left with unneeded permissions and production it can be admin it can be right and so forth but that’s the main use case that we’re

00:27:57
seeing again people not cleaning up after themselves and you know that I I keep going back to this like this is the same problem that we’ve seen for forever but when GitHub announced the fine grain access tokens I think this is really hitting on this topic of overprivilege I can create a personal access or private access token or personal access token in GitHub and that thing has the same rights I do. No matter what it’s used for, it’s got the same rights I do. Now with the fine brain, you know, we really

00:28:24
can they can really specify and limit that privilege. We’re going to need to see a lot more of that from the industry. Okay. So, um it’s that autonomy, right? that not cleaning up your over after yourself, the overpermissioned NHIS and the autonomy that makes Gentic AI so um interesting and so valuable can also be such a costly impact if not handled properly. Um, so Josh, before we move on, because I do think that we’re really um identifying this parallel between AI agents and non-human identities, there

00:29:04
was a question that I want answered before we move to the next slide. Um, and it’s uh it’s almost like all of you security people have your own identities but think so much alike because as you all were talking and actually before this came up uh Vanderson came in the Q&A and said that they’ve been really exploring NHI’s pretty deeply lately um and made the point that the identities aren’t created exclusively by a human identity anymore. the AI agents are creating some of these identities. So

00:29:39
the question is how can we bring and if anybody can answer this I’ll be like really impressed we need to hone in and trademark how can we bring that real accountability into this when we’re not really sure who owns the identities in a traditional sense and making that lineage connection between the creation of a non-human identity that uh potentially you know increased risk for the organization um if an AI agent is responsible for creating it. So personally I you know I’m a I’m a go back to basics guy kiss

00:30:19
person if you’re from the south you keep it simple stupid put human roadblocks in after all the complexities that have come out with development environments a big topic is pull request approvals who is looking at the pull request approval to move this code along well we need to start taking that same kind of gated human approach to these identity creations just because the AI has the ability to create the identity it should still be approved by some process and some human portion of it. Um, you know,

00:30:49
we’re looking currently we’re looking at a lot of zero trust and learning leaning into more automation around these exact things where yes, I can give my developers especially the agility to move quickly, but I still have a human gateway and everything and mostly resolved through automation. In the days of needing a help desk tech to relay an email to a manager to get an approval, those are gone. Um, and you don’t need AI to do it. You can do those with fairly automated um, kind of traditional

00:31:16
systems. So, I I would always say do not take the human factor out. I think Josh and me come from the same school. Keep it simple, stupid. Look, I kind of everybody talks about human ownership, but look, fundamentally everything ties back to some business process, some business application. So, I think you can’t, there always has to be ownership, accountability to a to an application, to a business process, which then infers human ownership. So whatever happens with Aentic AI, they’re all still going

00:31:43
to be linked to some group, some team. So they’ll always be in a logical owner, I think, for most of the processes that get built with with Aentic AI as well, even though they may be now much more interconnected and, you know, kind of talk to each other in a more of an uncontrolled way than we may have envisaged previously. That’s great commentary and I love the connection there. Uh, we’re gonna keep moving along, but I think that Josh and Lily both just um explained the concept of guard rails, not gates, right? It’s this

00:32:16
ability to still move quickly, to still foster and encourage innovation of the business and the teams without creating this chaos or creating this environment that the security guard rails aren’t in place and then you could have catastrophe very quickly. So, this is just a a quote that I pulled in. It’s a thirdparty independent wellrespected org that we all know and trust, but they really did make the connection clear and that parallel between AI agents and NHI’s clear. So, I wanted everybody to

00:32:48
have this as a uh an overview in the slides, but I think that it sums up everything that we’ve spoken about. So, I’m going to continue because we still have great questions to come, but these will be available. So you all can read at your own pace um when I share the slides afterwards. And Josh, this came from our conversation and I think that it’s been discussed already, but shown in this visual of how the increased AI agent use and complexity of those scenarios increase non-human identities and that

00:33:23
if we’re in an uncontrolled or unchecked environment, those risks and those core risk factors that we discussed previously can go from normal to catastrophic in minutes. And that leads into if nobody has any comments, I’m gonna lead into this like hot take from Josh. So he’s gonna go over the next few slides of what he’s seeing now real time dayto day. Yeah. So I may sound like a broken record on this this call, but it it’s really because it’s my deep belief that we have to meet the velocity of

00:33:56
these agents. Previously you had to wait on synchronous comms uh for the malicious actor to really get a remote access tool and then once they get that remote access tool they can kind of run command line level issu you know issue command line level commands to the system and we had to wait for this dance you could say but with AI agents if I compromise your agent and you have it overprivileged you’re not competing with me having to slowly type on a keyboard or you’re not having to wait for me to

00:34:27
come up with a attack script that’s custom to your environment. An AI agent would be able to assess those environments and provide that information very quickly and it could just look like diagnostic information. Often um a a ping sweep or an inmap scan of an environment could look just like maintenance. Those are huge reconnaissance uh tools for for malicious actors. um the ability to feed information from the agentic II directly into um the the OS even if you have a uh a model that reaches out to to some larger

00:35:08
language model in the uh in the sky if it’s issuing commands locally if I don’t have my logging and my monitoring set up to monitor those you’re just not even going to see what it does so we’ve leveraged intro here very heavily on our development side and it gives my team the ability to see these things as they’re happening. Not the necessarily the machine level processing, but the identities that are used to do that processing, the identities that are used to make lateral commands to another

00:35:36
machine. So, I just feel like that visibility and that assessment of your non-human identities and especially how it relates to your agentic AI systems, you need to prioritize that in your organization before you take this on. without visibility, we’re all just kind of hopes and dreams doing security and that never works. And we’re talking about all of these like huge and um it can seem like really difficult to know how to start and what to do. um when you have so many requests as a security

00:36:10
team, you have so many things that you’re juggling and we know that there’s always limited resources whether it’s people on the team or budget or whatever it is. But with the um with using Entro and how you were able to understand the non-human identities and how you’re approaching with this this I’ll say encouragement not pressure to adopt aic AI. What’s your suggestion to people who are sitting in similar seats to you going, “Okay, I hear you. I know the risks. I’m aware of all of this.”

00:36:42
Because like we said, it’s not this totally new concept. But how how do you recommend they start and take that first step to empowering themselves and being able to figure out what their path forward and the solution is for them? I would say a great place to start is with your legal team. It’s always the best place to start is with your legal team. Understand the regulatory and legal requirements around your industry. And I’d say start there and really start to build a business funnel that allows you to see what your

00:37:14
user base is wanting. Whether it’s a part of your TPRM process, which is third party risk management, or it’s a part of a a procurement process, whatever that looks like for you and your organization, start there. Then once you get a handle, what I what I would recommend is once you get a handle on the intake, start to look for the shadow operations. Leverage tooling that allows you to get an assessment of your or an inventory of your network and scope that inventory down to the to the LLMs and kind of aentic AI systems. Once

00:37:44
you have a very reliable inventory, it’s it’s it’s CIS all day, right? Inventory, assess, prioritize, remediate. It’s a it’s a very common cycle that you’ll see within sec ops and within business in general. Get it get an idea of what’s out there. It’s going to be massive. So start to understand your business criticality and the security criticality that your your uh organization has the appetite for. If you’re a highly stringent environment, you may be looking at every app. If

00:38:16
you’re looking at an environment, if you’re in a a bit more risk adverse or less risk risk adversion environment, you may just be looking at kind of high level LLMs or high bigname LLMs that you’re going to just say, “Hey, we want to review these and and these will be okay.” And then I think you’ll also see a group kind of what I think I would love to push, but understand we all are here as a business. What I’d love to push is application blacklisting. I think that’s a where we will see a lot

00:38:41
of organizations go of saying you know these five models are our models and everything else gets blacklisted. Uh that’ll become very difficult and that I’m think I think we will see that in highly secure security demanding environments. Yeah I think that’s where I would say inventory assess prioritize. Yeah it’ll be interesting to see how they balance the innovation with the security and um depending on the organization and what’s required of them. I will move on to the next slide

00:39:09
and I think that this is just the bow that ties it all together. That cherry on top of what you have been saying, but we’re going to re-emphasize it. Josh, if you don’t mind, just really bringing it on home. Sure. Um, so I was as I was talking to to Kelsey earlier this week or last week, all this is going to do is increase our tax surface. And it’s going to increase it in not just width, but depth. And I know that’s kind of weird to say about a tax surface, but right now any new application agent AI or

00:39:45
otherwise is going to increase your tax surface. Uh, everything has risk with it. But what I mean by depth with aentic AI systems is the depth of capability within that system which goes across this entire call that we’ve had. If I have an AI that has the exact same capabilities as I do as a user, how are we as security professionals supposed to distinguish between that behavior? So what we’ll see is not only a much wider attack surface, we will see a much more impactful attack surface with aentic AI.

00:40:15
Okay. I think just to just to add to that, you know, I think look as more and more human functions get taken over by Agentic AI processes, we have to have very tight controls, guardrails around what we’re developing. You know, back to basics, access control, lease privilege. You know, I think many people are familiar with the risks around a genic AI and LLM in terms of, you know, if you’ve got access through your NH, you know, you can hijack control systems, you can do data poisoning, you can cause

00:40:46
models to advise, create inputs that evade um the correct paths. You know, it’s not the old days where you had a simple API and your process could only do one thing. You give it an input, you get an output. Now, you know, it’s so flexible. the data you can give in as prompt the data that comes out can vary significantly. So I think you know then people can from the data infer data as well. So just all the controls and guardrails around now agentic AI have to be much much tighter than I think

00:41:16
anything we’ve done previously. I think we need to ensure you know we um look at things like zero standing privileges zero trust you know make to Josh’s point we need to monitor these authentic processes even more for doing you know anomalous kind of activities um so there’s a lot more I think that we need to think about and I think um back to basics policies processes you know you need to be very clear as an organization what are the controls you’re going to put around you know

00:41:48
agenda take AI, they’re going to be your crown jewels. So, they need to have the tightest controls around them. Well, I I want to touch on something as we we get into these guardrails because it’s perfectly aligned with it. You said zero trust, and I think that is exactly where we need to go with this is we need to treat these as as any other identity and monitor the the the trust we extend to them, the privilege we extend to them, and treat them as if they are already compromised. So when we talk about the

00:42:16
the guardrails not the gates um the reason that we put so much detail into this and um are having such a involved discussion is because we want to marry the information that we’re giving you and not kind of just be chicken little if I’m dating myself where you know running around and um saying this is a big problem this is huge but what do we do with that? What does guardrails not gates actually mean? And um to you all’s point, we can’t stop business. Innovation needs to continue because

00:42:48
we’re all trying to reach goals. Um and we also uh have to understand that when we go back to basics, what the environment looks like now versus what it could look like if we do adopt a KI and we do have, you know, the issues that we didn’t flag beforehand with over permissioned NHI and then those grow at such an unprecedented rate. How do we get a handle on that? And how do we help everybody who is a security leader and and helping manage this and solve this problem? How do we help guide

00:43:22
them to create these guardrails and not just put up gates um immediately find that balance between business and security? I’m kind of famous around our office for saying I’m not going to tell you no, I’m going to tell you not like that. Exactly. I Yeah. I I try to always be a solutionsdriven security architect or engineer or whatever your role is. I’m here to be useful to the company. Not just I mean yes security yes I need to keep everything secure but yes I also need to understand we’re here for a

00:43:54
reason. So often I’ll say hey you know sure you want to automate some process within the build pipeline but you can’t give it full permissions. It still needs a human gateway. It still needs this. So I think taking that mentality will really serve a lot of security professionals well. You know we’re known as the office of no. I want us to be known as the office of not like that. I completely I completely agree and I think it’s um you know with any new technology definitely with AI that is um doing

00:44:28
stuff that we’re not sometimes we’re not aware of exactly what what they’re doing. I think that um it’s even easier to go to the no and not not like that. But I do think that we listed uh or Kelsey listed some of the the stuff over here that will give us the ability to do the not like this or basically to enable the business to work as fast as they would like while having the proper security oversight to make sure they are doing that with the right security measures. There’s a few more few more

00:45:00
minutes left and we’re getting some good questions and I think it’s related to the conversations that we’re having. So, one of them I’m gonna go with you because it’s specifically about how somebody is currently using a whiz integration. We shameless plug we are partnered with whiz as of last week and we’re taking their DSPM solution with our NHI um capabilities but they want to understand how that can help with the discovery of maybe what data the NHI has access to what data or potential guard

00:45:36
rails you want to put around AI agents if they’re creating NHIs is it personal sensitive data how does that integration overlap and how do you see it impacting this conversation if at all right now? Maybe it’s that’s a that’s a a great question. So yes, we have a we have a great partnership with with Whiz and um I I can see the question and some of it is like whis are also able to scan for some tickets. So I so you said that you saw an overlap um with that which is true they are able to scan for some

00:46:11
secrets but in the end of the day in order to scan secrets you will need some sort of a reg x pattern but that won’t be sufficient because yes you can find secrets but then you will have so many other questions exactly like AI okay so that ticket which is a credential of a non-human identity how it’s being used is it enabled or already expired what it gives access to production or not production and and so forth and that’s where Entro comes in. So we’re able to find over 1200 types of non human

00:46:43
identities where WH is able to find like 20. So even if we’re looking at the same place, we’re finding much more than them. That’s what we give whis we’re reusing whis because once we’re finding a non identity belongs to an aentic AI or belongs to an application we’re creating a map of which application which workload a gentic AI or other is using the non identity and what it’s accessing. It can be database storage account or whatever and then we’re taking that map that ento creates and

00:47:12
enriching it with whiz findings. So let’s say the workload have vulnerabilities, we can enrich it with wiz. Let’s say that that the workload is using a noninated identity to access a database and that database have personal information like SSN. That’s enrichment we’re doing with WH and so forth. So it’s a it’s a great better together partnership for for both sides. And shameless plug for intro that enrichment is so important. I’m not going to name names, but I’m doing a review of a

00:47:41
security tool we have. And one of the issues was it doesn’t provide enough enrichment to make remediation easy. If you’re in a shop of 60 and you are, you know, a restaurant, sure, that’s not as important to you. You have the time to take that remediation steps. But when you’re a larger organization, having that enrichment, having all that telemetry to tell me attributation of ownership, the systems it’s accessing, that makes the remediation and triage so much more tackable when you have these

00:48:11
large numbers. We couldn’t couldn’t agree more. We are winding down and so I wanted to make sure that everybody knew how to get in contact with us towards the end. We do have one more question. So if somebody can answer this in about 90 seconds, I’m going to read it off. Um but to everybody will get these slides and be able to understand knowledge is power. So those um the enrichment factors the knowledge of your environment see this as a stepping stone to uh be more powerful in what you

00:48:39
decide to do next. Um, so one quick question. Azure launched SR agents. How do we adapt at an equal pace to intelligently guardrail production workloads co-spaced with AI agents or not getting overshadowed by those agents? Josh, do you have um feedback there? It it goes back to what we’ve talked about here is is make sure you have that human gateway. Yes, velocity is important and and you will gain more velocity. It will happen no matter what. Whenever you adopt these AI systems, you’re going to get more velocity. Don’t

00:49:16
let How do I put this? I think I’ve heard someone say the enemy of good is better. Something along that line. Sure, you could be moving at the speed of light, but what does it matter if you’re going to get compromised? Take the 15 seconds, take the two minutes, add the automation, get a human factor in there, get someone to get eyes on it, and then at least at the end of the day, you know who to go bug because I can’t go bug an AI system, but I can go bug a senior manager. Yes, I would uh I would uh suggest that

00:49:46
another solution and that’s what we are doing over is uh enriching the nonuman identities understanding the non identities that are being used by that agentic AI and if you know who’s the owners of the credentials that the nonident that the agent is using via its non identities then you have the proper visibility to attach everything to the right owner but yeah that’s uh that’s what I I I would suggest Okay. So, so I was just going to say finally, look, I think there’s a lot of

00:50:15
hype around Agentic AI and look, I think some of it’s valid. As I talk to a lot of customers, most people are focused on building very simple agentic AI processes at the moment, right? To replace kind of standard human kind of functions, tasks. So, I think kind of the world where, you know, we’ve got agents talking to each other, they’re doing everything within an organization. I still think it’s a few years away even though it’s moving very fast. So I think back to the basics, focus on your

00:50:43
controls, the best practices around managing NHIs and then lease privilege, you know, move away from static credentials, then your aentic AI processes will be generally fairly secure if you build on those kind of core foundational principles. They don’t really change as we move to aentic AI. I think just things get more complex from a modeling standpoint, but uh stick to the basics. I’m with you, Elite. I love this. Um, obviously we could talk about this all day. There’s one more question and I

00:51:13
know if people have to drop, they have to drop. But, um, I’m going to let it uh hone in on this one because we talked about um, intro uh, adding this value and seeing how it’s impacted organizations on the day-to-day. But what is the most compelling benefit of Entro over the many other NHI solutions that we’ve heard and talked about? Yeah, there there are many um where things technology wise where our platform is the strongest is is two places. First of all, we’re able to find and hopefully

00:51:51
Josh is a as a customer can attest to it. We’re able to find usually like 50 70% more non-human identities and secrets than the than the competition. Uh that’s uh we have an amazing algorithm entries out of entropy. Those non identity usually are long randomized strings highly randomized strings with high entropy um and that’s why we call them toro and we can find many more than the competition and the other one is the abnormal behaviors. So for every non-human identities, we’re enriching

00:52:23
it. We’re creating the map, but we’re also tracking the activities of each and every one of them. And we’re creating a baseline of activities and any deviation from that baseline that we’re seeing uh like a non human identity that is um and I’ll give you an example. Maybe someone is using your nonhuman identity out of North Korea, but you’re not doing business from North Korea. That’s that’s going to be an abnormal behavior. That’s going to be something we’re we’re going

00:52:50
to flag, we’re going to prevent and and so forth. So, abnormal behavior is another a huge capability where we’re uh strongly strongly leading. Amazing. And I think that that really ties into some of the conversations that we had around not putting gates but putting guard rails, understanding what’s happening in your environment and empowering the team to have human intervention or you know have the automatic processes based on human decisions made and um what needs to be done in order to keep things

00:53:21
secure. So we’ve gone 3 minutes past talk about this forever. Hopefully we do this again soon. And I want to thank everyone for joining and thank you to the speakers. This was a really good discussion. I hope that you all enjoyed it as much as we did. But thank you all so much. Any last comments, speak now. And if not, we’ll go have a great rest of your week. And I will email everybody recording slides, all of the good stuff. And please keep in contact with our speakers. Follow the intro security

00:53:53
page. We include a bunch of industry information. And I know that it’s a Josh Lily, NHI management group, they all post um news that we need to know about as well. So, thank you all. I hope you have a good rest of your day. Thank you all. I appreciate it. Back.