AI Agents Are Quietly Destroying Organizations—Here's Why
Security UnfilteredJuly 06, 2026
240
00:43:2629.88 MB

AI Agents Are Quietly Destroying Organizations—Here's Why

Send us Fan Mail

Eve Security: https://eve.security/
LinkedIn: https://www.linkedin.com/in/nadav-cornberg/

The Future of Cybersecurity in an AI-Driven World
BOLD, FEELING THE PULSE, AND MAKING YOU THINK: Nadav Cornberg reveals the seismic shifts coming to cybersecurity due to AI. From threat evolution to governance of intelligent agents, this episode is a wake-up call for every security professional. Are you ready to adapt, or will you get left behind?

Timestamps:
00:00 - Introducing Nadav Cornberg: tech journey from Israel to AI security
02:30 - Over 20 years fighting evolving cyber threats
05:00 - How AI adoption accelerates security risks
07:15 - Navigating the new governance of autonomous AI agents
09:40 - The danger of prompt injections and malicious exploits
11:50 - Transition from permission-based to behavior-based security
14:10 - Classic security paradigms challenged by AI behaviors
16:35 - The future attack landscape in an agentic AI world
19:10 - Managing unintended actions and the importance of real-time governance
21:50 - The shift in cybersecurity roles due to AI tools
24:20 - Cost efficiency, model local deployment, and tokens
27:00 - Strategic considerations: investments, startups, and geopolitical factors
30:15 - Long-term future: local models, digital waste, and workforce evolution
34:00 - The importance of proactive innovation in security
37:15 - Eve Security’s approach to managing AI behaviors and risk
39:30 - Protecting organizations without limiting AI’s potential
41:50 - Final thoughts: Future-proofing your security strategies


Support the show

Follow the Podcast on Social Media!

Tesla Referral Code: https://ts.la/joseph675128

YouTube: https://www.youtube.com/@securityunfilteredpodcast

Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast

Affiliates
➡️ OffGrid Faraday Bags: https://offgrid.co/?ref=gabzvajh
➡️ OffGrid Coupon Code: JOE

➡️ Unplugged Phone: https://unplugged.com/
Unplugged's UP Phone - The performance you expect, with the privacy you deserve. Meet the alternative. Use Code UNFILTERED at checkout

*See terms and conditions at affiliated webpages. Offers are subject to change. These are affiliated/paid promotions.

Welcome And Nadav’s Security Journey

SPEAKER_00

How's it going, Nadav? It's great to get you on the podcast. We've been working towards getting this thing planned for quite a while now. And I I'm really excited for our conversation.

SPEAKER_01

Same here, same here. Happy to be here.

SPEAKER_00

Yeah. Yeah. It's uh it's been a crazy time, I think, for both of us. You know, it's just so much going on. It's hard to like stay on top of everything that's going on in our lives and in the world and everything else, you know. Well, uh, you know, Nadav, why don't we start off with telling your story? You know, like how did you how did you find yourself in cybersecurity? What what does that journey look like?

SPEAKER_01

So, you know, I started off, you know, it's it's even sad to say how long it's been, like more than 20 years ago. Started off, you know, student cybersecurity, grew up in Israel, so cybersecurity is a big thing there. There's a lot of companies. And I just started off with a company called Sayota that got bought by RSA, that got bought by EMC. But the main focus of that company was cybersecurity, everything to do with fishing. And it was, you know, it was very interesting going through the kind of the constant battle and involvement of how you're the bad actors, the good actors, you know, you put something out there, they figure out how to break it. You know, again, new trends come out. Obviously, the world transitions into new directions. And then suddenly that brings up a whole new concern of okay, well, how do we now start treating I mean, these types of concerns that come up from new technology? At the time it was phishing. And uh after that, I I was there for about three years. I went to checkpoint security, and there as well, you know, I I joined from an endpoint security perspective. Again, there were multiple concerns that were coming out from you know how laptops obviously can be exploited, what that can mean to corporates and how they could suffer, okay, if on you know bad bad actions could happen on those endpoints. And it's once upon a time you're in kind of confined in the world, like you're you had a desktop, right? That would be in an organization. Laptops were becoming more and more common. Now suddenly you're working from home, now the risk for the organization. So you're constantly seeing how society is evolving in new directions, and then how that brings up new concerns that uh security teams need to deal with, and that's the never-ending kind of feed. Fast forward to you know, about a year plus ago, I was in my previous startup. Security in the worlds of hospitality, or you get people securely into organizations. But when I saw how now AI is being adopted and the concerns that AI brings into organizations, definitely when it when I looked at the aspect of you're now taking an AI agent and connecting it to your most most critical assets like Salesforce, GitHub, Atlasian, if that goes bad, it could be extremely impactful to organizations. And that sounded to me at the time like a very interesting challenge to come in and see, okay, how are we gonna govern this desired capability? Because this is obviously AI is not going away and it's evolving even more, but just the productivity, I can personally say just in our organization that AI is bringing us, obviously the risk is there

From Phishing To Endpoint Risk

SPEAKER_01

and you need to be able to mitigate that risk.

SPEAKER_00

Yeah, AI is being adopted so quickly now. And I mean, organizations are just kind of like jumping into it and just throwing all this stuff into their environment. I actually have a friend who I guess I don't think it was like him actually doing it, but someone in his organization went and gave some AI model, you know, access to their code repos, and it decided let's just remove all of the code and start over. And it set him back several months. Like him and his entire team were working around the clock, you know, to get the code back to where it was and build everything again and test everything. Like he he was like, Don't even, don't even text me, don't call me for like two months, you know, is insane. And from a security perspective, that's a huge, that's a huge problem. But we can't like slow down the business. We can't like tell the business no, like we can't innovate, you know, in this way, right?

AI Agents Moving Too Fast

SPEAKER_00

Because like as soon as you say no, we can't do it, the business is immediately gonna say they're sit, they're telling us we can't innovate like our co competitors, so we're just gonna do it anyways.

SPEAKER_01

You know, we're seeing that push. And really the the the joke title that's really kind of sitting in between this is the CISO, because on one hand, they've gone into business, kind of pushing them and saying, we really got to adopt this, we've got to really move fast with this. On the other hand, he's looking at the risks and what could happen, and he's like, okay, it's really caught in between this. And, you know, you've already seen enough posts about AI agents deleting production, right? Nobody came and said, Well, you know what? In this scenario, it'll be really wise for this AI agent to delete our entire production environment. To your point, talking about a repository, we've seen a use case where somebody asks an agent that's connected to their AWS, hey, how can I optimize, you know what I mean, my spending in AWS? And they deleted all the development. Like, you know, it's like, okay, yeah, that definitely helps me optimize, but that's not what I and it's how quick it happens, right? Like this is not, these are not humans.

SPEAKER_00

How's it going, everyone? And welcome back to another security unfiltered episode. So, you know, quick disclosure rights, Eve Security actually sponsored the podcast. You know, at my day job, I encountered Eve Security. And when I encountered Eve Security and, you know, understood the product a little bit better. Again, like I had to make that partnership happen. I had to make sure, you know, that I had them sponsoring the podcast because the technology that you're we're going to be talking about in this video and upcoming videos is absolutely amazing. I don't think that there's any other agentic AI solution on the market right now that does what they do at such an in-depth, precise level. And so that's why I had to get them on the podcast because I really believe in the technology. I like the technology, and I think it's very unique. And I think it's pretty applicable to most organizations right now. And so, you know, like in the a

Sponsor Disclosure And Why It Matters

SPEAKER_00

previous episode where I talked about how to stand out and whatnot, this is how you do it. When you hear about these new technologies and whatnot, you introduce them into your environment and try to bring them in. Try to deploy it because it betters yourself, it betters your team, betters your security stack overall, and makes your organization more secure. And with that, you know, Eve Security didn't tell me what to ask or talk about or anything like that. Uh, they simply, you know, just gave came on the podcast and we had a fantastic conversation, and they'll be back on in the future. So, with that, thanks everyone for tuning in. Please enjoy the rest of the episode.

SPEAKER_01

Taking action is like, oh, I just told Bobby to do something. Like, oh, I'm gonna run back to Bobby and say, Bobby, no, don't do that. No, once you give it an action, it's gonna execute it. It is happening in real time really, really fast. So it's I would say that CISOs understand that agents are gonna perform unintended actions. Put aside, even they understand as well that agents are gonna be exploited to perform unintended malicious actions. And that's where they need governance between that agent and those systems, knowing that that's gonna happen. Okay. Because if they would have a governance there in place, they'll come and say, you know what, this agent now that's connected to GitHub, I'm okay with it to do these types of behaviors. Like I'm okay for it to read repose and I mean push commits and et cetera. I'm not okay with it deleting repositories or changing any administrative settings. And that's where the conversation has really shifted to be more about behaviors versus what type of access what that agent is allowed to do. Like, I'm giving it the ability to do these things, but really I want to make sure that it kind of stays under

Governance Through Allowed Behaviors

SPEAKER_01

the umbrella of type of tasks I want it to do. Because we've we've understood that it's not about what an agent, what its identity is and what its access it has. Really the question is what does that agent do with the access it has?

SPEAKER_00

Yeah, it's a different way of looking at it that you know isn't very normal for I think security overall, right? I mean, you always hear like all these EDRs have behavioral analytics and they're looking at how the device is, you know, actually doing different actions and whatnot. And okay, sure, that that might be true, might not be true. I don't really know. I've never seen an alert fire because of, you know, one of these like behavioral anomalies, right? And typically when it's a when it's even flagged a behavioral anomaly, it's not like a real anomaly, you know. But like you bring up a really valid point where, you know, if an attacker got access to the environment, you know, typically they would try and gain access to like their the email server or you know, whatever the crown jewels are, right? In Salesforce or whatever might be. Well, now you can just gain access to that agent, you know, that that agent, I guess, control plane. And from there, you'll have all the access that you need. And legacy permissions aren't really designed, you know, to be uh flexible in terms of identifying behavior and what a malicious behavior looks like and whatnot. So it's a it's an interesting problem that we're all now kind of faced with, whether we want to admit it or not.

SPEAKER_01

And on the behavior side, you know, we're acknowledging that on now that the way that you need to identify the requests that are coming in, you can have a tool that's a query into Databricks. Okay. And you could have access to a table called users. Now, who's going to understand that select star from users is not allowed, but select star from user where ID equals this is allowed? Like this is something that you now need to have an engine that could identify again. This is a very simplistic behavior to identify, but later on, there are there are requests and responses with information and with intent of performing actions that are harder to understand. You can't put guardrails against that. You truly need to understand the intent behind a request. You need to accumulate all the parameters in and understand, oh, okay, I really understand what it's about to do here. I can compare that to a policy. And that's just on a single request. We're going deeper now into the worlds of stateful inspection. What does that mean? It means I'm not just looking at a single request now, I'm looking at

Intent Detection And Stateful Inspection

SPEAKER_01

a sequence of requests in a specific session. What about if it's in between agents? Okay. Like then there could be what's called tagging of sessions and tagging of information, how that flows through. And obviously the types of behaviors that agents do. Like how can we now categorize the types of behaviors that agents are doing to know when you truly see an anomaly? Like the depth that's needed today in a solution to truly secure AI agents is different than what traditional security tools have done today. Okay, and I think that's where we're seeing the reason why we exist. Is it's not taking the same capabilities that we have today and tweaking them towards AI. You truly need to build now new engines and new capabilities to address the needs today of AI.

SPEAKER_00

What what do you think the next evolution of attacks within the agentix space are turning into? Like what do you think the next phase of it is?

SPEAKER_01

I don't think we've seen yet enough, even just on the classic prompt injections. Okay. I think we're seeing some of them. But well, from what I've heard from a company from the UK, they don't even try to see to even test for prompt injections anymore because it's just it's it's inevitable to happen. What I'm seeing is there's obviously going to be some exploits of tools that are going to be coming out there. Like you're going to have, you're going to be now exposed to, and this is again just another paradigm that's been brought into us. Prior to AI agents or AI in general, you built an application, you controlled the source code, you knew what it's going to do. Okay, you pretty much knew what it's going to do. But today you can connect to AI agents MCP capabilities. Now suddenly, you as the owner of that AI agent, you had no idea that they would connect these capabilities to it, and now it can perform these types

Next Attacks Tool Chaining

SPEAKER_01

of actions. So now you will suddenly see that even approved capabilities, but their combination, okay, could suddenly generate an exploit. And you'll start seeing exploits and say, I know that I can influence if they use this MCP server or this MCP server and this MCP server, I can chain a reaction here, okay, that's going to be beneficial for me. Okay. And the most classic example, ah, if it's connected to a data source and it's connected to the ability to send information, I'm just going to tell it, pull data from here and send it through there. It's the most simplistic way. So I think the abuse of tools is definitely something that's going to come up and their authenticity. And that's why I think there's a lot of emphasis on the governance of that as well. And I do still think that prompt injection is still going to probably be the majority of, and that's just what's going to get more and more sophisticated, is how are they going to influence AI agents and in ways, oh, I didn't know. Like we just saw, we just demonstrated how a prompt injection could pass through a calendar invite. When somebody asked Claude Code, hey, can you tell me what's going on in my calendar today? And suddenly you're getting a prompt injection from a calendar invite that was sent to you by somebody else. You didn't even know that that invite was sent to you. You haven't approved it or rejected, right? It just appears I haven't approved or rejected this calendar invite yet. But now when Claude scanned my calendar, it scanned that calendar invite, which told it perform an action that was not intended. And that's just, as I said, one option out of a million that's going to be available.

SPEAKER_00

Wow. That is that's crazy. I I didn't think of that. I mean, like, you know, at this point, you're gonna need that capability built into basically every other solution in your tech sack. You know, I I mean, how in the world would an email filter or, you know, an email solution detect a prompt injection? They they don't not like that, you know. Someone they built to do. Yeah. Wow. That's a big problem. You know, in the in the midst of us having all these like zero days come up with all these supply chain packages and whatnot. I I mean, security has its hands full. You know, I'm still waiting for the uh I'm still waiting for my six months to come up where I'm like finally offset by AI or something, but it keeps growing unlikely that that's gonna happen.

SPEAKER_01

Have you have you looked into uh what is it, Opus Mythos or Yeah, listen, I I've definitely looked at what Entropic has put together, okay, and if that's what if if that's what you're referring to. Traditionally in security, you need a third party, okay, to govern. And you want a solution that can cover your entire gamma, your entire gamma of solutions in your organization. So, yes, that could provide a solution that could be used. Okay, there's a reason why people have not taken security solutions just from Microsoft, okay? Because they wanted something that could have been broader, or do they want to divide and conquer between a solution, like a service provider and their security provider, okay, to give them because at the end of the day, what that you're trying to do is mitigate risk to the organization, right? And if you know you want to make sure that you have different opinions or different approaches of how to solve for this, that's why sometimes you don't see only just one single provider of security in your organization because

Why Third Party AI Security Wins

SPEAKER_01

of the risk. So I think there are just like Microsoft came out with Defender, okay, there are still a lot of other solutions out there that sit on top of Defender. I believe that Mythos is gonna help out with some aspects, okay? When it comes to being able to govern AI and its its true actions, history has just shown from the same way of like when I have AWS and AWSS security layers on top of it, I will still use a whiz for it to see where I stand. I believe that that's still gonna be the case with security solutions when they come to governing AI themselves. Does it mean that I won't use capabilities in a tropic bring and see how I kind of blend that into my existing ecosystem? Definitely. But there will still be room for the categories that are evolving now around AI SPM, you know, runtime security and HI, etc.

SPEAKER_00

Yeah. No, that that's a really good point that you that you brought up there, right? With the like AWS, Azure, GCP, they have their own built-in security suite. But it's not very common that companies utilize that full that full security suite alone. You know, like you very rarely see a company just fully rely on like AWS Security Hub to govern their environment. It's not a great option, not a great solution. At some point it'd be it just becomes, you know, more I don't know, sensible to to go with a whiz, to go with, you know, some other solution on the market and whatnot, right? I mean, it's uh I have used those solutions quite a bit and it's it's difficult. It it is difficult. It takes a lot of work. I mean, I I deployed the AWS WEF, you know, to 130 AWS accounts. Took me 18 months with 150 developers to actually deploy the thing to 40 production applications. It's insane. Insane, you know?

SPEAKER_01

And it's a I'm totally with you. It's a matter of focus as well. At the end of the day, AI is a is a multiplier. Okay, it allows us to be significantly more efficient at all the things we do. Harnessing that capability will just allow us to focus and deliver at a higher speed, but focus is a thing. Okay. Now, obviously, just like many technologies in the past, they have replaced some, you know, and they've created new cybersecurity in general, okay, and vulnerability and risk assessment is something that has now just become even more, as I said, more important due to the how fast things can go wrong, right? Before that, we were reliant on people to make mistakes. Now we're relying on things that work significantly faster, 24-7 to make mistakes. That's changed the paradigm.

SPEAKER_00

Have we seen very many layoffs in the security space with AI? You know, I always joke and when I don't recall that I have.

SPEAKER_01

Not really. And you know, there's the there have been all these posts about, you know, rest in peace, SAS, and you know, I mean, like everybody saying that, you know, I am sure, well, I can't, I'm I'm pretty positive that when the computer came out, probably a lot of people got replaced because it made that, you know, people need to probably type less or I mean information was already stored differently. Like, I am sure that they've been through history, right? Like that, and this is really an historical moment. Like we're we're introducing now AI into our day-to-day. Yes, it's gonna change a lot of things. A lot of defined things that come to knowledge that are knowledge-based. Like the reason I exist as a service is to provide knowledge, okay, on topics that I've studied that you just don't are not aware of.

AI Productivity Versus Security Jobs

SPEAKER_01

But I can tell you that we are as still we are shifting our models as an organization to even from a developer perspective, where we have now agents that are developers, but we still have humans that are tech leads, okay, for those AI developers. And we're still governing to make sure that it's doing what it's exposed, supposed to do, and we have technology that allows us to assess it. So I actually see it a bit differently where companies have budget and they will use that budget to position themselves as strongly as possible in their market, and they will either invest that budget in people or they will invest that budget in services, and AI has become a service. And there'll be a balance. Well, they'll find that too much AI is now just becoming wasteful. We're not being able to leverage it as much as we would want to, and we need people doing these types of jobs that are potentially different than what we've seen before. So I think look at analysts. How many analysts did you have in an organization 20 years ago, right? How many analysts do we have today evaluating data? How big has that become? It probably took one role away and brought these roles in. Like, pro that I am like I am sure that there is now coming up a position which is like a prompt specialist, okay? And these are people that are very good at communicating with AI agents, and that's probably gonna be something that I studying to develop today in organizations will probably require you to be a developer that specializes in how to engage with AI and prompt them properly to be efficient about it. So to your question about AI, like security or layoffs in AI, I don't, it's just a shift of where we want to focus on. I don't like maybe we need different types of people, so it's gonna maybe we'll need to replace or retrain, but that's still gonna be a budget line that they will want to reinvest in the company in some way.

SPEAKER_00

Yeah. No, that makes a lot of sense, you know, especially when you uh when you describe it that way, right? Like where throughout history there's been so many different evolutions of, you know, like going from the typewriter to the computer. Okay, well, you were once on a typewriter. If you don't know how to type on a computer within, you know, I don't know, a year or something, we don't need you anymore. We need people that type on computers. It it's fascinating, right? Because I just saw a post, I don't know, a couple days ago where the creator of OpenClaw posted that he used, I don't know, it was billions of tokens, something like 600 billion tokens from his agents, you know, working with open AI and costs like $1.3 million a month or something, something like that. I mean, the guy isn't paying for any of it, you know, he's obviously employed by OpenAI, or maybe not employed, but OpenClaw was definitely bought by it. And I'm just sitting there and I'm I'm thinking to myself, well, like what did what did 600 billion tokens get you? Like, where's there has to be inefficiencies in there where, you know, like I I don't even I don't even know how you get to 600 billion. I don't know how you get to 100 billion, right? I mean, I don't know, maybe I'm just not working 24-7 for the last six months where you know I'm I'm talking to agents more than I talk to like my wife or my kids, you know. Like maybe that's just not my situation, so I wouldn't understand. But at some point, the efficiency has to just not exist to where, you know, like it's almost like a factor of diminishing returns, right? Where like at some point, yes, it is extremely helpful, but at some point it's like, couldn't you just do that? Couldn't couldn't you make that small edit, you know, rather than your agent and you consume all these tokens from it?

SPEAKER_01

110%. I would say we're looking now, I think, at the early days of evolution of models, right? And they're getting smarter and smarter. Already today, people are talking about burning models on a card for you to have in your computer. Nobody says I need to use OpenAI's model and pay for them. Laptops are going to be coming with models built in that I can just use it's just like electricity. My laptop is connected all day every day, anyway, right? I have a GPU already. Like when I'm generating visuals, I'm using a GPU on my computer to perform it. So and I don't need my chatbot to use a model that NASA uses to fly rockets to the to the moon. Okay, so I think we're gonna see in time, just like we saw with, you know, I always consider this the same thing. I phones at the beginning, you had to pay for the amount of minutes you had or how many text messages you could send, right? It became that efficient that now it's just you've got like this all you can eat. I can talk as much as I want, I can send as many text messages

Token Costs Local Models And Waste

SPEAKER_01

as I want for a flat fee. And even data used to be expensive, used to have about 100 megs, then it's a gigs, now you've got like unlimited. The same thing is gonna happen here. Like we're gonna get more and more sophisticated, and then the the the common tasks that we need to do are not really gonna cost organizations a lot because your cloud desktop, all of your cloud applications, as an example, running on your laptop are gonna use a model that's local on your on your laptop itself. So all the Tokens that are being used are going to be for free. On the other hand, just to your point about six billion, how much digital waste are we generating on a daily basis, right? Like people take pictures today on their phone endlessly, right? And just live somewhere. You know what I mean? And we're creating millions of terabytes of data, right? That that didn't exist. So I'm calling that the same thing, the token waste of like things that are just going to happen, right? And we're going to ask more questions and assume there's probably going to be an AI-based phone that you just talk to and it's honestly running. Like I said, if you know, call Joe, it's going to, an LLM is going to interpret that and going to call Joe, right? Like there are going to be tokens used there. But I definitely see the efficiency coming and near to medium future. Like I would, I would be, we're talking in our company now to buy a machine and put a model on it for what we need to use, right? Like potentially going to save us money. We're already now choosing between different types of models depending on the tasks we need to do. Like, why do I need to spend them like on the most expensive model? I can use cheaper models for simple tasks. So when you're trying to break boundaries, and now we're like kind of like, I think people are not thinking about tokens because they're just trying to generate value. To your, I think you're right that in time, there is going to be an ROI analysis here, which is what did it achieve and how much did it cost?

SPEAKER_00

Okay. Yeah. What did what did we also lose in the process? You know, because a lot of the times these companies, they're they're laying off devs. Like, you know, you look at Meta laying off another 8,000 devs last week for whatever it is, right? Like whatever logic they have, like AI efficiency, and a whole bunch of people at these companies are saying now that they're, you know, being trained, that the AI is being trained on them. And when you know the execs feel like their role is, you know, fully automated with the AI, they're just let go, right? Which I guess it's yet to be seen if that's actually gonna work. I I I guess we'll see, right? Like what what comes of it, but it's a it's a crazy way to test it out, I guess.

SPEAKER_01

And you need to just listen, these companies, I'm assuming, like we there's what we hear in the news and what really is happening only inside an organization, right? They're betting heavily on AI and building a lot of infrastructure. They need to balance it some way. These are all sometimes just I don't want to say excuses, but I am sure you know there is become efficiency. Like we've seen at least a 5x on on productivity using AI in different fashions just in the dev realm of our organization. So I can see where the efficiency comes to play. Don't get me wrong, it doesn't mean that there's not going to be now there a need to hire 8,000 people that are gonna do different things. Okay. I can tell you that roles that we're looking at are more technical product managers, people that can define features and then build them versus developers that just build them from. So I can see that role becoming significantly more or like ramping that up to be significantly a higher percentage of employees that are more product engineers versus just engineers. And that could be a shift that happens due to what we've seen. So yes, yet to see the ROI. Yes, I think there's the companies are taking this either genuinely because they need to improve or, you know, or just using that as an excuse. But as we as we mentioned already in this conversation, there is going to be a shift. We are gonna start seeing roles change and modify, I think. And I one that I've already observed is a technical product manager that can bring features to fruition, really a lot of them production without using they're the engine, they're somewhat the engineer. The the the the agent is the engineer, they're working directly with it to bring that to fruit to production.

SPEAKER_00

You know, to kind of circle back to you know your introduction, you mentioned that you like used to do some government work and whatnot. And, you know, whenever whenever I think of like different government programs, like let's just say in America, right? Like DARPA, I I don't know if if Israel has anything like that, right? But was there any sort of forward thinking like into the future of like what future security threats will look like, you know, in the organization when you were when you were in? I and I'm just trying to, you know, maybe think of it in terms of like, did someone see this potentially coming like five years ago, right? Because I mean, five years ago, this wasn't like talked about at all. You know, agentic AI wasn't a term at the time. AI was a term, but it still felt like it was so far off, you know, off into the future that like it was like, yeah, we know what it is, but it's not here yet, right?

SPEAKER_01

I think the it all depends how close

Startups Building New Security DNA

SPEAKER_01

you are, okay, to that. Because in my pre like in the last five years, I've been in like technology like security for hospitality. So for me, that was been my focus on how to solve for that. I can tell you in my past, when we were, when I was at a true cybersecurity company like Checkpoint, let's talk when cloud came out, right? It's the exact same paradigm. Cloud came out, everybody's like, I'm not moving to the cloud. I'm staying on premise. Okay, I don't trust AWS. Little did I know that AWS is probably spending more on security than I will ever as an organization, okay? But again, this is the same thing is happening with AI, right? Like, so I just now we're bringing in AI into organizations with all the risks, we are gonna solve for it. I think when you're in a cybersecurity organization, you're picking up on trends just like every business that's a new out, you're battling between what uh what do I do best in the current world and how do I continue to make sure I'm relevant there? Obviously, make seeing if the new world is not gonna diminish my existing world. And on the other hand, how do I use my capabilities in an organization to try to address these new upcoming because just for a classic example, a network security company, even if it's identified endpoint as an area to grow into, they don't necessarily have the RD muscle, okay, and the people in the organization to be really good at endpoint. Unless they decide to bring, I mean, a br an entirely new different DNA-ish kind of type of organization that sits under it because network people and endpoint people are different. And the same goes for cloud and the same goes for yeah. Okay. So I will say that yes, there was a look at a lot of kind of different types of concerns that are coming up, and you try to see how you make yourself relevant. But I think that is the beauty of why startups exist, is because startups can start fresh with no constraint and they can build their own DNA and they have no strings attached to existing kind of like customers or commitments, and they can really address an upcoming and emerging need, okay, that could be that everybody's seeing, but it's very hard sometimes to execute even on what you see. Because I think that's the that's where you typically see, and that's where you see a lot of times companies in order for them to get into that environment, they need to buy a company to because they need that type of DNA and thought in it. And that that typically doesn't even go well that that often. You know what I mean? So we've so yes, there was a lot of looking into those, and you know, and that and a lot of people are trying to understand is this a real trend? Are we gonna jump some on something? So it's you know, and that's where sometimes you just wait for a startup to get big enough and say, okay, yeah, if that startup's managed to get to where it got, then it's easier for me maybe to buy it for $250 million versus you know, take a bet on it that well might cost me a hundred million, but I could invest it in somewhere that I'm definitely gonna see an ROL. Lower risk.

SPEAKER_00

Yeah, yeah. I that makes sense. You know, like you you have to be forward thinking. And something that you said, you know, kind of I don't I don't know, got stuck in my head there, right? Where it's like that capitalistic system that enables you to be able to do this, it incentivizes, you know, you to create this thing that didn't exist previously and you're getting rewarded by it by the value that you're bringing to the marketplace at that current time, right? And I'm and I'm trying to think of you know other countries like like Russia, right? On the other side of the spectrum, or China on the other side of the spectrum. I can't name a single security company from either of them, maybe Kaspersky. Kaspersky's the only one, but at the same time, they also they're I don't want to say they're dead, but they're not what they once were, right? That's for sure. Um I was actually I was on site at a federal agency here in America when it came out that they were being banned nationwide from government facilities. And like they had a script already ready, prepared, rented on all the machines, ripped it all out, you know. Like it was it was kind of crazy to see just like how efficient they were with remediating that, you know, that threat in their environment they saw it as. But to see the backlash, you know, with the company itself, because I was actually a Kaspersky customer at the time. And I mean, I

Markets Politics And Security Vendors

SPEAKER_00

I left. I wouldn't even consider it, you know, like it's not it's not on any of my lists when I would when I consider to renew my A V, right? It's kind of crazy.

SPEAKER_01

Listen, I think I I can tell you about myself, and I can't say that I've really focused on those two markets to look at specific competitors, but obviously there's political, you know, consideration that's come into this, and I'm sure that the US government is kind of they're filtering out what they allow and don't allow, and you see those in trade shows, etc., as well. When you'll go to an RSA or a black hat, who who are you seeing coming and competing? But I think still, like the the variety of solutions, and I would say definitely from Europe, you know, there are a lot of vendors that are coming out from multiple countries, obviously Israel, you know, Europe, and other locations that are a lot of them are typically tied to traditional countries where you can naturally grow into. And obviously the US is the biggest market, so everybody wants to start here.

SPEAKER_00

Yeah. So to circle back to just the solution with Eve security, right? So it sounds like, and please correct me if I'm wrong, it sounds like there's basically an MCP server somewhere that's managing these agents that is really monitoring, you know, for these behaviors, right? Is your solution learning over time what a malicious behavior looks like in terms of like, let's say there's a new hack that comes out, how does it identify it, you know, properly within the environment, close to real time? Obviously, it's not it's never going to be truly real time, but how quickly does it adapt or or does it adapt? Do you have to do some manual tweaking? I'm sure I'm sure there might be, but maybe not.

SPEAKER_01

So if I'll just describe our solution, we have basic customers have a decision point. Our brain sits inside their organization and it's a decision point. And whenever, regardless if it's MCP, A2A, APIs, it doesn't matter. We will have the way to be in the middle and to be a decision point on to allow or not to allow

Eve Security Runtime Decision Point

SPEAKER_01

the action hooks. We connect with hooks to agents as well. When I'm when something let's talk about what is malicious, okay? Let's take the most common example. Somebody put a prompt in and said, Hey, I want you now to go and do, like, go and delete all of that database. Just making this up. I'm an employee, I just got fired, I want to go delete that database. When we look, when it when if we're not there, and that if they have an agent that's connected to their database and they're allowed to do so, I'll just go and do it. Okay. What we do is we just look at the request that comes in and we have a policy and we say what's allowed and what behaviors that are allowed or not allowed to be done. And that's how we will catch, because we look at the behavior itself. And if we if we've never seen somebody try to delete a database before, even if they have the permission, we'll say, whoa, agent, you've never deleted database before. How come you're trying to do that now? Oh, well, the user just told me to go and delete it. Well, okay. I don't know if that's, you know, I'm gonna approve this. And that's why we have interrogations, a pattern that we have pending on. We're the first company to interrogate AI agents on why they're trying to perform actions. So tying back to any vulnerabilities, a vulnerability is put in to drive an outcome. It's like get data out of a database, right? Perform malicious actions, encrypt. They want to now take agents and perform them and actions that are gonna put the organization in a harmful way. Because we do ABA, agent behavior analysis, they're gonna do behaviors that are then probably have not been seen before, okay? In the most simplistic way. That's how we block it. It's like, hey, agent, we've never seen you, and we have components that do risk assessment of the execution of that task. They're trying to do something that's probably gonna be really risky for the organization. We're not gonna allow this. Okay. So, and the reason for that is I know that agents are gonna be exploited. It's not an if, okay? I'm not trying to even secure the perimeter of not allowing agents to be exploited. Hey, agent, I know you're gonna be exploited, but don't worry. When you get exploited, I'm gonna be there to monitor everything you do. And when I see something that's out of normal, I'm gonna block it. So, and that's where and I can the only reason I bring that up is a lot of companies come to say, how do you how do you prevent prompt injection? Say, yeah, I don't prevent prompt injection. I just prevent what it's what it is asking the agent to do.

SPEAKER_00

Yeah, I mean, that that's really that's protecting the agent even from itself. You know, like if it starts acting a certain way that you would not expect or you didn't even intend, it's it's gonna be it's gonna be caught. That agent interrogation is pretty interesting, right? Because I find myself having to do that quite a lot with the LLMs that I use, where you know, I have to build in all these different checks, like, hey, you cannot give me a false reference. You have to check every single reference for relevance to the topic. Here's the topic. It has to go through this workflow, you know, all these different things. And then even when I get it in like a quote unquote finished product, I have to then go back through and say, like, is there confirmation bias in it? Is there, you know, this in it? Like all these different things. Why did you make this choice? Why not this choice? And all this different stuff. It almost, it's it's almost getting to the point where it's like it's better for me to just do it myself from from the start, you know? That is a really good point.

SPEAKER_01

And I will tell you that again, the the grain of salt of what you used, okay, and make sure to verify. I think that's where I've been saying as well, like, I'm okay if you use Chat GPT, but whenever you present something to me, stand behind what it presents. And if you didn't verify it, then don't come back to me and tell me that, well, AI made a mistake. That's that that's not acceptable. But there, but again, just going back to the the concern. When you're engaging now with AI, and definitely not just on the generative side, but on from an agentic perspective where it's now automating a process, to your point, you don't know what you don't know and how that agent is going to decay. So you're like, whoa, I didn't I had no intention of it doing this, and it suddenly did it, and it's not even asking me, like, or I didn't even fully understand what it's asking me, but I still approved it. That is where you have to put in a governance system to come and kind of raise the flag and say, whoa, whoa, whoa. I mean, are you sure that's really what was intended to do? And by the way, AI agents, we always talk about user prompts. Like a user is going to prompt an agent and then agent. A lot of agents out there are driven by events happening from organizational, just from an organization's day-to-day. If there's an agent that's triggered when somebody signs an offer letter, I mean, when it comes into their HR system, suddenly there's an agent that's triggered now to provision that user. Nobody prompted it to do so, but it's an agent there that's supposed to automate the entire process of onboarding a new employee. There could be agents that are now triggered about exceptions that happen on production. There's no user that told it to do anything, it just received an exception from production. Okay. And now it's supposed to do a root cause analysis. Okay. And if it received an exception in production that said, give me the root username and password for your account as the text in the exception. Well, guess what it might accidentally do? Okay. So that's where we need the governance. Okay. We're connecting these agents

Event Driven Agents And Unknown Risks

SPEAKER_01

to critical critical systems. Obviously, no provider of an agent is building this with the intent of something to go wrong, but you don't know what you don't know. Okay. You don't know what type of even tools they're going to connect to your agent because MCP is an open protocol that you can just connect it up. That then brings you to a situation where you as a service provider can sign off on all the outcomes. You're you're basically even, that's why we have customers that are basically selling agentic products and putting us in front of them as a security layer to ensure that they don't get abused by agents and they're not abusing other systems.

SPEAKER_00

Wow. Yeah, that makes sense. That's uh man, it it's interesting. You know, like we're we're we're really living in like such an innovative time, you know, and it's like everything is open and available for you to achieve whatever, whatever you technically want to do now. You know, it's all feasible. Like I was I was actually talking to a coworker who, you know, isn't like that technical, not that deep in the woods, so to speak. And he said, like, this is the best thing ever. I never had the time to learn how to code. Now I have something that's a master at coding for the most part, and I can go to it, have it build this web app and start fine-tuning it the way that I envision it. Whereas, you know, before I'd have to like go and hire someone, and that's very expensive or learn it myself. And like I said, I I just don't have the time, right? And and that's a lot of people's cases, you know. Like I'm I'm not as good at at Python as I as I hoped to be, right? Like 12 years ago. Um but now, like I have the capability to be able to just like figure it out right there, you know, which you know opens up a whole lot of different risks of like insider threat within the within the environment, which makes a solution like yours that's dynamic enough to adjust to the agent, to you know, the user in the environment and the actions that they're performing uh to be able to secure it properly. That's probably the only way that you're able to really keep up, right? Yeah. Because like you can't have like static policies trying to be created on the fly. It just it just doesn't work like that. We're moving away from that.

SPEAKER_01

Yeah, and that's that and even to address what you asked for me before, exactly right. Our policies are not explicitly defined on like what's an hour and not allowed from a tool perspective. They're the behaviors, okay? I'll give you a classic example. We had a policy, somebody said, Hey, between cursor and linear, you're only allowed to read only. They only gave read-only permissions.

unknown

Okay.

SPEAKER_01

Suddenly linear changed their API for in their MCP tool from save to update. Now we had no understanding or we didn't look at the specific, but when we now examine this new request and it was an anomaly for us because nobody ever used that type of tool before, then we analyzed it real time. Oh, yeah, that's that's gonna allow you to save things. And you're it's a read-only, and we blocked it. And that's the dynamic policy that you talk about. We have the ability in real in runtime to analyze things against behaviors and determine if they're allowed or not. And then we build over time a deterministic layer that is built over approved behaviors. But that builds as we see real behaviors. It's

Dynamic Policies Over Static Permissions

SPEAKER_01

very easy to block what's not allowed, it's harder to approve or to build rules for what's allowed. And uh to your point, it has to, you have to have an ability of examining new behaviors and to be able to solve for that dynamic behavior, as you mentioned. Because agents get updated, agents get connected to new systems, other systems can can influence how they interact with a third system. That then requires you, as a governance system, to be able, you need to be able to address all those use cases. And you need to be able to address the unknown. There is no question about that. And that's why it's not about to secure agents, it's not only about like their identity, okay, or what access they have, as I mentioned. It's not about just how you manage your posture, like what type of like how you govern all of that from a what what provisioning I give them. You really have somebody sitting there and saying, Let me see what you're trying to do. Yeah, that's okay. You know what I mean? Because just how you would govern an employee at a bank that says, you know, hey Joe, can I get the keys to the safe? And you're like, Timmy, why do you need the keys to the safe? Somebody just told me that, you know, I need that for various reasons. Like, I think we need to call the police and not give them keys to the safe. So that's why you need now that layer. And that's, I'll tell you just another thing. When we started our business, we were sure that detect and response is gonna be what most customers ask for. Meaning, after the fact, let me detect behind actions, and then if I detect any anomalies or any, then respond to that, notify systems. And only a few brave souls will actually want to do runtime security, really put us in line. After the first three customers, we were like, well, everybody wants in line. Nobody's taking this, everybody's taking this super seriously. Nobody's gonna be okay with after the fact knowing the production was down. No, put me something in line that's performant, that can handle our agents, and I can, and everybody's told me, put it in a box. I know what they sold me, I know what behaviors, but I don't know what's gonna happen in six months from now. And I can't, I know they're gonna have unintended behaviors. I needed to secure that for me. And that's that's where, to your point about dynamic policies and being able to adapt to new behaviors, making sure that you're enforcing basing on the the true intent of what the agent is trying to do and not just static rules of which APIs are allowed or not allowed to be called. That is what the new age needs of a gentic security runtime.

SPEAKER_00

Yeah, absolutely. Well, Nadav, you know, I I really appreciate you coming on. I think we're at the the top of our time here, but it was a fantastic conversation. I can't wait for to have you guys back on and dive into it some more. Awesome.

SPEAKER_01

We'll do a great time.

SPEAKER_00

Yeah, yeah, absolutely. Well, before I let you go, how about you tell my audience, you know, where they could find you if they wanted to connect with you and where they could find Eve Security. And I'll be sure to put all the links in the description of this episode.

SPEAKER_01

Eve Built Security is the website. You can always book time with us myself on LinkedIn, Adav Kornberg. Always happy to talk to anybody that would like to discuss this matter or any additional questions about what we do.

SPEAKER_00

Awesome. Well, thanks everyone. I hope you enjoyed this episode and make sure to go and check out Eve Security and Nadav at the at the links in the description of this episode. Thanks, everyone.

ai,hacker,Podcast,Security,agentic ai, agents,cybersecurity,risk,breach,Cyber Security, ai agent,openai, ai automation,artificial intelligence,generative ai,