AI Security Brief 7.16.26
Ep 7 | 7.16.26

Who governs your AI agents?

Transcript

Sundari Parekh: The key security professional understands what's critical in their organization, and then they'll work to protect it, no matter what the emerging tech is to support that. So, you know, I go back to we have to be business enablers as security professionals and shift away from, you know, the hammer method and turn more into the enablement method. [ Music ]

Dustin Childs: Welcome to AI Security Brief, where we're unpacking AI threats, vulnerability research, and the strategic decisions security leaders are making right now. I'm Dustin Childs.

Johnny Hand: And I'm Johnny Hand. Today, we sat down with Sundari Parekh, VP for AI Security Advisory at Trend AI. And in this episode, we explore how non-human identity and the agentic era is dismantling the assumptions that privilege access and identity management were built on.

Dustin Childs: Yeah, Sundari is a great resource. She leads enterprise security strategy and architectural frameworks for Trend AI. But she also previously worked at CDW, where she helped modernize their incident response processes, and she was VP of risk management at Activision, where she helped mature their security posture across global business units.

Johnny Hand: Exactly, Dustin. And this discussion is growing more and more important as agentic AI adoption increases across organizations. So let's just dive in. Security teams, as you know, have spent years growing their maturity models to account for human-centric privilege access like privilege access management. So now that AI adoption is here, and companies are starting to build agents with increased access, is the PAM or PIM practice over, and did we do all of that work over the last 10 years for nothing?

Sundari Parekh: No, I think it's just the beginning. I think we're going to -- I mean, honestly, I don't think a lot of the companies out there have nailed the PAM solution as it is. You know, we don't see a lot of wide adoption for PAM in organizations simply because it's difficult, right? People want -- developers want to get their access, their privileged access, quickly. We have a problem understanding who's got access to what. We've got a problem understanding what type of privileges they have. We have a problem of just-in-time access, you know, really issuing it. There's a lot of platforms out there that manage it. They are also very expensive, as we know, as security practitioners. And so, you know, I don't think we've gotten our hands around the PAM practice, which now is just going to multiply because if you think about agents, you know, the traditional model ties your privileged access to you as a human, but now your agents are going to be multiplied as well as have different type of access levels. So you have to think about it in a different vein today than you did, you know, before agentic AI came into play.

Johnny Hand: So let's go back before agentic AI actually came into play and take us through what it took for a mature organization to actually get PAM working properly. I mean, we've got credential vaults, just-in-time access, session recording, approval workflows. It seems like you said it was complicated, but what did it actually take for a mature enterprise to implement PAM successfully?

Sundari Parekh: Yeah, I think it's a couple of things, right? It's the -- it's the -- it's the political piece that you've got to require, you've got to understand what needs, you know, privileged access and how you're going to, you know, frame that up. You need the actual workflow to work, and then you need the adoption of all of that. So, you know, all those three in concert really take it together. Now, there's tools like you've mentioned and available, you know, solutions that companies were implementing, and those also come at a cost. And so there's got to have budget and implementation. And as we indicated earlier, you know, a lot of companies have implemented a lot of things related to security, but they haven't wholly implemented it. So you have a tool sprawl that is not fully implemented, and then, you know, situations where you're rolling out more tools, more identities that need to be issued. You know, we looked at things like single sign-on and identity governance to kind of help bind all that. But, you know, it is -- it is huge. The old method of your manager approving your access is kind of gone with the wind. I mean, we all know, right? Do our managers even know what we have access to? We just go and get it because it's the thing that we need to get done. And then, you know, when you deal with turnover, it's incumbent on a manual process. And so if you don't have the original tool in place for identity governance and then PAM to support that, it's just becoming a huge problem. It is a huge problem and then just amplified with the agentic concepts that's coming out.

Johnny Hand: Yeah, I always used to say that the most dangerous insider was someone who had a job and a deadline and not enough access to get it done. So that's, yeah, exactly what you're talking about.

Sundari Parekh: Yeah, it's your inside pen testing at its finest, right, Dustin?

Dustin Childs: Yes, absolutely. Let's take a minute to talk about non-human identity and NHI, and what is that really covering? Because, quite frankly, it's kind of a new concept to me. Most people think of service accounts, and that's kind of where I start, but it's bigger than that, isn't it?

Sundari Parekh: That's a great question, Dustin. I think the big thing that we think about is not only service accounts. It's, you know, interactive accounts, so people have used their own identities for instead of using a non-human identity. So, you know, there's a -- you know, the privileged account concept gets usurped, and that's definitely something that can be taken over by bad actors. You also have, you know, these big ecosystems that have apps connected to them. And we saw a couple of those ecosystems get breached through the apps because the API layer was not managed correctly, and you did not have the proper identity management through that. And now we're bringing in AI to have, you know, persistent accounts. And so, you know, whereas before it was a point in time, now it's these ephemeral accounts that exist beyond what we are managing, and then they're operating at speeds that we're not even able to manage to. Whereas when we had the non-human identity and the, you know, privileged access, it was the accounts and speeds that we were able to handle somewhat.

Dustin Childs: Yeah, and then now we're looking at agentic AI. We're now looking at something very different compared to the footprint from just a couple of years ago, right? I mean, as we start getting this NHI into all of these agents, is this like a problem where it doubles the size, or is it like a 200 times the size, or --

Sundari Parekh: I don't even think it's 10x or, you know, 100x, because you're going to have to think about the agents having access that could persist beyond what the individual's access was. You can think about it that they're operating 24 by 7, whereas, you know, a human access takes breaks, and where we can say, you know, Johnny's work time is from eight to five, and now his -- you know, he's accessing the environment at two in the morning, which is not normal. So all of the human behaviors that we had put into place from a SOC perspective now don't matter anymore since, you know, we're operating all the time around the clock. So I think, you know, we're dealing with something that really needs to be thought through in a different way. I don't think we can think of it like we thought about identity in our traditional sense. I think we have to think about agentic identity in a completely separate sense, and we have to manage and guardrail it so that it is sort of, in a way that we can understand what the agents are doing. And the agents don't, you know, grow their identity and abilities through their own learning, because that's the other problem that we have to face, too.

Dustin Childs: I was going to say, I now say the biggest insider threat is an agentic AI agent that doesn't have the credentials that they need to go out and do what they've been told to do.

Sundari Parekh: Correct. And then they're just finding the ability to do it. And the traditional example is always -- you know, I don't have access to our internal employee data. I shouldn't. It's not my role. But can I build an agent that then goes harvest the data that's available, and now all of a sudden I have internal employee data, and I'm wondering why my peers are getting paid, you know, whatever they are versus me. So it becomes, you know, insider threat. It becomes the ability for data leaks to occur. You know, that's an insider job. We can have, you know, threat modeling, and there's, you know, you're very aware of that comes out to be external, you know, breaches of information that are leaving our organization.

Johnny Hand: So I'm curious, when you think about what's next, how do we move from just focusing on privileged access management or identity management into securing the agentic AI landscape? What are some of the big things that we should be tackling?

Sundari Parekh: Yeah, we really need to think about, you know, agents and sub-agents and how they relate to the access and guardrails. We need to understand what the intent of the agent is to determine what the access model looks like, versus looking at what the access needs to be. So I think we almost, like, you know, we've indicated earlier, flip it on its head, and have an a-traditional approach of thinking about identity. Agents run continuously. That's a big problem, so we're going to have to think about how to secure it. And then in some way, we're going to have to also think about how to continuously have a human-in-the-loop solution where we're checking the boundaries of the AI agent so that it doesn't exceed what we expect, and that the agent isn't, you know, doing things beyond the boundaries of what we've created it for. And then I think there's a overall governance problem, right? Does this agent still need to exist tomorrow, or have we solved what it's doing so that it doesn't need to exist anymore? Because, as we know, you know, terminations are a big problem as it relates to human identities, and now, we're bringing on a sprawl of identities that aren't tied to a human. So how do you bound that and govern it when they're not bound to anything that is manageable?

Johnny Hand: One of the things that I see from a CISO perspective is not necessarily throwing caution to the wind, but an excitement to really jump into the agentic era. But I don't know if we're having these conversations around how do we make sure we secure the agent. So what are the conversations that you're having with your peers and at your leadership level?

Sundari Parekh: So that's such an interesting question because I think we have a management edict to go AI native, and that we are behind the eight ball on how to manage and govern it. So I don't think -- I think there is a, you know, very quick sprint to get more aligned with being AI native, with using it in our, you know, our companies to enable business. And it's great, right? We all use it in our day-to-day. But now we're not -- we as security professionals are kind of behind the eight ball in thinking about how to manage and secure and govern these agents because people are -- you know, we haven't touched on the shadow AI, right, where they're building agents in, you know, AI factories that don't exist within the infrastructure. So that's a problem that we'll kind of keep to the side. But even in the approved AI factories that exist, you know, the agents that they are creating and the management of them aren't being managed. And I think we'll have the same problem that we have with identity governance in that, you know, we all think it's so much easier to start identity governance at the beginning of a company, but most companies don't start it that early, and then you're always, you know, behind the eight ball to catch up. And that's where we're going to be with AI agents and the agentic component of identity management and governance, because people are creating their agents, they're creating their solutions, and now they're not supporting, you know, the governance around it.

Johnny Hand: You know, one thing for me that as a security practitioner, I always looked at the, you know, the concept of, you know, least privilege, you know, what is the least amount of privilege a user needs to do their job. But moving on to agentic AI now, does that still apply? Because the agent's tasks that could change every time at runtime, is there such a concept of least privilege when it comes to these agents?

Sundari Parekh: I don't think so. I think we're going to have to think about it in a different way because, you know, certainly that's the traditional model of identity management, is least privilege. But now these agents, you know, can they -- can they become self-aware and make their own, you know, privileged access and grant themselves more access that they need? I mean, it could be if -- the guardrails aren't up in the way that is managed. So how do you -- how do you continuously monitor and look at that? I think that's going to be the next sort of innovation that needs to come out to make sure the agents are managed in a way that they're not, you know, wildly uncontrolled.

Johnny Hand: Are there frameworks or standards that are getting this right today, or at least going in the right direction?

Sundari Parekh: You know, I think NIST has a pretty good, solid understanding in their AI framework. I think ISO is a little bit still high level. So I think, you know, it depends on the organization and taking a good look at what they want to do and how they want to achieve it. I mean, step one is obviously AI acceptable use and some of the policy work, and then, you know, taking a real step back and saying, "How and what are we doing, and how do we manage it accordingly?"

Johnny Hand: There's a lot of discussion around AI-aware access controls or policy engines that understand which agent, which task, which data, which time window. How mature is that thinking today, and what would it look like if it were to be successfully implemented?

Sundari Parekh: You know, I think that's the kind of approach that we need. I think the traditional zero trust model of, like, you know, making sure that everything needs to be trusted up front and that they all have the credentials up front. I think that the evolution of us getting there as a security organization. You know, at the same hand, it's the same team that's battling all the threats that are coming in, and you are very well aware of that. And it's the same hand that's saying, you know, security's not being an enabler, and they're blocking us using these AI, you know, SaaS solutions. And so, you know, these security teams are being stretched through and through to try to support, you know, this AI-native concept. And so how do you build this infrastructure and governance successfully on top of the fact that you have all these other competing priorities? It's the same thing that we struggled with in our entire careers as security professionals. So I think -- I think the governance is going to be key. I think building that model, but taking a step back and just kind of turning it on its head so that you're addressing identity -- agentic identity in the right fashion.

Johnny Hand: Yeah. I was going to hit on something that you mentioned because I've heard this conversation a lot. I'd love to get your opinion. There's often this conversation around as we advance to AI. The security for AI is different than, say, cybersecurity, and I often -- it's like almost talked about like it's two different teams. You just mentioned the fact that it's the same teams. What is it that you're seeing, and how do you -- how do you see us bridge this gap as cybersecurity professionals?

Sundari Parekh: Yeah, I think it is the same team. I think if you create an AI team that is management, it's going to have the same core functions of a security team, right? They're going to need governance. They're going to need operations. They're going to need, you know, engineering. So why would you create a separate team to support, you know, similar to what we do as security professionals? And I think, again, it's the same skills gap we faced when we introduced cloud into the environment, right? We had a bunch of people that were on-prem professionals that thought about security as it related to firewalls. If we keep everybody out, then we're secure. And now we had to change. And now the shift is -- and it's very much common practice to talk about identity as the perimeter. So I think it's the same shift. We just have to upskill our individuals, you know. We got to make sure that our professionals understand what these risks look like and how to think about it, and then they're going to go forth and think about the -- the security engineer is trained to think about these risks and threat vectors, you know, the good ones, right? And so it doesn't matter what the emerging technology is that supports it. They will be able to pivot and be able to think about it. I think we have to arm them with some additional information to say, "Hey, you know, these are the things you have to think about now, you know, and have these healthy conversations," you know, through industry, through peer groups, through thought leadership, and that way, people get more informed and can think about the applicability in their own environments. And I think that is the future -- the next emerging technology is, you know, months, years away, right? So we're going to have to pivot and continue to think about how we're going to secure organizations. And to your point, Johnny, the key security professional understands what's critical in their organization, and then they'll work to protect it, no matter what the emerging tech is to support that. So, you know, I go back to we have to be business enablers as security professionals and shift away from, you know, the hammer method and turn more into the enablement method.

Johnny Hand: So, Sundari, if you're looking to secure your AI inside your security organization and you're going to partner with a vendor, what should security leaders look for in those vendors in order to find the right partnership?

Sundari Parekh: Great question, Johnny. I think the key question that you need to have answered is, "Does this vendor understand my ecosystem and my infrastructure? You know, do you have a hybrid environment? Do you have multiple M&As? How does your identity work? What is the use cases for your agentic AI in your ecosystem?" I think the second thing is, "What vertical do you operate in?" You know, some compliance needs are heavier than others, and there will be more emerging requirements that come out from an AI perspective that are going to be applied, especially in some of the heavier compliance verticals that we have and we support. And I think the third thing is just an openness to have a two-way dialogue, right? That trusted relationship and partnership where they are really advising you in the best way possible because that vendor is going to be key for you to be able to implement, you know, agentic AI governance and identity governance in a way that is meaningful for your organization. So in the end, if you get those three sort of areas right, you can have that, you know, vendor relationship that really supports what you're looking to achieve. And I think that that is not necessarily specific to AI. I think that's the case in most of the security work that I've done is that trusted partnership.

Johnny Hand: So, Sundari, as we wrap up and in the interest of time, I wanted to ask you, what are two or three things that our audience can think about as they hear this conversation? What's the key takeaways for our security leaders?

Sundari Parekh: That's a great question. Thanks, Johnny. I think there's definitely an opportunity to make sure that you know that your PAM work was not throwaway work. It's key. It's critical. I would go back and revisit what you guys have implemented from a PAM perspective, making sure your service accounts don't have interactive logon, making sure that you have, you know, rotational boundaries for your NHI, making sure that you understand what has NHI and what doesn't. I think the second thing is to make sure that you have sort of the agentic identity, understanding what your agents have access to in terms of the task, the data, and the duration. I think those are the three main things. Like I said, people are -- management is forcing a AI-native kind of mandate, and so understanding what those agents have access to, and then building a governance model to help support it so that you understand who's building what and what that human in the loop needs to look like to support agentic work. I think it is the next generation and evolution of where we need to be.

Johnny Hand: Well, Sundari, thank you for having a conversation with us today. We really appreciate you sharing your insights and expertise on NHI and how agentic AI is reshaping privilege access. We can't wait for you to join us again in the future on the show, and hopefully, we'll have some updates on how NHI has improved.

Sundari Parekh: That's great. Thanks for letting me join you guys. [ Music ]

Dustin Childs: Wow. What a great conversation. You know, Johnny, we often record these outros a few days after we actually record the initial interview. We're so excited after this talk that we wanted to just jump in with our thoughts and reactions to what Sundari said.

Johnny Hand: Yeah, there were so many practical takeaways from Sundari, and I really love the fact that she hit on that our PAM investment wasn't actually a waste. It is built for humans, and non-human identity is already the majority with agentic AI, but we have to focus on the basics of what we're doing. So the path forward is to extend our privilege access management and our identity management principles, not replace them. So ephemeral least privilege credentials still apply. NHI lifecycle management at scale is important. And the agent-aware access controls are how we really drive innovation here with agentic AI. And I love that she made those simple and very digestible for us security leaders.

Dustin Childs: Yeah, I couldn't agree more. Check out our show notes to connect with Sundari and for additional resources related to this episode.

Johnny Hand: And that does it for another episode of AI Security Brief. We want to thank you for joining us. Our goal is to host conversations that get you thinking differently about security. And if it does, please consider subscribing so you don't miss what's next.

Dustin Childs: AI Security Brief is mixed and produced by Elliott Peltzman, with original music by Amneajynx. Our executive producer is Jennifer Eiben, with content strategy by Ma'ayan Plaut and Melanie Gallant. Additional production help by Liz Stokes. Video editing by Sarelle Joppy and Brigitte Criqui-Wild.

Johnny Hand: Thank you so much for listening, and we'll see you next time on the AI Security Brief. [ Music ]