Podcasts
Data Security Decoded
Ep 39
Data Security Decoded 11.18.25
Ep 39 | 11.18.25

Agentic AI and Identity Sprawl

Show Notes
Transcript

Joe Hladik: Threat actors are now targeting backup systems, and one of the main things, and we're seeing it with Storm-0501, we're seeing it with Scattered Spider, we're seeing it with a lot of, not just random ransomware events, but actual threat groups doing this. And the reason is, is that if you own the backups, you own the business because if you own the backup data, there's no way they can recover. [ Music ]

Caleb Tolin: Hello, and welcome to another episode of Data Security Decoded. I'm your host, Caleb Tolin, and before I introduce our guest of the hour, if this is your first time joining us, welcome to the show. Make sure you hit that Subscribe button so you're notified when we drop new episodes. And if you're already a subscriber, thanks for coming back and spending some time with us. We encourage you to give us a rating, drop a comment below, let us know what you think about the show. Now this time, we have a familiar face joining us today, and that friendly face is Joe Hladik, head of Rubrik Zero Labs. His team recently released a report titled "Identity Crisis, Understanding and Building Resilience Against Identity-Driven Threats." Now, we talked about the different types of identities, how you manage and secure them, and how organizations are approaching their agentic AI adoption. As always, it is a blast getting to chat with Joe. I hope you enjoy the episode. Let's get into it. Well, Joe, welcome back to the show. Before we dive into the meat of the conversation, what is something that's not related to cyber that you're completely obsessed with recently? I'll go first. Mine is going to be the "It's Not That Serious" album by Demi Lovato. She just released it, you know, at least at the point of recording this. It was just about a week ago, and I can't stop listening to it. I have no skips on the album, and that is my obsession right now. What is yours?

Joe Hladik: That's a good one, Caleb. I'd actually have to say I recently read through the Three-Body Problem Trilogy by Liu Cixin. It's actually a show on Netflix now, which isn't too bad. It's not a direct adaptation, but it's pretty good. But overall, it's probably one of the best sci-fi novels and like sort of real portrayals of, like, human nature during some type of extraterrestrial invasion. It's really good. So yeah, that's -- it's actually existentially scary in the sense too, because it focuses more on the human than a lot of like the cheesy sort of sci-fi side of things. But so, it's always in the back of my mind. It's, like -- it's got a lot of real science in it, and it's just fascinating, so --

Caleb Tolin: So how far into the trilogy have you made it?

Joe Hladik: I finished it.

Caleb Tolin: Oh, very nice, and is the Netflix adaptation, is it a TV show? Is it a movie?

Joe Hladik: It's a show.

Caleb Tolin: Okay. Okay. Very nice. Very nice. Well, for anyone looking for a new Netflix show, you have your recommendation here. If you're looking for a book, here's a new series for you.

Joe Hladik: Love it. I do recommend it if you're a sci-fi person.

Caleb Tolin: Awesome. Awesome. So Rubric Zero Labs just put out a new report. This is as of last week. It's titled "Identity Crisis, Understanding and Building Resilience Against Identity-Driven Threats." Boy, that is a big topic. I know we've talked a little bit about this in the past as well, but just give me a high-level overview of the findings. What stood out to you? Was there anything that surprised you in the report?

Joe Hladik: Actually, I don't think so, Caleb. It was more validation and verification of a lot of the assumptions that I've had, and that I think the industry, as a whole, has sort of assumed. So, I mean, I can give you just a, you know, couple of quick statistics that are in the report that I think will directly sort of support everything I was just saying. So, like, 90% of IT and security leaders surveyed agreed that identity-driven attacks are the top threat to their organization, and I think one of the main reasons to that is most environments nowadays -- and I said this before, alluded to it at least in my last -- in the last big Zero Labs report in April, where the perimeter is no longer the network. Identity is the new perimeter, right? You've heard me say that previously. So as a result of that, it's because of environments being hybrid. You have on-prem assets, you have cloud assets, and not just one cloud, but many different cloud environments, SaaS applications, and then the introduction of a new wave of identities, mostly non-human identities in that regard, has significantly grown. So for instance, I believe non-human identities outnumber human identities, something like 82 to 1. And so, that's quickly going to become a hard problem to manage, mainly because we're used to dealing with human identities and managing access and monitoring the activity of a human. But what's really going on when of every human identity -- there's 82 non-human identities, right? And they can consist of different, like, API keys to service accounts and things of that nature? So -- or AI agents, which we'll get into. So when you have that sort of spike in exponential growth of a non-human identity space, what's really the threat landscape at that point? Is it really the human? Or from a threat actor's perspective, are you going to start targeting the footprint that is vastly larger, and as a result of that, harder to monitor and detect real threat activity when you have such a wide variety of different types of identities and not a singular technology can necessarily monitor all of those identities, like a human identity, right, because there's just different variations. Like, you need a way to monitor your APIs and your API access. You can't do -- that's not the same thing as monitoring other non-human identities, like an agent, an AI agent. It's a different thing. So you have to figure out all different ways to monitor, detect, or respond to these types of things.

Caleb Tolin: Right. So organizations are kind of juggling all of these different priorities in terms of different types and styles of identities, if you will, and it seemed like from the report, there wasn't necessarily one type of identity that bubbled up to the top that was, you know, the consensus that this is the biggest concern. I'm sure that resonates with our audience. Everybody's really kind of juggling everything at once, but if the situation is that everything's all on fire at once, which one do you prioritize?

Joe Hladik: That, I don't think that's an easy question to answer. In many ways, I think it's going to depend on the organization. Because like a bank, for instance, is not going to prioritize their identities the same way as a retail organization, just because the nature of the environment that they operate within is entirely different. The rules/regulations are entirely different that they have to follow. I mean, there are some, you know, similarities along the way, but ultimately, the crown jewels are entirely different. So for one, I think you have to take that into account. Whether if you're a CISO, a security engineer, or a consultant working for a number of different companies, you have to understand the organization first and then understand what makes that organization minimally viable. So when that business or organization goes down/loses, and continuity ceases, what is the quickest way to achieve or get back to continuity, back to not necessarily full business operation, but viable business operation? And I think that's a distinction we need to make, because right now, recovery operations is more like, oh, back to full business operation. That's not necessarily the best way to go about it, because when we talk about prioritization, to get everything back online is not easy. It takes a lot of time, and there's a lot of things that could be -- there's a load order, a restore order, so to speak, an order of operations. So that, I think, in terms of prioritization, is what organizations need to figure out for themselves. What is the order of operations for recovery? If I have a major application, and there are a set of identities, human and non-human; there's a set of connections to different databases via APIs and stuff like that; one of the most important things to probably do at that point is have a really solid asset mapping tool and map out your dependencies because if you have a major -- if you're an e-commerce business, for instance, your main business is the website, right? So what are the key things to get that website back online in a minimally viable state as quickly as possible? So by having that order of operations in place, understanding the criticality of each asset that's associated with that website, you can then prioritize, okay, well, I only need these three non-human identities to talk to these three databases, or whatever the case is; get those databases online; get those identities secure and operational. You can prioritize that way. That way, you're not restoring the website in full capacity, and maybe ignoring the dependencies that don't really -- that aren't critical to your operation and will slow you down. So you can get back to business maybe in a day or two or a few days rather than a few weeks. And I think when we talk about prioritization, it's more of a holistic approach of understanding what makes your business minimally viable in order to just operate.

Caleb Tolin: Right. Right. You talked a lot about recovery there, and I want to read a couple of stats from the report about recovery that really stood out to me. So the first one was that confidence in recovery time seems to be decreasing, and 28% of respondents believed that they could fully recover from a cyber incident in 12 hours or less compared to 43% in 2024. So don't quote me on my math, but that looks like about a 15% drop or a drop of 15%. And then, another stat was of those who experienced a ransomware attack in the past year, 89% paid a ransom to recover their data or stop the attack. That's a really high percentage. And really, what do those stats combined together really tell us about the state of resilience in the enterprise or in large organizations?

Joe Hladik: I think I highlighted the challenge in my last answer. So I think that the stats that you just highlighted are exactly why businesses are paying the ransoms 89% of the time because they're not proactively doing this, mainly because it's not just a time investment. There's a money investment. You may have to purchase and procure tools to do this. You may have to have a third-party consulting firm who has the expertise to do it to come in and understand what your dependency mappings are for all your business-critical applications and things of that nature. So you may not even have the expertise in-house to actually -- to conduct this type of assessment and to understand what's critically viable, right? So that's one problem, and then, when you face the attack, if you're not prepared, you haven't gone through that exercise, you're going through it during the IR. So once the investigation completes, forensics is done, they've understood what the impact is, what the blast radius, whatever you want to call it. And then, when we're going through remediation and recovery, that's the part where -- well, now I wish I had the assessment and I understood, like, what it would take to get this business application back online. And a lot of times, it's just that people don't know that. Like, it's not something you think about necessarily until the time comes and you're in the situation, the house is on fire, and you're like, oh, you know what? I wish I had a sprinkler system inside my house, you know? It's like you don't really consider that until your house is burning, because it's not a thought that crossed your mind. And resilience is a newer sort of term for a longer existing thing. Like, to me, resilience is a combination of a lot of different components and teams, for instance, IR, IT, legal. Like, it involves a collective of organizations to operate and collaborate together, which a lot of times, in normal business operations, they're not used to doing, right? So a good example would be, how often does IT and Communications and PR really work together? Not that often, but they probably would work together more closely during an IR because IT is working with security to do the remediation, and then, the Communications team is dealing with the external stakeholders that want to understand what's happening with your environment. So now, you have teams that have never really interacted before and don't have relationships, so there's a lot of things that happen. It's not a simple, straightforward thing. So when we talk about 89% are paying the ransom, it's because they want to get back to business operation as soon as possible. Now, I think that number will go down, and I don't want this to necessarily sound like a promotion or anything, but one of the main issues is that threat actors are now targeting backup systems. And one of the main things, and we're seeing it with Storm 0501, we're seeing it with Scattered Spider, we're seeing it with a lot of not just random ransomware events, but actual threat groups doing this. And the reason is, is that if you own the backups, you own the business. Because if you own the backup data, there's no way they can recover. And you can just threaten that we'll turn your business off because we own your backups, you know? A lot of times they do turn -- basically shut the business down in a multitude of ways, and then, they own the backups anyway, but that's where the whole, just, double extortion comes into play. But that's the real problem, and why does that happen? It's because a lot of people -- this goes back to our April discussion with hybrid cloud environments and data sprawl, people are using cloud-native tools. It's as simple as that. When you rely on a cloud-native tool that doesn't necessarily have the security features built into it, or the protections or the abstraction layers that need to exist for things like authentication and authorization, those things, it becomes an easier target, and that's -- it's really that.

Caleb Tolin: Right. Right. I want to shift gears a little bit and talk a little bit about some other elements in the report that stood out, and we're going to talk about everybody's favorite identity right now, agentic AI and agentic deployments. So the report outlines that 89% of respondents have fully or partially incorporated AI agents into their identity infrastructure. That number stood out to me because I think it's a little surprising and maybe a little bit of an overestimate that some of the survey respondents are reporting. So what are your thoughts on the response from that survey? It is my gut instinct, right, that maybe people are over-reporting how much they are deploying AI right now in an agentic form.

Joe Hladik: I think what we have to really understand here is there are multiple functions, like, a lot of different functions within a business, right, especially a larger enterprise. Then when we see a number that large where we're seeing like, oh, you know, my business is going all in with agentic AI. Well, what does that actually mean? Because from a security perspective, I don't really see it happening, like, at least from a defender-offender thing. Right now, it's like proof of concept. Like, I know, like, my team, we've done a lot of research in terms of agentic AI, and we have, like, a white paper coming out soon. There's like -- we're focusing heavily on that because that's going to be, you know, the backbone of a lot of future attacks. What I think, Caleb, is more of marketing operations, sales operations. I think there's a larger footprint of agentic AI being deployed in ways that are not necessarily focused in a security context, but more of just a general business-like operational context. For instance, like, you know, engineering, I could see engineering making a large adoption of agentic AI just because that's where software is headed. Engineering is one of the first places that should adopt it because that's going to be the future. So you're going to see, I think, a large footprint of agentic AI in various or diverse parts of the business. But from a security perspective, like a defender, we're a little more wary. Wary is probably not the right word. Put it this way: If I'm a threat actor and I'm going to attack your environment, I have a very talented team behind me and I'm running the operation. Why, if I've spent years as a nation-state performing reconnaissance, understanding and learning everything about the target that I'm about to attack, why would I then, all of a sudden, go to an agentic AI framework? There needs to be a viable reason to do that. Until there is one, I don't think we'll see an attack at scale, and the reason is because AI is still hallucinating. Humans, to me, in my opinion, are still a lot more trustworthy, especially when we're talking about a threat actor operation. They've built software or malware, in that case. They've maybe compromised certain identities or first-stage type of identities to further down exploit for lateral movement and stuff like that. There's a lot of trust you would have to put into software, which is basically what AI is, to take over a lot of those sensitive operations that one little mistake could burn your entire operation and all of a sudden millions of dollars that your nation-state has put into it is lost. I think that's too much of a risk for a lot of threat actors to actually do. Now, on the other hand, if you're a less capable, and I will say less talented threat actor, right, maybe more in the criminal sphere, you don't have the backing of the nation-state. You don't have millions of dollars backing you in software development and all of that to do the reconnaissance. Maybe agentic AI is more viable for you because now you can, you know, delegate a lot of those tasks that you needed to get done to an AI that could help you and assist you to execute the attack. Now, it probably won't be at the level of a nation-state, but it probably still is maybe equally dangerous. But again, I think that's where the viability comes. I'll use BRICKSTORM as an example. With the BRICKSTORM attack and the attack in the hypervisor, there are certain, like, thread -- attack vectors always exist. The attack vectors are always dictated by the architecture of your environment, okay, so those vectors always exist. All the defenses that you put into place, the security controls, defenses, whatever, are there just to slow things down when an attack does happen so you can catch it, stop it, and eradicate it, okay? Prevention is possible, but it's not guaranteed. But that's effectively how it works. Now, when we think of that perspective of, like, these threat vectors always exist because it's based on the architecture, well, those threat vectors only become viable to a threat actor when it's feasible to do. It's not extremely complicated when they have tools to deploy that enable that attack to happen, but the vector is there. So, like, that's how I see this, is that agentic AI is a technique that I think is going to be used, but until it hits that viability for threat actors to actually use at scale, that's an inevitability, but I just don't know when that timeline is.

Caleb Tolin: Right. Well, that was actually going to be my next question for you because over half of the respondents in this survey thought that in the next year, 50% or more of the cyberattacks that they deal with are going to be driven by agentic AI. And I know you've spent several years in the incident response world, so based off of that estimation, do you think that's overestimation, underestimation, right on the nose? I mean, you kind of just were talking about that, but do you think that threat actors are going to start leveraging AI that soon in terms of releasing agents, and what does that environment look like?

Joe Hladik: I think the viability might be discovered in it. Like, I'm a little hesitant to jump on the bandwagon and say, like, we're going to see a nation-state level attack using agentic AI this year, within the year. I think that's a stretch. Maybe we will, and I'm wrong. I mean, that's always a possibility. But again, I'm more of a risk-averse type of person from an offensive perspective because as a threat actor, you still have operational security. Operational security is one of the most important things as a threat actor because you don't want to be caught, especially if you're performing espionage. The whole point is to be quiet and subtle, and to do that is to have as much control over the operators that are performing or executing the attack as possible. That's why I'm hesitant that agentic AI is really going to be leveraged in that space because of that, because it's too much of a risk until it's proven not to be. On the other hand, where that's not considered a risk, I think we might see a ransomware type of attack, criminal-based attacks, destructive attacks maybe. Like, I could see it especially used in a warfare environment; for lack of a better example, like a Ukraine- Russia type of situation. I could see agentic AI being leveraged heavily in those types of situations where everybody knows they're at war, okay? It's not like a secret, but I think in terms of the higher-level, advanced-type of attacks that involve things like espionage, I'm a little hesitant to see it used for that. So yeah, that's how I see things. It's not that it's going to become more prevalent. I think it will become more prevalent in certain use cases until proven otherwise.

Caleb Tolin: Right. A healthy level of skepticism, but always good to prepare for things ahead of time as best you can.

Joe Hladik: Yeah, and that's -- from a defender's perspective, like, that doesn't mean you shouldn't prioritize and focus on it.

Caleb Tolin: Right.

Joe Hladik: In fact, it's the opposite. Like, we should put a lot of our energy and focus into it to understand how agents can be exploited, how they're vulnerable, how they can be tampered and manipulated with because, ultimately, they're going to be the back-end controllers of everything. So when we talk about command and control, you know, when we talk about the stat of 82 to 1 non-human identities to human identities, that's a big command and control space to deal with, and we have to understand it in order to defend it.

Caleb Tolin: Right. Right. Well, Joe, thank you for joining us. I mean, you know, folks can learn more about all of these things in the new Rubrik Zero Labs report. It's titled "The Identity Crisis, Understanding and Building Resilience Against Identity-Driven Threats." I thought it was really interesting. I really appreciate you kind of unpacking some of the high-level findings, but of course, folks can go read more about it online and in the report. Where can folks find you and learn more about the incredible work you're doing other than that?

Joe Hladik: The best place to go is zerolabs.rubrik.com. That's where we're posting all of our content, white papers, blogs, the annual -- like, our big Identity Report that's coming out will be posted there as well. That's the best place to find us.

Caleb Tolin: Awesome. Awesome. Well, thank you for joining us again and until next time.

Joe Hladik: All right. Thanks, Caleb.

Caleb Tolin: Now, for those of you watching on YouTube, you will see we had a little bit of a costume change, and that is because everything prior to this moment in the conversation was recorded before Anthropic's report around agentic AI attacks was published. Joe's comments do not directly conflict with the report, and his position remains the same, but thank you for listening. Until next time. [ Music ]

Data Security Decoded
Podcast Info
HOST(S):
Caleb Tolin
As the host of Data Security Decoded, Caleb Tolin dives deep with cyber experts to deliver actionable, vendor-agnostic insights to reduce data security risks and improve cyber resilience outcomes. Caleb asks the incisive questions that you need answered, extracting actionable guidance for defenders. Come be obsessed with improving your organization's cyber resilience.
Schedule: Two times per month. Every other Tuesday.
Credits: Data Security Decoded is a podcast by Rubrik.
Creator: Rubrik
Data Security Decoded