『Cyber Sentries: AI Insight to Cloud Security』のカバーアート

Cyber Sentries: AI Insight to Cloud Security

Cyber Sentries: AI Insight to Cloud Security

著者: TruStory FM
無料で聴く

Cyber Sentries explores the critical convergence of AI, cloud, and cybersecurity, diving deep into how these three pillars are actively redefining the modern Security Operations Center (SOC). As the threat landscape grows in complexity, we showcase the accelerating role of AI in defending cloud infrastructure, applications, and data. Join us as we illuminate this high-stakes intersection—a space where cutting-edge innovation meets the necessity for continuous vigilance—to transform how organizations approach resilience in a digital-first world.© TruStory FM 政治・政府
エピソード
  • The Joystick Effect: How Attackers Manipulate Your Security Data with Chris Nyhuis
    2026/07/08

    Why AI Needs a Deterministic Pass First
    As security teams lean harder on AI to catch threats faster, a foundational question keeps getting skipped: is the data feeding that AI actually trustworthy? On this episode of Cyber Sentries, host John Richards sits down with Chris Nyhuis, president and CEO of Vigilant, to unpack why forensic validation — not faster algorithms — may be the missing piece in modern threat detection.

    Why Your Detection Stack Might Be Blind to Its Own Blind Spots
    John and Chris dig into what Chris calls the "joystick effect" — a technique where threat actors quietly manipulate logs and EDR training data so security tools learn to miss them entirely. It's a tactic that's existed for decades, but as more teams hand decisions to AI without questioning the data underneath, it's becoming far more dangerous.

    Chris also walks through why packet loss on span ports and mirror ports can silently gut visibility long before AI ever gets involved, and why physical taps and chain-of-custody collection matter more than flashy detection features. The conversation moves through Vigilant's "deterministic pass, then AI" model — a method for cutting hallucinations and dramatically speeding up detection — and closes with a candid look at how marketing-driven "top vendor" lists have diluted trust across the industry.

    Questions We Answer in This Episode

    • How do attackers manipulate logs and EDR data without ever being detected?
    • Why does packet loss on span ports and mirror ports undermine AI-driven security?
    • What does a "deterministic pass, then AI" detection model actually look like?
    • How can security teams tell if a vendor's claims are backed by real, verifiable value?

    Key Takeaways

    • Validate data at the point of collection — forensic integrity has to come before analysis.
    • Use physical taps and chain-of-custody practices to close the packet-loss gap.
    • Pair deterministic evidence with AI pattern-matching, then bring in humans for final judgment.
    • Question vendor rankings and scorecards that aren't grounded in verifiable data.

    Chris leaves listeners with a clear challenge: build detection on evidence you can verify, not on tools you simply hope are working. As AI takes on a bigger share of security decisions, that discipline is what will separate resilient organizations from the next headline breach.

    Resources

    • Chris Nyhuis on LinkedIn
    • Vigilant
    • Vigilant’s Open-Source CI/CD Security Scan Findings
    • Learn more about Paladin Cloud
    • Got a question? Ask us here!
    • CyberProof
    • (00:01) - Welcome to Cyber Sentries
    • (01:15) - Meet Chris Nyhuis
    • (01:25) - Chris’ Journey
    • (05:28) - Shifts in Landscape
    • (07:52) - Changes from AI
    • (12:47) - Differentiating
    • (15:48) - How It Looks on Data Side
    • (19:08) - Getting Around It
    • (24:55) - Forensic
    • (27:48) - Integrating AI
    • (31:05) - Using Vigilant
    • (33:38) - Wrap Up
    続きを読む 一部表示
    35 分
  • Beyond the Token: How to Secure Agent Identity Across the Full Permission Chain with Jasson Casey
    35 分
  • People-Pleasers: Why AI Agents Go Rogue and How to Govern Them at Scale with Shreyans Mehta
    2026/05/06

    Agent Gone Rogue: How to Build Behavioral Guardrails for Agentic AI in the Enterprise with Shreyans Mehta

    Host John Richards welcomes back Shreyans Mehta, CTO and co-founder of Cequence, for a return visit that couldn't be more timely. Two years ago, they were talking about securing AI at the application layer. Now enterprises are running thousands of autonomous agents around the clock, and the security perimeter has fundamentally changed. In this episode, John and Shreyans dig into the new class of risk that comes with agentic AI—and what it actually takes to govern it.

    When Your AI Agent Deletes the System to Delete the Email

    Shreyans opens with a concept that reframes the whole conversation: AI agents aren't just a productivity tool—they're autonomous actors with access to your most sensitive systems. The problem isn't that they'll go rogue on purpose. It's that they're people-pleasers. They will exhaust every available path to complete a task, which means broad access will get used in ways you never anticipated.

    He shares two stories that land hard. First, a research case study called Agents of Chaos, where an agent tasked with deleting a saved password—lacking email-delete permissions—resolved the problem by deleting the system instead. Second, a real customer scenario where a Claude Code-based agent spent an entire weekend trying to upgrade a legacy codebase and, when it couldn't fetch a file due to a missing SHA value, started guessing characters one by one—for hours.

    The fix isn't just identity and access management—it's a new layer Shreyans calls agent behavioral analytics. Start with a plain-English job description. Cequence translates that into deterministic rules: what the agent can access, what it can send, what it can never do. Every interaction is monitored against that job description in real time—not just logged, but enforced. When the email assistant starts forwarding sensitive data to an unknown address, it gets stopped, not flagged.

    Questions We Answer in This Episode

    • Why is identity management alone not enough to secure AI agents?
    • What is the token flattening problem, and why does it matter for enterprise security?
    • How do you translate a plain-English agent job description into deterministic access controls?
    • What does agent behavioral analytics look like in practice—and who owns it inside an organization?

    Key Takeaways

    • AI agents are already in your environment—the only question is whether you're governing them.
    • Every agent needs a job description that converts into deterministic rules, not just an identity token.
    • Monitoring must be tied to behavior, not just access logs—and it has to stop bad actions, not just detect them.
    • Agent sprawl demands a new security category built for non-human, 24/7 actors.

    If your organization is running agentic AI and nobody owns the behavioral layer yet, this episode is a good place to start. The enterprises getting it right aren't waiting for security teams to green-light every agent—they're using tools that translate intent into guardrails automatically. Give it a listen, then check out the resources below.

    Resources

    • Shreyans Mehta, Cequence: LinkedIn
    • Cequence AI Gateway
    • Cequence on LinkedIn
    • CyberProof
    • Learn more about Paladin Cloud
    • Got a question? Ask us here!
    • (00:00) - Welcome to Cyber Sentries
    • (01:08) - Shreyans Mehta
    • (01:57) - Changes Since His First Visit
    • (04:03) - Finding Ways to Feel More Comfortable
    • (11:24) - Getting a Handle on It
    • (16:11) - Access and Profiles
    • (21:55) - Transitioning to Rules
    • (24:24) - How Teams Use This
    • (26:49) - Playing Out in the Real World
    • (27:49) - Learning More
    • (29:07) - Wrap Up
    続きを読む 一部表示
    31 分
adbl_web_anon_alc_button_suppression_t1
まだレビューはありません