Permiso Security

Ahl About Identity

Ahl About Identity isn’t your typical cybersecurity podcast. Each episode unpacks how attackers move through cloud and SaaS environments, exposing the overlooked gaps that make identity the new perimeter. Through real breach stories and insightful discussions, we examine attacker behavior, identity misuse, and the subtle signals defenders often miss. We put identity at the center of every conversation, connecting attacker tradecraft to practical defense strategies. If you care about what’s really happening behind the buzzwords, this is where the identity conversation gets real.

Autor

Permiso Security

Kategorie

Technology

Podcast-Website

permiso.io

Neueste Folge

17. Apr 2026

Wo hören?

Podcasts in der App Replaio Radio Bald verfügbar

Podcasts kommen bald in die App. Installiere sie jetzt und erlebe als Erster einen ganz neuen Blick auf Podcasts

Bei Google Play herunterladen Kostenlos installieren Android 5 Mio.+ Downloads · Bewertung 4,8 iOS bald

Folgen

Episode 09 | Mythos, GPT-5.4 Cyber, and Opus 4.7 17.04.2026

In this episode of All About Identity , Ian Ahl breaks down the latest wave of AI-for-cyber news, from the hype and skepticism around Anthropic’s Mythos to OpenAI’s GPT-5.4 Cyber access program and the reality of what users are actually getting today. Along the way, he looks at what these model releases could mean for exploit discovery, defenders, and attackers alike, while keeping the conversatio...

Episode 08 | Introducing SandyClaw: Dynamic Analysis for Malicious Skills and Prompts 02.04.2026

AI agent skill marketplaces are the new software supply chain, and attackers are already exploiting them. In this episode of All About Identity, Ian Ahl walks through real examples of credential-stealing and deceptive skills, explains why static scanning and single-LLM reviews fall short, and introduces SandyClaw, Permiso's dynamic analysis platform for AI agent skills and prompts. Ian breaks down...

Episode 07 | Hidden Prompts, Trusted Output: Inside Copilot Summary Abuse 30.03.2026

In this episode, Ian Ahl (Permiso CTO) and Andi Ahmeti (Permiso Threat Researcher) walk through new research on how Microsoft Copilot email summaries can be manipulated by attacker-controlled content inside a message. They show how hidden instructions can influence summary output, inject fake security warnings, and make AI-generated summaries feel more trustworthy than the original email. It’s a s...

Episode 6 | Can an AI Agent Run a Purple Team Exercise in AWS? 11.02.2026

In the latest episode of Ahl About Identity , Ian Ahl revisits OpenClaw and shows how his agent, Rufio, has evolved beyond hunting malicious skills into broader security workflows. He breaks down the Rufio Evolution Report, including 135 YARA rules authored, more than 2,000 skills scanned, and 21 confirmed threats. The episode wraps with a practical purple team exercise where Rufio operates inside...

Episode 05 | OpenClaw, MoltBook, and the Rise of Agent Identity Abuse 03.02.2026

Our CTO, Ian Ahl, deployed an AI agent to investigate the OpenClaw ecosystem and it immediately uncovered malicious skills stealing credentials in the wild. We break down how these campaigns work, why skills marketplaces are becoming a new supply chain risk, and what happens when agents hold keys to core business systems. Agents are becoming sysadmins for people, and we are still installing first...

Episode 04 | Gainsight -> Salesforce: Another OAuth Supply-Chain Scare? 20.11.2025

Salesforce says it saw unusual activity from a Gainsight app and revoked access. We don’t have technical details yet. In this episode Ian covers what’s confirmed, what’s speculation, how this differs from SalesLoft, and the immediate hunts you can run while we wait for more signal.

Episode 03 | AI Security Is Identity Security: What to Fix First 14.10.2025

AI security can feel chaotic, but it makes more sense when you look at it through identity. In this episode, Ian Ahl explains why most "AI incidents" today come down to stolen credentials, abused OAuth tokens, and over-privileged accounts. He compares what's useful right now from NIST's AI RMF, Google's Secure AI Framework, and MITRE ATLAS, and points out what's still mostly theory. Ian also share...

Episode 02 | Worms in the NPM Supply Chain: Singularity, Phished Maintainers, and Shai-Hulud 18.09.2025

Over just a few weeks, the NPM ecosystem was hit by three major security incidents: the Singularity campaign exploiting GitHub Actions for token theft, a phishing attack on a package maintainer, and Shai-Hulud, the first worm-like malware propagation in NPM. In this episode of The Permiso Podcast, our CTO Ian Ahl, breaks down how each event unfolded, the role of stolen credentials, and what these...

Episode 01: Tokens, Trust, and Takeovers: Inside the Salesloft Breach 10.09.2025

In our first episode of the Permiso Podcast, Our CTO Ian Ahl unpacks the Salesloft breach. This supply chain attack leveraged OAuth tokens to access Salesforce, Google Workspace, and other integrations. We cover: How attackers moved from GitHub into AWS and SaaS platforms Why Salesforce data became a key enabler for deeper compromises The challenges defenders face with SaaS logging and visibility...

Höre den Podcast Ahl About Identity in Replaio

Radio und Podcasts in einer App - kostenlos und ohne Anmeldung. Installiere sie noch heute und verpasse den Start nicht

Bei Google Play herunterladen

Replaio ist kein Herausgeber von Podcasts; die Namen der Sendungen, Cover und Audioinhalte gehören ihren Autoren und werden über öffentliche RSS-Feeds verbreitet