Allie Howe

Insecure Agents

News EN ↓ 41 episodios

Insecure Agents lives at the intersection of AI engineering and security. Stay ahead of the curve with expert insights, real-world incidents, and bold ideas for safer agents.

Autor

Allie Howe

Categoría

News

Web del podcast

podcasters.spotify.com

Último episodio

29 de jun. de 2026

¿Dónde escuchar?

Podcasts en la app Replaio Radio Muy pronto

Los podcasts llegarán muy pronto a la app. Instálala ahora y sé el primero en descubrir una forma totalmente nueva de vivir los podcasts

Descárgala en Google Play Instálala gratis Android 5 M+ de descargas · valoración de 4,8 iOS muy pronto

Episodios

The Grant Behind Enterprise Managed Auth for Claude: ID-JAG with Karl McGuinness (ex-Okta) 29.06.2026

Every SaaS app an enterprise connects to stands up its own OAuth stack of long-lived grants the enterprise can't see or revoke. Karl McGuinness, author of ID-JAG and past Chief Product Architect at Okta, calls these "OAuth islands," and agents turn them from a nuisance into a serious risk. He joins us to explain OAuth federation, how ID-JAG shipped inside Anthropic's Enterprise M...

One Harness, Zero Standing Secrets: Derek Meegan (Browserbase) on Building bb 26.06.2026

This is one of the best public internal AI stories we've seen, built by just a few engineers. Derek Meegan, a software engineer at Browserbase and the lead behind their internal AI agent, bb, joins us to explain how bb took feature-request coverage to 100% with zero human effort, got 99% of support first responses under 24 hours, and turned 30 to 60 minutes of manual log-diving into a single S...

It's the Harness, Not the Model: David Cramer, CPO of Sentry, on Agents, Expectations vs Reality 24.06.2026

David Cramer, CPO and co-founder of Sentry, joins us to cut through the agent hype with a working engineer's skepticism: the model is rarely what holds agents back. The harness you build around it is. We get into the Railway incident, where a coding agent found a stray CLI token and deleted a production database (and every backup) in nine seconds, and why the enforcement layer has to live belo...

From Spec to Standard: How AARM Became the Conformance Bar for Agent Runtime Security, with Herman Errico (Vanta, AARM)) 22.06.2026

Herman Errico, Product Manager for Technical Research at Vanta, joins us to discuss AARM (Autonomous Action Runtime Management), the spec he created to define a brand-new security category for agents that take real actions, not just generate text. We get into why the action boundary is the security boundary, why securing the model, prompt, or orchestration layer is the wrong place to enforce, and...

Self-Driving Infrastructure Starts with Security: Malte Ubl, CTO of Vercel, on Vercel's New deepsec Security Harness 18.06.2026

Malte Ubl, CTO at Vercel, joins us to discuss deepsec, Vercel's open-source AI security harness designed to scan entire codebases for vulnerabilities using coding agents like Claude and Codex. We explore why software engineering is shifting from programming models to programming agent harnesses, how deepsec scales security reviews across millions of lines of code, when AI token spend is justif...

Governing AI Agents Means Governing Intent: The AWARE Framework with Sunil Agrawal, CISO of Glean 16.06.2026

Sunil Agrawal, CISO at Glean and one of the authors of the AWARE Framework, joins us to discuss the new guide for governing generative and agentic AI he co-authored with Palo Alto Networks and Databricks. This framework gives CISOs a much needed playbook in a rapidly evolving threat landscape. Palo Alto's Unit 42 showing AI-assisted attacks can now reach data exfiltration in as little as 25 mi...

A Dangerous Precedent Set? The US Government Yanks Fable 15.06.2026

Alex Stamos, CPO of Corridor and past CISO at Facebook, and Andrew Becherer CISO at Socket, join us to discuss the open letter they and 100 others have signed in opposition to the US government taking down Fable after research from Amazon showed capabilities that gave the current administration pause. We discuss the potentially dangerous precent this sets, the state of the letter, and what to do w...

Auth Is Hard (And Agents Make It Harder) with Damian Schenkelman, Auth0 08.06.2026

Why does every AI security incident seem to trace back to auth? We sit down with Damian Schenkelman, VP of Research and Development at Auth0 to discuss ⁠ recent incidents in the news, MCP, the act claim chain, and the future of agent identity. The conversation digs into the core problem agents create: when an agent hands a task to a sub-agent, which calls an MCP server, which hits a SaaS API, who...

AAuth: Moving Beyond OAuth and the Future of Agent Auth 03.06.2026

In this episode we sit down with Dick Hardt, the creator of OAuth, to talk about why the auth primitives we built for the web fall apart the moment agents start acting on our behalf. We dive in to why OAuth doesn't fit MCP, what breaks when an agent runs for hours and touches a dozen systems using your credentials, and his new protocol, AAuth: a way for developers to run agents without API key...

Ep. 32 Hyper-personalized Software and Software Factories with Geoff Huntley @ Daytona Compute 07.05.2026

We sit down with Geoff Huntley, creator of the Ralph Wiggum Loop and founder of LatentPatterns.com, to hear his take on where AI is pushing software next: hyper-personalized software, software factories, and eventually product factories that optimize themselves for revenue. With this level of hyper-personalization that AI now allows for Geoff says he finds himself asking vendors "are you a ut...

Ep. 31 Sandboxes, the Infrastructure Underneath, and What that Means for Your Security Posture @ Daytona Compute 08.04.2026

We sit down with top AI engineers such as Sherwood Callaway, founder of Sazabi, Anthony Shew, core maintainer of turborepo at Vercel, and Dexter Horthy, CEO of HumanLayer, to hear about how they are using sandboxes to make agents more performant. We also discuss the security differences amongst sandbox providers with Rene Brandel, founder of Casco. We discuss how sandboxes aren't created equal...

Ep. 30 How Security Changes When Most Product Users are Agents (Mark Dorsi, RSAC) 02.04.2026

Mark Dorsi, CISO at Netlify, sits down with us at RSAC to talk about the shift to everyone becoming a builder and how he's coding 6 hours a day and how products, including Netlify, must adapt to a world where most users are agents.

Ep. 29 From Point-in-Time Audits to Continuous Testing: AI’s Role in Transforming AppSec (Kyle Bhiro and Josh Kotrous, RSAC) 02.04.2026

Kyle Bhiro and Josh Kotrous from Pensar join us at RSAC to discuss how AI is reshaping the entire AppSec industry. Kyle and Josh elaborate on how agentic code scanning and continuous testing is leading to AppSec market consolidation and new expectations around AppSec spend. We also explore the thought that point in time audits may make less sense for AI, which changes constantly. Given this, conti...

Ep. 28 OpenAI Acquires Promptfoo (Ian Webster, RSAC) 02.04.2026

Ian Webster, CEO and Co-Founder of promptfoo, joins us at RSAC to discuss OpenAI's recent acquisition of promptfoo. Ian discusses how appealing to both developers and security teams was key to promptfoo's go-market-strategy strategy. Ian's success offers a playbook for other AI security companies that may be targeting an acquisition and shares what's next for promptfoo at OpenAI.

Ep. 27 The AI-Driven Kill Chain and the Coming Bug Apocalypse (Alex Stamos, RSAC) 01.04.2026

Alex Stamos, former CISO of Facebook and current Chief Product Officer at Corridor, explains how AI is reshaping the kill chain and enabling new capabilities for attackers worldwide. He also outlines what’s needed to defend against these emerging threats and how to prepare your organization for what’s coming.

Ep. 26 Context Graphs with Animesh Koratana, CEO of PlayerZero 23.03.2026

Animesh is the CEO and founder of PlayerZero, a company using context graphs to build a complete picture of how your production software actually behaves. Animesh's X article on context graphs went viral getting over 2M views. Animesh explains what a context graph is, why you should build one, and how it can help you build a world model around why decisions get made.

Ep. 25 Pavan Kulkarni and Aaron Tainter, WorkOS FGA Launch 05.03.2026

The agent identity conversation is back on the Insecure Agents podcast. Developers are starting to feel the pain of missing agent identity infrastructure as they think through problems like agent memory access and storage and goal based authorization for tools and resources unplanned for at agent inception. Listen to Pavan and Aaron explain how their recent Fine-Grained Authorization (FGA) launch...

Ep. 24 James Cowling, Co-Founder and CTO of Convex 21.02.2026

James sits down to tell us about OpenClaw using Convex, how proper architectural building blocks sets you up for better security, and how the shift to agents writing all of software changes who platforms like Convex are building for.

Ep. 23 Cailyn Yong, Founder of Momo 17.02.2026

You've heard of OpenClaw, but have you heard of Momo? Momo is built by Cailyn Yong and is a personal assistant agent for teams. Momo's memory actually works and makes it stand out against other agents such as OpenClaw. Hear from Cailyn on the AI security issues this type of agent faces, how she built Momo, and what it takes to be successful in this increasingly popular space.

Ep. 22 Kwindla Kramer, CEO of Daily and creator of Pipecat AI 30.01.2026

In this episode we discuss the engineering and security challenges that separate POC agents from enterprise agents. Kwindla brings a wealth of knowledge on common hard agent engineering problems such as async, automatic, non-blocking context compaction, agent memory, and stateful long running agents.

Ep. 21 Peter Steinberger, Creator of Clawdbot 25.01.2026

Listen in to learn how Peter created the best personal assistant agent to date and the security concerns at play. Personal assistant agents need lots of access to do meaningful work but there are tradeoffs between innovation and security.

Ep. 20 Feross Aboukhadijeh, Founder & CEO of Socket 24.12.2025

Supply chain security for open source dependencies, how to protect yourself against attacks like Shai Hulud 2.0, and how AI agents introduce new security challenges.

Ep. 19 Ivan Burazin, Co-Founder & CEO of Daytona 23.12.2025

Agents need purpose-built sandboxes that spin up in milliseconds to execute tasks like code analysis, web browsing, and data processing. Ivan addresses the hurdles around speed, security, and statefulness.

Ep. 18 Kikimora Morozova, AI Security Researcher, Trail of Bits 22.12.2025

An attacker can hide prompt injections in images that only become to AI systems, enabling data exfiltration on production systems like Google Gemini CLI. Is weaponized image scaling a security vulnerability, or an architectural flaw in how AI systems process multi-modal inputs?

Ep. 17 OWASP Top 10 for Agentic Applications: Aaron Stanley, Ian Livingstone & Dex Horthy 18.12.2025

We sat down to discuss the just released OWASP Top 10 for Agentic Applications, exploring critical threats like goal hijacking, remote code execution, and identity management while breaking down how to balance AI agent autonomy with deterministic guardrails and user trust.

Escucha el podcast Insecure Agents en Replaio

Radio y podcasts en una sola app - gratis y sin registro. Instálala hoy y no te pierdas el estreno

Descárgala en Google Play

Replaio no es editor de podcasts; los nombres de los programas, las portadas y el audio pertenecen a sus autores y se distribuyen a través de canales RSS públicos