David Spark
π€ SpeakerAppearances Over Time
Podcast Appearances
So I'm going to start with you, Andy.
If least privilege breaks agentic workflows, and we're talking about agentic workflows versus actual humans as identities.
What does appropriate access governance even look like?
And how do you enforce policy against behavior you can't predict in advance?
I mean, because agents don't have predictable behaviors, do they?
Well, more than agents, I would say.
So, Danny, part of the core philosophy of ThreatLocker is this default-deny approach.
And by default, you limit privileges, yes, or just limit a lot of things beyond just privileges.
So, well then, how then does...
the least privileged behavior or the way you monitor it if you're dealing with agents that are moving at a much faster speed than humans.
How does this change?
I mean, how does speed come into the equation, I guess, is my question.
And also the agent itself, you should also throw in there, the agent itself doesn't have a conscience.
So it's not stopping itself or regulating itself.
What about this AI security challenge?
Quote, we just deployed more attack service in 12 months than we built in the previous decade, end quote.
After seeing a surfeit of MCP servers with no authentication and a bevy of malicious skills in the LLM marketplaces in just a month, Caleb Sema of White Rabbit has a simple diagnosis, repeating the cloud mistake.
But this makes me wonder if this is a mistake or this is just a pattern.
New technology deploys, businesses wait to see if it sticks.
Once it does, startups scramble to build solutions.