Identity management in security has been a difficult issue for many years, but the arrival of AI and AI agents has only complicated this picture.
In addition to human and machine identities, cybersecurity professionals now have to handle potentially thousands of AI agent identities across MCP and API endpoints.
How can businesses handle all of these complications while maintaining their cybersecurity?
In this episode, Rory speaks to Art Gilliland, CEO at cybersecurity firm Delinea, to discuss the thorny issue of identity attacks, and how IT leaders can get a grip on digital identities.
Highlights
"I think what you're seeing now is the adversaries, the bad guys, they're basically focused on, 'look where's the weakest link, where is the place where we've spent the least?' And infrastructure people are about throughput and speed and access, and security is about protection. And if you have a domain that is split between those two, you're going to find weaknesses."
"I think one of the, one of the things that has always been true is that there is a structural imbalance in the security world, and that structural imbalance is the adversary just has a structural benefit. They're always advantaged."
"Identity really is sort of the tip of the spear of watching for breaches, because there will be failures probing an identity that will give you indicators that something bad is going to happen before it happens. Once they have the authenticated identity, then it's really damaging. But if you can see the leading indicators, you can get in front of it, and I think this is where AI is going to really help."
Footnotes
- Machine identity attacks will be top of mind for security leaders in 2025
- Non-human identities: Are we sleepwalking into a security crisis?
- Microsoft expects 1.3 billion AI agents to be in operation by 2028 – here’s how it plans to get them working together
- IT leaders don’t trust AI agents yet – and they’re missing out on huge financial gains
- What is the Internet of Things (IoT)?
Subscribe
- Subscribe to The IT Pro Podcast on Apple Podcasts
- Subscribe to The IT Pro Podcast on Spotify
- Subscribe to the IT Pro newsletter
- Join us on LinkedIn
-
Cyber expert warns an uptick of youth hackers should be a ‘wake-up call’ after teens charged over TfL attackNews Encouraging youths to engage in positive tech initiatives will guide them down the right path and away from nefarious activities
-
Audit and security professionals must step up to govern AI – before it governs usNew ISACA credentials introduced to tackle the challenge of AI preparedness amongst audit and security management professionals
-
Let’s talk about digital sovereigntyIn the age of AI and cloud, where data resides is a key consideration
-
Can cyber group takedowns last?ITPro Podcast Threat groups can recover from website takeovers or rebrand for new activity – but each successful sting provides researchers with valuable data
-
July rundown: Salt Typhoon and SharePoint scaresITPro Podcast US public sector organizations are under serious threat from the state-backed hacking group
-
Can the UK ban ransomware payments?ITPro Podcast Attempts to cut off ransomware group profits could instead harm businesses
-
We need to talk about operational technologyITPro Podcast Groups like Volt Typhoon are abusing poor hygiene in critical infrastructure to pre-position for attacks
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
April rundown: MITRE frights and Microsoft launches Recall (again)ITPro Podcast As CISA delivered an eleventh-hour reprieve for the CVE database, AWS reportedly began to pause some data center leases
-
The new era of cyber threatsITPro Podcast With AI-powered attacks and state-backed groups, security teams face face a new wave of sophisticated threats
