BrianKrebsAgentic AI-based services are the new Shadow IT. Change my mind.
I'd argue that very few companies have any real appreciation for how many of their employees are already feeding API keys and other stuff into fairly new and questionable agentic AI tools or platforms. So many companies are like, oh we're taking a wait-and-see approach to adopting AI. Meanwhile, half their dev team is doing critical development work on shared servers that have no authentication or limited (no 2fa) auth.
Alun Jones@briankrebs when I interview for appsec positions, I like to ask "what would it take for you to fire a developer for a security lapse?" Interesting conversations ensue. I don't think anyone actually ever fires developers for security failings, including failure to learn from repeated blunders.