BrianKrebsAgentic AI-based services are the new Shadow IT. Change my mind.
I'd argue that very few companies have any real appreciation for how many of their employees are already feeding API keys and other stuff into fairly new and questionable agentic AI tools or platforms. So many companies are like, oh we're taking a wait-and-see approach to adopting AI. Meanwhile, half their dev team is doing critical development work on shared servers that have no authentication or limited (no 2fa) auth.
Alex Rosenberg@briankrebs It certainly takes some effort to correctly instruct an LLM that it cannot read any secrets directly because that’s exfiltrating data. And then as context fills, it’ll forget that directive.
Guillaume Ross@alexr @briankrebs Any OAuth like control companies had in place are completely bypassed by tools operating browsers or computers on behalf of human users too