Interview with Sandy Bird, co-founder of Sonrai Security
In this week's interview, we kick off the conversation with how Sonrai's expertise in securing cloud identity permissions had the company well placed to address the explosion of AI agents and the clear risks they represented. On the surface, this looks like a cloud/hyperscaler permissions challenge, but it isn't that simple. As agents like Claude Code, Codex, and Hermes are connected to enterprise cloud agents, the risk spreads outside VPCs and onto endpoints.Check out the episode to learn more about some of the most common risks Sandy finds and how Sonrai goes about addressing them.This segment is sponsored by Sonrai Security. Visit https://securityweekly.com/sonrai to learn more about them!Segment Resources- AWS Bedrock agent permissions: what you need to lock down before you go live
Making Enterprise AI Agents Accountable with Amir Ofek, CEO and Co-Founder of aizome
Organizations looking to unlock the power of Enterprise AI Agents, and in a controlled and safe way at the speed of AI. Identity is at the heart of it. However, NHI Governance Is Not Enough for Enterprise AI Agents.The identity industry has responded to the rise of AI agents the same way it responds to every new identity challenge: extend existing frameworks. Map agents to human owners. Enforce least privilege. Govern them like non-human identities.It is a reasonable instinct. It is also insufficient in ways that matter enormously. Non-human identity security was built for a deterministic world - service accounts, API keys, bots. These identities do what they are configured to do. Their behavior is predictable enough that static governance models work. Enterprise AI agents are categorically different. Not in degree - in kind. They don't execute fixed instructions. They reason, plan, and adapt in response to context. Their scope shifts with every task. Their behavior at runtime can diverge significantly from anything true at provisioning time. Unlike any identity that came before them, they frequently change their intent, at a pace no governance model built for human movers or machine credentials was designed to handle.Wrapping them in the same framework you use for a service account isn't wrong. It's just insufficient in precisely the places where risk accumulates.- Download the SANS AI Security Maturity Model eBook
The Human Authorized. The Agent Acted. Who's Accountable? Interview with Howard Ting - CEO - Opal Security
A self-driving car still has a license plate The accountability didn't change just because the driver did. The same has to be true for AI agents, but most environments can't trace an agent action back through the layers of delegation to the human who authorized it. Howard Ting, CEO of Opal Security, joins Security Weekly to discuss what the accountability model looks like when employees run swarms of agents, and what has to be in place before that accountability chain is tested.This segment is sponsored by Opal Security. Visit https://securityweekly.com/opalidv to learn more about them!Next Evolution of Identity Security: AI for Lower Cost, Efficiency & Governance with Ajay Gupta - President & CEO - SDG
Organizations have invested heavily in identity platforms, but many still struggle to maximize security, efficiency, and governance outcomes. As AI transforms both cyber defense and cyber threats, Identity Security is emerging as a critical foundation for securing human and non-human identities alike. In this discussion, we explore how AI is helping organizations reduce costs, improve operations, defend against AI-powered attacks, and address the governance challenges created by AI agents—highlighting the convergence of Identity Security, AI Security, and AI Governance.This segment is sponsored by SDG. Visit https://securityweekly.com/sdgidv to learn more about them!Amir is CEO of aizome, which he co-founded earlier this year. Prior to that Amir was the CEO of AxoniusX, an innovation business unit of Axonius, where he led the launch of the Axonius SaaS Management product in the SSPM domain, and the Axonius Identities product in the IVIP domain. Amir was also CEO of Alcide, Kubernetes security company acquired by Rapid7, and before that the CEO of CyberInt, Threat Intelligece company, which was acquired by Checkpoint. Amir is an angel investor and former board member in a few cybersecurity startups, including Seraphic (acquired by Crowdstrike) and Zecops (acquired by Jamf). Amir also held various roles as VP at Amdocs, including Chief of Staff to the CEO, and VP CBE for the Singtel Group account.
He received his MBA from INSEAD (J06), and has BSc (Cum Laude, Dean’s List) in Industrial Engineering and Management from the Technion – Israel Institute of Technology.
Howard Ting is the CEO of Opal Security, where he leads the company’s mission to make identity governance and access management understandable, safe, and scalable in the AI era. He began his career at RSA Security over 25 years ago, working on identity management long before it was a mainstream priority, and has since built and led cybersecurity companies including Palo Alto Networks and Cyberhaven, where he served as CEO for five years and grew the company to over $1 billion in valuation.
Howard brings deep expertise at the intersection of AI and identity—specifically how organizations must govern not just human access but the growing swarms of AI agents operating on their behalf. He holds a B.S. in Business Administration from the University of California, Berkeley.
Ajay Gupta is the CEO of SDG Corporation and Executive Chairman of TruOps. He leads strategic initiatives in AI, Identity, Threat, and Risk and oversees global operations. Ajay advises Fortune 500 clients and mentors startups, driving innovation at the intersection of business and technology. He also serves as a Governor appointed member on the Board of Directors of the Connecticut Lottery Corporation.
Sandy Bird is the co-founder and CTO of Sonrai Security. Sandy was the co-founder and CTO of Q1 Labs, which was acquired by IBM in 2011. At IBM, Sandy became the CTO for the global security business and worked closely with research, development, marketing and sales to develop new and innovative solutions to help the IBM Security business grow to ~$2B in annual revenue. He’s calling us from his home in Fredericton, Canada, he is a car guy, and he’s probably wearing a Carhartt shirt.
- Security leaders, your vulnerability program is overloaded. Thousands of findings, limited resources, and no clear way to prioritize what actually matters to the business.Meanwhile, regulators and boards expect measurable risk reduction, not just scan results.Join the Vulnerability Management Virtual Cybersecurity Summit on July 29th to learn how leading organizations are shifting from volume to risk-based prioritization and turning exposure into actionable strategy.Security Weekly listeners can register for free at https://securityweekly.com/vulnmanagement using the promo code: CSS26-SW











