AddGitHub
The Cyber Threat Perspective
The Cyber Threat Perspective
The Cyber Threat Perspective·Jun 18, 2026·45m

Episode 185 | A Toddler with a Bazooka: The Real Risk of AI Agents

Download audioApple PodcastsSpotify

Show notes

AI agents can search the web, manipulate files, run commands, make API requests, access cloud platforms, and operate fully autonomously. They are powerful, they are here, and most organizations have no security controls around them whatsoever.

In this episode, Brad and Spencer break down the five major AI agent risk categories security teams need to understand right now, using Simon Willison's "lethal trifecta" as a framework and building on it with two additional risk areas they see in the field.

In this episode:

- What an AI agent actually is and why the definition matters before you can secure it
 - What AI agents are capable of: files, commands, APIs, memory, cloud access, and autonomous execution
 - The lethal trifecta: access to private data, exposure to untrusted content, and external communication
 - Risk category 1: Access to private data - why agents inherit your permissions and why that is dangerous
 - Risk category 2: Exposure to untrusted content and prompt injection attacks
 - Risk category 3: External communication and data exfiltration (including a real canary token experiment)
 - Risk category 4: Privileged access and limiting blast radius with least privilege identities
 - Risk category 5: Autonomous actions, approval gates, rate limits, and kill switches
 - Why backups, rollback plans, and recovery playbooks are more important than ever in an AI agent world

Resources mentioned:

- Simon Willison's lethal trifecta post (June 2025): https://simonwillison.net
- Zach Korman's ContinuumCon sandbox escape workshop: https://continuumcon.com/schedule/
- offsec.blog | securit360.com

Need a pen test before end of year? Q3 slots are filling up fast. 

Blog: https://offsec.blog/
Youtube: https://www.youtube.com/@cyberthreatpov
Twitter: https://x.com/cyberthreatpov

Follow Spencer on social ⬇
Spencer's Links: https://spenceralessi.com

Work with Us: https://securit360.com | Find vulnerabilities that matter, learn about how we do internal pentesting here.

← Previous

Episode 184 | Active Directory Isn't Dead. It's Just Undefended.