Zero Trust

Today we’re going to answer the question everybody has been asking me: when an agent takes an action, whose identity should it use? The identity an agent carries decides whether you can attribute what it did, whether it can keep working while you’re asleep, whether it survives you changing teams or leaving the company, and how much damage a stolen credential does. Get it wrong and you either can’t use agents for any real life work, or you quietly build a privilege escalation into your company’s sensitive systems....

A while back I worked with a guy named Phil. Often we’d have situations where teams would suggest bolting on security at a later stage rather than fixing the underlying problem, and he would always clap back with “you can’t bootstrap trust” and thats what I wanted to talk about today. Trust has to be end to end, if any link in the chain is weak, the whole thing collapses. You can build on a rocky foundation, but it’s going to reduce the security of the control and lead to gaps in your design that are impossible to plug....

We’ve spent the last decade building zero trust architectures. Device posture checks, tiered application access, network segmentation, conditional access policies. All designed around a core principle: don’t implicitly trust anything, verify everything, and limit the blast radius when something goes wrong. AI tools are quietly undoing a lot of that work. We’re connecting AI tools to everything, and we’re making them controllable from anywhere. That combination is a fundamental challenge to how we’ve been thinking about defense in depth....

Everyone’s shipping AI agents right now. Connect your agent to Slack, let it read your email, have it make PRs on your behalf. This can be via MCP, no-code AI tools like n8n or direct via APIs. However, we’re in this awkward middle ground where the tooling to use agents is miles ahead of the tooling to secure them. The fundamental problem isn’t new, it’s the same challenge we’ve had with any system that acts on behalf of a user, but agents amplify it in ways that existing access control patterns weren’t built for....

Over the past few weeks, my feed has been filled with a juxtaposition: security people warning about the risks of AI browsers and SF tech bros saying they have 10x’d their performance by using an AI browser to order lunch from DoorDash. A lot of people are crying about prompt injection, but that isn’t the only risk posed by AI browsers. The guidance seems to be very much “just block them” at this stage, and while that’s a pragmatic short-term solution, I don’t think it’ll work for very long....

Business Process Outsourcing (BPO) is when you hire a group of contractors from a single company to complete long-term work for you. This is typically something like customer support, where you want to outsource first-line tech support to a cheaper region or get more coverage in a timezone where you don’t have an existing presence. The problem is that zero trust architecture requires every employee accessing your critical SaaS applications to come from a managed device....

Enterprise AI search tools are a simple concept. They take in all of the data from all of your productivity tools and give you a single pane of glass to search across your company’s entire corpus. This lets you search across all of the documents, email and chat regardless of what tool they are stored in. The productivity benefits are apparent here because who hasn’t spent half an hour searching for that doc you made three years ago?...

I’m a big fan of building security into existing processes, a term coined as “secure paved roads” by Jason Chan, Ex-Netflix CISO. The idea behind this is that security should mostly be invisible. The average employee should simply not have to think about high-consequence security domains. They’ll use tools that make their life easier, and that tooling has security built in by default. Yes, they can divert from that paved path, but they’ll generally have a worse experience....

Background Third-party risk management (TPRM) has its challenges. It is a relatively new area that has been developing rapidly, but many programs face significant issues as their companies grow. TPRM rarely scales linearly with the business or the number of applications in use. There are no easy fixes, but you can make steady improvements. I will share some practices I have used to improve programs over time, which you can take away and adapt to your situation....

Summary In this blog post, I’ll go into the basics of third-party risk management, what the challenges are, and give you an overview of what an average Third-Party Risk Management (TPRM) program looks like. This is designed primarily for people new to the industry up to the mid-level, but there might be a few points valid for seniors with mature programs too. Background In recent years TPRM has become a growing chunk of work for cyber security teams....