Security Matters EP 20 - Why agentic AI is changing the security risk equation
Nov 26, 2025
Lavi Lazarovitz, VP of Cyber Research at CyberArk Labs, discusses the evolving security landscape shaped by agentic AI. He highlights the growing risks tied to overprivileged AI agents and the challenges of hybrid identities. Lavi emphasizes the importance of rethinking security controls as organizations scale AI, detailing real-world deployments that revealed vulnerabilities faster than traditional teams. He advocates for prioritizing discovery and visibility in agent technology to mitigate future breaches. Lavi's insights are a crucial guide for anyone navigating the intersection of AI and cybersecurity.
AI Snips
Chapters
Transcript
Episode notes
Top AI Agent Attack Vectors Converge On Access
- OWASP and others highlight prompt poisoning, behavior hijack, supply chain, and tool misuse as top AI agent vectors.
- Each vector ultimately leverages the agent's access and privileges to cause impact.
Demo: Prompt Poisoning Plus Excess Privilege
- CyberArk Labs demo: attacker injected a malicious prompt into an order's shipping address, causing the agent to call an invoice tool and send bank details.
- The exploit worked because the prompt passed unharmed and the agent had unnecessary invoice permissions.
Reduce Opportunities And Scope
- Reduce the number of agent identities and strictly limit their entitlements to lower impact potential.
- Apply defense-in-depth combining prompt filtering and least privilege to mitigate attacks.