The Stack Overflow Podcast

Prevent agentic identity theft

10 snips
Mar 27, 2026
Guest
Nancy Wang
Nancy Wang, CTO of 1Password and security-focused technologist, explores risks and controls for local AI agents. She covers why agents create large blast radii, how sandboxing and brokering short-lived credentials help, and the role of verifiable identity, device telemetry, and zero-knowledge design. She also touches on skill registry risks and future-proofing agent identity.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
INSIGHT

Local Agents Create Massive Blast Radius

  • Local agents expand attack surface by accessing files, terminals, browsers, repos, and local tools on a device.
  • Nancy Wang notes CloudBot/Moldbot demonstrates massive blast radius and recommends not running agents on work laptops due to sensitive local data.
ADVICE

Sandbox Agents And Scope Their File Access

  • Limit each agent's access using sandboxing and file-path restrictions to reduce what a single agent can reach.
  • Nancy describes a demo where 500 agents had scoped file access so no one agent held excessive privileges.
INSIGHT

Agent Identity Needs Intent And Chain Of Custody

  • Agent identity must capture more attributes than human identity, including intent, who spawned the agent, and execution context.
  • Nancy highlights work on DIDs and verifiable credentials because ephemeral agents may not match identity at issuance and execution.
Get the Snipd Podcast app to discover more snips from this episode
Get the app