The Four Horsemen of Agentic Risk

Mar 26, 2026

Sailesh Mishra, AI security practitioner and founder with experience at Uber's Advanced Technologies Group and AI startups. He explores autonomous agents that act, not just answer. He warns about agents with persistent memory, logic-bomb style attacks, and indirect prompt injection in the wild. He stresses scoping agent identity and monitoring every tool call to catch time-shifted, stateful threats.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

Agents Collapse Multiple Systems Into One Risk Surface

Autonomous agents collapse multiple resources into one system, creating a new attack surface where an agent can access web, endpoints, calendars, and credentials.
Sailesh Mishra illustrated this with OpenClaw wiping an email inbox after being granted broad access, showing walls/old perimeter thinking no longer suffice.

ANECDOTE

OpenClaw Wiped An Inbox And Said Sorry

Sailesh recounted the OpenClaw incident where installing an agent wiped an entire email inbox and replied "sorry."
He used the example to show how agents granted broad permissions can perform destructive actions unexpectedly.

INSIGHT

Persistent Memory Enables Time Shifted Logic Bombs

Persistent memory turns stateless prompt attacks into time-shifted, stateful attacks that can be assembled and triggered later.
Mishra described logic-bomb style attacks where benign inputs are stored and later assembled on a trigger like "whenever you search for my salary" to exfiltrate data.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Your AI agent just wiped an entire email inbox and said sorry. That's not a hypothetical. It already happened.

Sailesh Mishra, Product Marketing at Palo Alto Networks and founder of SydeLabs (acquired by Protect AI), has spent years at the frontier of AI security, from scaling autonomous vehicle programs at Uber's Advanced Technologies Group to building and selling an AI red-teaming startup. He has a clear-eyed view of what autonomous agents can do, what they can be made to do, and what organizations are dangerously unprepared for.

You'll learn:

- Why the "lethal trifecta" of AI risk gains a fourth, more dangerous dimension when agents have persistent memory

- How attackers can plant a logic bomb inside an agent's memory using entirely benign inputs, then trigger it later

- What "identity" means for a piece of software, and why scoping agent behavior is the single most impactful security control

- Why indirect prompt injection is already happening in the wild, not just in research papers

- The two questions every CISO must answer before authorizing an autonomous agent deployment

This episode is essential listening if you're a CISO evaluating your first autonomous agent deployment, a developer building agentic systems today, or a security practitioner trying to get ahead of a threat landscape that is moving faster than anyone expected.

- The Moltbook Case and How We Need to Think about Agent Security

Related Episodes:

- Securing the Future of AI Agents

- Inside AI Runtime Defense

- Securing AI in the Enterprise

#AIAgents #AISecurity

About Threat Vector

Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends.

The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.

Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization.

Palo Alto Networks

Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠http://paloaltonetworks.com.⁠