Interview with Harish Peri from Okta

Oktane Preview: building frameworks to secure our Agentic AI future

Like it or not, Agentic AI and protocols like MCP and A2A are getting pushed as the glue to take business process automation to the next level. Giving agents the power and access they need to accomplish these lofty goals is going to be challenging, from a security perspective.

How do put AI agents in the position to perform broad tasks autonomously without granting them all the privileges? How do we avoid making AI agents a gold mine for attackers - the first place they stop once they hack into our companies? These are some examples of the questions Okta aims to answer at this year’s Oktane event, and we aim to kick off the conversations a little early - with this interview!

Segment Resources:

• Check out securityweekly.com/oktane for all our live coverage during the event this year!
• More information about the event and how you can attend can be found here: https://www.okta.com/oktane/
• AI at Work 2025: Securing the AI-powered workforce

Topic - Indirect Prompt Injection Getting Out of Hand

Reports of indirect prompt injection issues have been around for a while. Of particular note was Michael Bargury's Living off Microsoft Copilot presentation from Black Hat USA 2024. Simply sending an email to a Copilot user could make bad stuff happen.

Now, at Black Hat 2025, we've got more: the ability to plunder any data resource connected to ChatGPT (they call these integrations "Connectors") from Tamir Ishay Sharbat at Zenity Labs. The research is titled AgentFlayer: ChatGPT Connectors 0click Attack.

Looks like Google Jules is also vulnerable to what the Embrace the Red blog is calling invisible prompts. Sourcegraph's Amp Code is also vulnerable to the same attack, which encodes instructions to make them invisible.

What's really going to ruffle feathers is the fact that all these companies know this stuff is possible, but don't seem to be able to figure out how to prevent it. Ideally, we'd want to be able to distinguish between intended instruction and instructions injected via attachments or some other means outside of the prompt box. I guess that's easier said than done?

News

Finally, in the enterprise security news,

1. Drones are coming for you… to help?
2. One of the most powerful botnets ever goes down
3. Phishing training is still pointless
4. Microsoft sets an alarm on its phone for 8 years from now to do post-quantum stuff
5. vulns galore in commercial ZTNA apps
6. GenAI projects are struggling to make it to production
7. Adblockers could be made illegal - in Germany
8. Windows is getting native Agentic support
9. Automating bug discovery AND remediation?
10. Public service announcement: time is running out for Windows 10

All that and more, on this episode of Enterprise Security Weekly.

Show Notes: https://securityweekly.com/esw-421

Interview with Snehal Antani - Rethinking Risk-Based Vulnerability Management

Vulnerability management is broken. Organizations basically use math to turn a crappy list into a slightly less crappy list, and the hardest part of the job as a CIO is deciding what NOT to fix. There has to be a better way, and there is...

Segment Resources:

• https://horizon3.ai/intelligence/blogs/vulnerability-management-is-broken-there-is-a-better-way/

This segment is sponsored by Horizon3.ai. Visit https://securityweekly.com/horizon3 to learn more about them!

Topic - Andy Ellis's Black Hat Expo Experience

Andy Ellis visited every booth at Black Hat. Every. Single. One. He wrote up what he learned and we discuss his findings!

https://www.duha.co/state-of-security-vendors-blackhat-2025/

News

Finally, in the enterprise security news,

1. Tons of handy new and free tools!
2. is cybersecurity really at the latter stages of consolidation?
3. new books
4. is our obsession with risk quantification hurting our credibility?
5. AI trends
6. is there an impending AI layoff-pocalypse?
7. we explain the kids’ favorite new term: Clanker

All that and more, on this episode of Enterprise Security Weekly.

Show Notes: https://securityweekly.com/esw-420

Topic Segment - What's new at Black Hat?

We're coming live from hacker summer camp 2025, so it seemed appropriate to share what we've seen and heard so far at this year's event. Adrian's on vacation, so this episode is featuring Jackie McGuire and Ayman Elsawah!

News Segment

Then, in the enterprise security news,

1. Tons of funding!
2. SentinelOne picks up an AI security company weeks after Palo Alto closes the Protect AI deal
3. Vendors shove AI agents into everything they’ve got
4. Why SOC analysts ignore your playbooks
5. NVIDA pinkie swears to China: no back doors!
6. ChatGPT was allowing shared chat sessions to be indexed and crawled by search engines like Google
7. Who is gonna secure all this vibe code?
8. Who is gonna triage all these hallucinated bug reports?
9. Perplexity and Cloudflare duke it out
10. When you try to scrub your shady past off the Internet, it might just make things worse.

All that and more, on this episode of Enterprise Security Weekly.

Show Notes: https://securityweekly.com/esw-419

The Weekly Enterprise News (segments 1 and 2)

This week, we’ve had to make some last minute adjustments, so we’re going to do the news first, split into two segments.

This week, we’re discussing:

1. Some interesting funding
2. Two acquisitions - one picked up for $250M, the other slightly larger, at $25 BILLION
3. Interesting new companies!
4. On the 1 year anniversary of that thing that happened, Crowdstrike would like to assure you that they’re REALLY making sure that thing never happens again
5. Flipping the script
6. How researchers rooted Copilot, but not really
7. talks to check out at Hacker Summer Camp
8. detection engineering tips
9. the Cloud Security Alliance has a new AI Controls Matrix
10. sending in the National Guard to handle a breach!
11. and how to read an AI press release

Interview: Guillaume Ross on Building Security from Scratch

Guillaume shares his experiences building security from scratch at Canadian FinTech, Finaptic. Imagine the situation: you're CISO, and literally NOTHING is in place yet. No policies, no controls, no GRC processes. Where do you start? What do you do first? Are there things you can get away with that would be impossible in older, well-established financial firms?

Show Notes: https://securityweekly.com/esw-418