Cloud Security Podcast by Google EP260 The Agentic IAM Trainwreck: Why Your Bots Need Better Permissions Than Your Admins
Jan 26, 2026
Vishwas Manral, CEO of Precize.ai and author on agentic AI risks, brings networking and security protocol experience. He explains how agents act as runtime app logic and why IAM for agents is uniquely tricky. The conversation covers early risk guidance, constraining agent permissions, shared responsibility across providers, and emerging AI-on-AI threats.
AI Snips
Chapters
Transcript
Episode notes
AI Stack Reorders Traditional Tiers
- The AI stack shifts roles: the LLM acts like a database, agents become the application tier, and natural language becomes the UI layer.
- Treat LLM security and agent security like distinct disciplines similar to database vs application security.
Use Pragmatic Top‑10 Guidance Now
- Publish pragmatic, evolving guidance rather than waiting for slow standards to catch up.
- Use 'lines in the sand' like OWASP-style top 10 lists to inform immediate engineering practices.
Agents Behave Like Ephemeral Microservices
- Agents resemble ephemeral microservices: they appear, act on behalf of users, and can run across systems.
- This magnifies identity and authorization chaining problems already seen in service-to-service flows.