AI & IAM: Where Security Gets Superhuman (Or Supremely Stuck) - Matt Immler, Heather Ceylan, Alexander Makarov, Nitin Raina, Dor Fledel, Aaron Parecki - ESW #427

10 snips

Oct 6, 2025

Guest

Nitin Raina

This discussion features Dor Fledel from Okta, who dives into identity sprawl and automated remediation for AI agents. Alexander Makarov from Adyen shares insights on phishing-resistant authentication and identity automation. Standards expert Aaron Parecki emphasizes the importance of interoperable identity frameworks. Heather Ceylan of Box talks about embedding AI into workflows while maintaining data governance. Finally, Matt Immler discusses insider threats and the need for a security-focused culture, while Nitin Raina warns about AI-driven social engineering.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

Identity Sprawl Is A Business-Driven Risk

Identity sprawl is driven by business desire to move fast and adopt tools without centralized control.
That creates an "identity jungle" of human and non-human identities that increases risk unless governed.

ADVICE

Follow A Maturity Path For Ephemeral Access

Start with discovery, prioritize, then remediate and automate to move from static to ephemeral access.
Configure policies to auto-detect and remediate non-human identities in near real-time to reduce friction and risk.

INSIGHT

Least Privilege For Agents Becomes Measurable

Quantifying least-privilege for AI agents is now possible and necessary to balance risk and productivity.
Organizations want tools that benchmark risk versus peers and guide board-level decisions on acceptable exposure.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

At Oktane 2025, leaders from across the security ecosystem shared how identity has become the new front line in protecting today’s AI-driven enterprises. As SaaS adoption accelerates and AI agents proliferate, organizations face an explosion of human and non-human identities—and with it, growing risks like misconfigured access, orphaned accounts, and identity-based attacks.

In this special Enterprise Security Weekly episode, we bring together insights from top experts:

Dor Fledel (Okta) explains how teams can gain visibility into AI agents, uncover risks, and enforce appropriate access controls.
Alexander Makarov (Adyen) shares how a global fintech unified and streamlined identity with Okta, improving both security and employee experience across 200+ countries.
Aaron Parecki (Okta) highlights the importance of open standards—like IPSIE, MCP, and A2A—for building secure, interoperable AI ecosystems and centralized control over AI-driven interactions.
Heather Ceylan (Box) discusses how Box embeds AI into workflows to enhance data protection, even for highly regulated industries.
Matt Immler (Okta) offers lessons from the field on strengthening defenses with behavioral monitoring, automation, and a security-first culture to counter attackers who now “log in” instead of hacking in.
Nitin Raina (Thoughtworks) warns about AI-driven social engineering—from deepfakes to multi-channel phishing—and shares practical strategies like phishing-resistant MFA, zero-trust architecture, and better employee training.

From open standards to privileged access management and AI-powered defense, these Oktane 2025 conversations explore how identity-driven strategies are shaping the future of enterprise security.

Segment Resources: https://www.okta.com/newsroom/articles/old-security-challenges--new-ai-risks--managing-authorization-in https://www.okta.com/newsroom/press-releases/okta-introduces-cross-app-access-to-help-secure-ai-agents-in-the/ https://www.okta.com/blog/ai/securing-the-ai-agent-ecosystem/ https://www.okta.com/customers/adyen/ https://www.okta.com/newsroom/?sort=featured&filters=okta%3Acategories%2Fidentity-security https://www.okta.com/customers/thoughtworks/

This segment is sponsored by Oktane by Okta. Visit https://securityweekly.com/oktane to learn more about them!

Visit https://www.securityweekly.com/esw for all the latest episodes!

Show Notes: https://securityweekly.com/esw-427