Security Matters EP 20 - Why agentic AI is changing the security risk equation
Nov 26, 2025
Lavi Lazarovitz, VP of Cyber Research at CyberArk Labs, discusses the evolving security landscape shaped by agentic AI. He highlights the growing risks tied to overprivileged AI agents and the challenges of hybrid identities. Lavi emphasizes the importance of rethinking security controls as organizations scale AI, detailing real-world deployments that revealed vulnerabilities faster than traditional teams. He advocates for prioritizing discovery and visibility in agent technology to mitigate future breaches. Lavi's insights are a crucial guide for anyone navigating the intersection of AI and cybersecurity.
AI Snips
Chapters
Transcript
Episode notes
Hidden Prompt Led To Silent Data Theft
- A finance AI agent read a malicious prompt hidden in a shipping address and triggered a tool to pull sensitive financial data.
- Lavi Lazarovitz used this story to show overprivileged agents can exfiltrate data without malware or alerts.
AI Agents Are Three-Model Services
- An AI agent is a three-model service: orchestration, tools, and the LLM itself.
- This modularity gives agents autonomy but also creates multiple attack surfaces tied to each module.
Risk = Agents × Entitlements
- Risk scales with the number of agents and the breadth of their entitlements.
- More agents plus broader permissions create exponentially more opportunities for compromise.