When AI Goes Rogue: API Security in the Age of AI Agents | Guest Sam Chehab

21 snips

Apr 21, 2025

Sam Chehab, Head of Security and IT at Postman, shares insights from over 20 years in cybersecurity. He discusses the complexities of API security amid the rise of rogue AI agents and their threat to security systems. Chehab emphasizes the need for collaboration between development and security teams to tackle these challenges. He also shares his journey, the shift to zero-trust strategies, and the role of AI in both aiding and threatening cybersecurity. Listeners will benefit from his practical advice for navigating careers in the ever-evolving tech landscape.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

ANECDOTE

Early Tech Spark from Dad

Sam Chehab's early tech fascination began with a compact laptop challenge from his dad.
He transitioned from civil engineering to tech, inspired by this early exposure.

INSIGHT

Balancing Security and Usability

Cybersecurity blends technical mastery with business acumen to reduce risk without overburdening users.
Effective security balances protection with user-friendly implementation to avoid risky workarounds.

INSIGHT

Pragmatic Zero Trust Strategy

Zero trust strategy must be pragmatic and understandable, focusing on hardening identities, devices, and applications.
Emphasize enforced least privilege and monitor operational exceptions for effective security management.

Get the Snipd Podcast app to discover more snips from this episode

Get the app

Get your FREE Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcast

Today on Cyber Work, Sam Chehab, the head of security and IT at Postman, dives into API security and the intriguing concept of rogue AI agents. Chehab discusses the internal challenges posed by well-meaning developers, the potential threat of hackers using AI to create more sophisticated malware, and the evolving roles of development and security teams. The episode also navigates through Chehab's career, including his time at Nvidia and leading a zero-trust strategy deployment for Palo Alto Networks. Listeners will gain insights on integrating AI tools for API defense, the future of cybersecurity roles, and practical advice for breaking into the industry. Plus, learn about Postman's strategies and tools to ensure secure API development and management.

– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast/?utm_source=youtube&utm_medium=podcast&utm_campaign=podcast

00:00 API security and rogue AI agents
00:45 Sam Chehab's background and career journey
03:54 Transition to data security
12:47 Implementing a zero-trust strategy at Palo Alto
20:06 Responsibilities at Postman
23:02 Understanding rogue AI agents
26:42 Ensuring API security and collaboration
27:34 Challenges in securing APIs
28:31 Postman's approach to API hygiene
29:39 The future of API security
34:42 Career advice for aspiring security professionals
39:18 The role of AI in API security
45:20 Postman and upcoming events
47:59 Outro

About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.