Hi everyone,

This week’s Shared Security episode is a shorter solo one, but the topic is too important to skip: AI agents and the security boundaries they need before we let them act on our behalf.

The starting point is a recent 404 Media story about attackers reportedly tricking Meta’s AI support chatbot into helping them access high-profile Instagram accounts. The scary part is not just that an AI system made a mistake. It is that the AI system appears to have been connected to a workflow with real consequences: account recovery, support escalation, and access changes. That is the shift we need to pay attention to. A chatbot answers questions. An AI agent can take actions. Once an agent can read email, update support tickets, reset accounts, approve access, publish content, schedule meetings, or modify systems, it needs the same kind of controls we already apply to privileged accounts and automation. That means least privilege, scoped access, logs, monitoring, approvals, and a fast way to revoke access.

In this episode, I walk through the practical guardrails: start read-only, draft first and require human approval, separate personal/business/client/employer contexts, treat untrusted content as data rather than commands, and test agents adversarially (especially when they sit near support or account recovery). AI agents are not going away. The goal is not to avoid them. The goal is to use them without giving convenience more power than control.

Also worth your attention this week

Quote From This Week’s Episode

“An AI agent should not be treated like a magic helper. It should be treated like a delegated actor with permissions, logs, boundaries, and clear guardrails.”
— Tom Eston

Tom’s Take

If an AI agent can take action, it is part of your identity and access management problem now. Treating it like “just a chatbot” is how teams end up giving automation the power to reset, approve, delete, or expose things without the controls a human or service account would normally have. Start small, log everything, and make approval the default for anything consequential.

Listen / Watch

▶️ YouTube Version: https://youtu.be/TL3MGnI4hUU

We’d Love Your Feedback

Are you using AI agents for email, calendar, documents, support, coding, or business workflows yet? Reply to this email or leave a comment on YouTube and tell us what guardrails you think matter most.

Thank you to our Sponsors!

Special thanks to Guardsquare for sponsoring this episode! Guardsquare is the leader in mobile application security, with multi-layered protection for your Android and iOS apps. Learn more at Guardsquare.com.

🎁 Get 10% off your order of high quality faraday products built to protect your privacy from SLNT! Visit: https://slnt.com and use discount code "sharedsecurity" at checkout.

Closing

If this episode was useful, please support Shared Security by subscribing on YouTube, becoming a YouTube channel member, following the show on your preferred podcast app, leaving a rating or review, and sharing the episode with someone who is experimenting with AI agents at work.

Stay safe, stay secure, and stay private.

Tom Eston
Founder and Host, Shared Security Podcast

Keep Reading