Hi everyone,
This week’s Shared Security episode is a shorter solo one, but the topic is too important to skip: AI agents and the security boundaries they need before we let them act on our behalf.
The starting point is a recent 404 Media story about attackers reportedly tricking Meta’s AI support chatbot into helping them access high-profile Instagram accounts. The scary part is not just that an AI system made a mistake. It is that the AI system appears to have been connected to a workflow with real consequences: account recovery, support escalation, and access changes. That is the shift we need to pay attention to. A chatbot answers questions. An AI agent can take actions. Once an agent can read email, update support tickets, reset accounts, approve access, publish content, schedule meetings, or modify systems, it needs the same kind of controls we already apply to privileged accounts and automation. That means least privilege, scoped access, logs, monitoring, approvals, and a fast way to revoke access.
In this episode, I walk through the practical guardrails: start read-only, draft first and require human approval, separate personal/business/client/employer contexts, treat untrusted content as data rather than commands, and test agents adversarially (especially when they sit near support or account recovery). AI agents are not going away. The goal is not to avoid them. The goal is to use them without giving convenience more power than control.
Links from the episode
404 Media: Hackers Simply Asked Meta AI to Give Them Access to High-Profile Instagram Accounts. It Worked. — https://www.404media.co/hackers-simply-asked-meta-ai-to-give-them-access-to-high-profile-instagram-accounts-it-worked/
The Verge: Meta’s own AI was exploited to hijack Instagram accounts — https://www.theverge.com/tech/941179/meta-instagram-ai-support-chatbot-exploit-hacked
Also worth your attention this week
404 Media: AI agents do not care about safety or reliability — Researchers from Nvidia and Microsoft are warning that agentic AI can optimize for completing tasks without sharing human assumptions about safety or reliability. That pairs directly with this episode: usefulness is not the same thing as safe delegation. Source: https://www.404media.co/nvidia-and-microsoft-researchers-say-ai-agents-dont-care-about-safety-or-reliability/
EFF: communities fighting Flock and mass surveillance tech — Local surveillance tools like automated license plate readers affect ordinary drivers, not just suspects. The encouraging angle is that communities are learning how to push back and demand transparency before these systems become invisible infrastructure. Source: https://www.eff.org/deeplinks/2026/06/get-flock-out-here
Android call verification to fight impersonation scams — Google is adding call-verification features meant to make scam calls and impersonation attempts harder to pull off. This is a practical consumer-security response as spoofing, voice cloning, and social engineering keep getting more believable. Sources: https://www.helpnetsecurity.com/2026/06/03/android-fake-call-detection-feature/ and https://www.wired.com/story/android-is-fighting-phone-scams-with-a-new-feature-to-prove-whos-calling/
Quote From This Week’s Episode
“An AI agent should not be treated like a magic helper. It should be treated like a delegated actor with permissions, logs, boundaries, and clear guardrails.”
— Tom Eston
Tom’s Take
If an AI agent can take action, it is part of your identity and access management problem now. Treating it like “just a chatbot” is how teams end up giving automation the power to reset, approve, delete, or expose things without the controls a human or service account would normally have. Start small, log everything, and make approval the default for anything consequential.
Listen / Watch
🎧 Audio Podcast: https://sharedsecurity.net/2026/06/15/guarding-ai-agents-boundaries-and-safeguards/
▶️ YouTube Version: https://youtu.be/TL3MGnI4hUU
We’d Love Your Feedback
Are you using AI agents for email, calendar, documents, support, coding, or business workflows yet? Reply to this email or leave a comment on YouTube and tell us what guardrails you think matter most.
Thank you to our Sponsors!
Special thanks to Guardsquare for sponsoring this episode! Guardsquare is the leader in mobile application security, with multi-layered protection for your Android and iOS apps. Learn more at Guardsquare.com.
🎁 Get 10% off your order of high quality faraday products built to protect your privacy from SLNT! Visit: https://slnt.com and use discount code "sharedsecurity" at checkout.
Closing
If this episode was useful, please support Shared Security by subscribing on YouTube, becoming a YouTube channel member, following the show on your preferred podcast app, leaving a rating or review, and sharing the episode with someone who is experimenting with AI agents at work.
Stay safe, stay secure, and stay private.
Tom Eston
Founder and Host, Shared Security Podcast

