A (2:49)

Yeah.

C (2:50)

This is how ed tech work.

A (2:51)

Not I, I say old fashioned. That's Almost a tongue in cheek because it's old fashioned of like 24 months ago. Yeah, yeah, no AI here.

C (2:59)

Yeah, no, so, so, so that's what's I think really fascinating and I think it kind of shows that these same techniques, right, even when they're not used in kind of gross contexts like this, they're still highly invasive. In this case, you know, it was probably very easy for them to determine that this college student was in the Tennessee area because she was an influencer. So she was broadcasting out where, where her college was. But you can imagine, you know, we know that this ad tech technology is granular enough to locate you, locate your friends, identify possible interests and then serve you up ads. So taking someone's, and these companies are based overseas, taking someone's TikTok videos and then reappropriating them into casual, you know, dating advertisements non consensually is. It's always something that was out there. You didn't need AI to do it.

A (3:53)

Right. And I want to talk about the main reason the lawyers in this case has been so vocal about this is while yes, they are representing a client and obviously want to do the best job there. But the, when you interviewed the lawyer, he made a big point to be like, look, there could be hundreds or thousands of people out there that have had the same thing happen. I mean the only reason that this even came to light is because one of the gentlemen that was geotargeted with the ad of this influencer happened to live in her dorm and went up to her and went what are you doing? Is this you?

C (4:27)

And on my phone and took screenshots and recorded it. And that actually ends up in the lawsuit as evidence that they're using that these ads existed. So yeah, it's really, really scary. The, the laws that they are citing in this case are really more around things like the Lanham act, the Elvis act, which is a state law in Tennessee that is really about not being able to take other musicians and artists identities without their permission. It does cover AI, but also not LAN act is really about, you know, your, your trademark and copyright abilities. So a big argument was yeah, this could be happening to other people. But also this is something that would put this influencer in a bad light, right with if they wanted to have business relationships with other people, other influencers, having them be show up in this non consensual ad was, was, was not good for that too. So it's a whole bunch of bad things that this company is a, these companies are accused of doing.

A (5:25)

Yeah, So I think this is also a good example of why laws like the Take It down act are so important. Because a lot of what we saw with the Take It down act revolves around non consensual pornography. A lot of it is, is rooted in sexually explicit content. This content itself wasn't sexually explicit. But the non consensual part of it is something that is so important. So it goes to show that the non consent part of this, when it comes to the actual applicability of the law, that's why we have all these laws and why these laws are so important. Because we can see that the Internet to some degree is still a wild west and stuff like this happens and there needs to be retribution, whether it is from a copyright standpoint or just non consensual standpoint as well. A misrepresentation?

C (6:25)

Yeah. No, and I mean, I think it also shows that the Take It down act there might even be gray areas, a room for laws that go beyond the Take It Down Act. Because I remember when we were reporting out the, what GROK was doing, making non consensual nudes, I was talking to lawyers who had different views on what would be captured and what wouldn't based on whether they were, the person was generating, you know, fully nude or whether they were generating people wearing bikinis. You know, this would not, I don't know, I don't know that it would necessarily fall under the Take It down act, under their take it down provisions or not. But I think what you're talking about here, the non consensual aspect, using someone's image and likeness. A digital forgery is a, is a term that you see sometimes pop up in law. You know, it, it can have real harm in a way that just wasn't possible, you know, even five years ago to do it with video, with images. This.

A (7:20)

Well, so shifting gears, this app. Talk to us a little bit about the background of this app.

C (7:26)

Yeah, they're. So it's basically run by three different companies are named in the lawsuit. One's based in Virgin Islands, the other two are based in Hong Kong and China. So there is a belief here that this is sort of a kind of a Chinese scam app. There are a lot of complaints about bots on the platform and kind of other things that make you indicate that this is not a, a particularly high quality kind of operation. They, they have had reporting done in the past by, by other outlets on their, on their bot problems as well. So I, I was not able to reach them. They had a, a Website that literally just had one page with a message, a email that didn't work. And that was kind of it. So, you know, it was. I talked to the lawyer about whether they had reached out and they said, look, really, this is so egregious. This is not like, you know, this is not something where we would send a cease and desist. This is intentional, you know, taking someone's image and using it for, for commercial gain and manipulating it. So yeah, it's, it's a, it's a crazy situation. And this company, these companies, the fact that they're based overseas, it may make it a little bit harder for the, the plaintiffs to get, get the judgment on them. But you know, they pointed out they have filed for US Patents and trademarks. They sell on the Apple and Google Play store. They advertise in the United States. It's one of the largest countries that they advertise to.

A (8:57)

I mean the. Was on Snapchat.

C (8:59)

Yeah, absolutely.

A (9:00)

There is some operations.

C (9:02)

So their lawyers argument is they are absolutely in the US Market and if they're in the U. S Market then they need to be subject to, to our laws. And so that is, is the, the argument that they're going with. We'll see how it plays out.

A (9:13)

Wild story. Really appreciate your reporting. Thanks for joining us on the program, Derek. Now to our interview with Howard Ting, who I spoke with at the RSA conference. Look, so much about agentic AI has to do with identity. And Howard's company, Opal Security really sits at the intersection of identity and AI. We had a really nice conversation. We actually popped outside and sat outside the Moscone center and shot the breeze. It was a really interesting conversation about what Howard thinks about when we're talking about AI and identity and how the two are interlinked. Check it out. All right, joining us on this week's Safemo podcast, coming to you from the 2026 RSAC conference, talking with Howard Ting, the CEO of Opal Security. Thanks for joining us.

B (10:06)

Great to be here with you. Thank you.

A (10:07)

Yes, great to be here. Great day. We actually are filming this outside because it's just such a lovely day that we decided to do things a little bit different. So speaking of doing things different, I would say that this conference, particularly this year, AI above everything else. Like normally when you come out to rsa, I feel like there's always buzzwords and it feels like it's been the same buzzwords for five or seven years. And look, we were talking about AI last year, but I feel like the tenor of this conference this year is like the AI. AI threat is real. The AI threat is real. And then on the defensive side, it's all about figuring out how to use AI inside enterprises to defend against all the threats that we're seeing, whether they are AI generated threats or not. So I'm wondering from your position with your company being focused on really how identity ties into AI, what have you seen over the last six to 12 months on how all of this is moving and how all of this is evolving?

B (11:07)

Yeah, it's moving at an incredible speed. And the area of identity that we play in is around access governance. Managing access for agents essentially is the hottest topic I think in, in lots of circles in cyber. And it's really interesting when you look at how access is managed for humans today. We have tremendous problems already. There's a lot of wait time, a lot of friction. You know, in some of our customers we can see like, you know, across a 12 month period, they're spending an 40 plus years of wait time waiting for access to critical resources to, for engineers and other highly paid knowledge workers to do their jobs. And then you would think like, because we're doing more and more just in time, we don't have any standing permissions. Right. All the permissions that we grant should be used. But we see a similar problem on that end of the spectrum that many of these organizations, they're struggling with lots of access that's never used, granted, but never used. So that presents latent risk. So this is just when we're talking about access for humans. Now you layer on AI agents into the equation and it's going to be a real game changer in a very negative way. Because agents can't wait. Right. They don't, they don't want to wait 15 minutes for a request. They're single threaded. So if they're being denied access, they, they, they, they don't find workarounds that you know, organizations might find comfortable. And then of course the scale, some people say like there's a scale ratio of like 100 non human identities for every human identity. But when you think about access for agents, I think it's going to be tens of thousands to one because you know, the human can get access for a, a period of time, like a day, a week, a month. The agent's gonna get access to do its one thing and that's then the access is gone. Yeah, so every action is gonna require a contextual access decision. And so we're talking about tens of thousands, you know, multiple of tens of Thousands in terms of scale when it comes to access decisions. So the infrastructure and tooling that we have to manage access for humans is gonna be completely broken with this onslaught of agents. And that's what we see in here very, in a very big way right now.

A (13:13)

Yeah. So when security teams that are figuring out AI say we're securing this, we gotta secure this, what are they doing first? Like, what do they find that's most important? And even if they think that they're doing it the right way, are they doing it the right way? Like, what are you hearing from what enterprises are doing and what should they be doing? Like, are they on the right track?

B (13:36)

I think it's still very early days. I think everyone's trying to figure it out right now. You see a lot of the, you know, the most commonly deployed tooling for AI is coding agents and essentially that's using your human identity. And I think there's going to be a level of control that's needed for every individual knowledge worker, that's employee agents, to be able to decide, like, for example, I may want my agent to be able to draft and compose emails, but I don't want it to send. Right. So there's some level of control that every individual knowledge worker needs to have over their agents. And then on the company level, maybe I want my engineers to be able to, or the engineer may want to push an update, a pr, you know, into a production system, but the company may not want that. So there's going to need to be an individual employee level controls and then there's going to be company level controls that are needed. And all of this stuff is brand new. So there's very, very little of this tooling that's in place today. And the cyber community needs to build it, needs to rise to the occasion.

A (14:44)

So as they are building it and as they are experimenting with it, what are you finding when it comes to the identity governance gaps? Like what is AI instantly exposing that CISOs or anybody that's on the security side or even on the development side maybe going, oh wait, we didn't think of that and we need to, let's have a meeting and figure out what we're going to do.

B (15:06)

We're seeing a lot of these examples, right? There's the well publicized story just this past weekend where someone at Meta had posed a question, a technical question in a Slack channel. Another employee's agent went and answered that question. But in the process of answering the question revealed a bunch of very sensitive data or exposed sensitive data in the Answer. And so there was sensitive data that was exposed for a period of time. I think I read it was like two hours before they caught it. But there are a lot of these unintended consequences. We're unleashing these agents to be able to do critical work, but we're not thinking through all of the controls that are needed to safely govern all this stuff. So it's wild, wild west days, it's early days. And I think the more that we see these incidents occur, the more it's shining a spotlight on this problem and the need to get better governance in place.

A (15:59)

So let's talk about that. So some of those examples, that's perfect for what I've been hearing as well. So what does least privilege look like when teams spin up these AI tools? Because I think about OpenClaw, like obviously OpenClaw is an agent and could get put into a company slack or get put into some other internal collaboration tool or something like that, where there are obviously permissions, where it's like, are we sure we want to do that? So what are those questions that need to be asked when it comes to what exactly we're hooking the agents into inside the enterprise?

B (16:32)

Well, the first step in all cyber is visibility. We need to know what is happening, right? We need to what these agents are, who built these agents, whether they're sanctioned by the company or not. There's a lot of Shadow AI that's being deployed right now. OpenClaw is a great example of that. A lot of employees are installing that on their workstations under a company issued laptops. So I think what we see initially is more and more prevention of even installing these packages on company managed machines. That's the first step. But just like, you know, companies try to block cloud usage in the beginning, it's a fairly futile attempt and it's actually a business inhibitor to not allow your employees to utilize these very powerful tools. So I think the first step is everyone's just trying to get an understanding of what are these tools that are being deployed and then to determine like what's okay and what's not for just being installed and used. And then a more granular access decision has to be made. Like the example I gave you. Do I allow this agent that someone built with OpenClaw to push an update, push a PR to my production system? Most companies would probably say no. And I think we need to put those kinds of controls in place. And that tooling just doesn't exist today.

A (17:42)

So aside from the tooling on the human Side, who needs to own this inside the enterprise? Is it the ciso, is it an app owner? Is it a chief data officer? If that's a position inside an enterprise, is it a business leader all the way up to a CEO? Like, what about those conversations and what does that look like from who is actually managing what the AI touches?

B (18:05)

I mean, ultimately I think it comes down to risk, risk management and the CISOs own this, but I think it's gotta be a shared responsibility. Without proper collaboration and coordination between these different stakeholders, it's gonna be impossible to get control of all this. So I think ultimately the responsibility resides with whoever is responsible for managing risk. That's the ciso, and he or she needs to play a prominent role in developing these programs. But I think all the stakeholders have to come together and decide, like, collectively, what do we want to do to be able to support our business objectives.

A (18:35)

So as AI agents start to become more of a thing inside enterprises. You talked about it at the beginning there. Human identities versus non human identities. How does the security team treat that differently? I know you, I mean, we talked about how it's look 247 always on. But what else needs to be in the calculus when talking about what these agents can and cannot do?

B (18:56)

You know, I think a lot of it is taking policy intent and be able to encode that into your systems. Like, a good example of policy intent is I want to protect my customer data with the highest safeguards and I always have to respect what's in my MSA, my master services agreement with my customer. The MSAs typically have a thing called a DPA that gets attached to it, data Processing agreement. And that DPA spells out what you could do with that customer data. So I want to be able to express my intention to a system like that. Like, I need to protect my customer data and I need to respect what's in the msa. And we need tooling then to translate that into policies and enforcement actions in these target systems. And that's what we're building at Opal. And we think that's going to be something that a lot of the LLM providers, the major labs, are not going to get into because ultimately they're not really deep subject matter experts in cyber. Like, the first move that a lot of these labs put out with AppSec tooling, that makes a lot of sense because they're building a lot of AppSec tools and a natural extension of that is to secure the code that's being written by these agents. I don't see them getting into providing like a, you know, a governance stack for agents, necessarily because you want that governance stack to run across all of your underlying agents and the agents are going to be built with many different platforms. And so I definitely see this as an area where there's great opportunity for the cyber community to build an important product category.

A (20:28)

So where do you think the next wave of incidents are going to come from? Will it be compromised human accounts or is it going to be like overprivileged agents going, why is an agent in this system? Or why did I just get this output? Like you brought up the meta example. I think that that's a good example for what we're talking about here. Like, is that going to become more common than a human centric attack with AI agents?

B (20:51)

I think just like insider risk, most of it is inadvertent or non malicious. Right. Like most insider risks are employees trying to do their jobs, working around controls. And I think the agents will. It's going to be a similar thing. Most of the risk is going to be unintended, it's not malicious. Right. It's the unintended, like that consequence of an agent trying to answer a question in a messaging app in your company, Slack or whatever. You're using Team Slack and it's using a lot of the information that it has access to, but it has no judgment about how it's answering the question like a human does. And I think a lot of these unintended consequences, that's where we're going to see the initial problems, just like we did over the weekend with Meta.

A (21:36)

So if you're a CISO with a messy reality, what's the first 30 days of work look like to enable adoption safely?

B (21:47)

I touched on it already. The first thing is we gotta get visibility of what agents are being used, whether they're built with sanction tools or not. And then of course we need to understand what these agents are actually doing. So I think the runtime piece, right, in access and authorization there's been kind of like three distinct functions that we're trying to provide. There's like the pre access, provisioning and orchestration. Then there's the runtime checking every access request and making a runtime or real time decision on that. And then there's the post access governance where we go do access reviews and things like that for compliance reasons. You know, I think for agents a lot of the action is going to be in that middle piece, the runtime piece. So I think we need to get some product, some product that's Like a proxy, a gateway where all of the agent traffic can flow through so that we can understand what's happening at runtime and then we can start layering on more and more controls. So I think the first 30 days is find, build or find maybe some CISOs, try to vibe code this type of product, but find, you know, a vendor or start building that tooling so that you can see what's happening with all the agent traffic from a runtime perspective and then analyze what's happening and then start to layer in controls.

A (23:07)

So zooming out a little bit. So much of identity governance fits into Zero Trust. And Zero Trust has obviously been a big buzzword for years in the industry. But I've been talking to some experts and we've done some stories on cyberscoop where people are trying to balance whether Zero trust can really live up to its potential, especially in the AI area. I'm curious what your thoughts are there, considering what we've been talking about with agents and runtime and really making sure that agents can do what they're intended to do, but follow the security principles that CISOs have been trying to put inside their enterprises for the past decade.

B (23:41)

You know, I think it goes back to what I said earlier about like, can we get the agents to. To understand intent and context in a way that it can make the right judgment calls. And I think right now I would say we don't see evidence of that. Right. We see evidence that the agents are going to find any means to accomplish its task. And in the process of accomplishing its task, it's going to probably run afoul of a lot of policies and controls that we want to implement. So I think this is completely unchartered territory. I think looking at prior models of how we think about Zero Trust or access for humans, I think we have to rethink all of that.

A (24:24)

So finally, I'd ask. We did touch on a little bit of this, but let's look even forward. We're at RSA 2027. What does identity governance need to look like in order to have better conversations around securing AI agents?

B (24:40)

I think identity governance has to be a lot better. The tools in this category have to be a lot better at understanding policies, like, what is it that we're trying to do? What is it that we're trying to govern? I think identity governance tools also have to have more of a runtime component, as I mentioned, because today a lot of identity governance tools kind of look at after the fact, what access has happened, what permissions are There and then also work a little bit on the upfront orchestration piece. They're very deficient on the runtime piece. A lot of the runtime authorization is handled by a whole different set of tools and protocols and standards that have emerged and you know, things like Authzen and things like that. I think these worlds have to converge because without understanding, because when you think about it, access can be granted on a single shot basis. The agent needs to do a thing in the moment, we're going to grant it access and then the permission is gone. So there isn't this need to go do a UAR access review. You know, agent review, agent access review. It'll be AAR in the future. We're not going to need to do that because there won't be any permissions that are unused. So I think a lot of the tools in this category we're going to have to get better at inserting ourselves into the agent runtime. And that's what access governance tools don't do today. And so I think there is a big step evolution in this product category because these products have to be built very differently. When you're working out of band, looking at access permissions and figuring out what entitlements should be revoked, there isn't much latency requirement. That job could take an hour. The AI that powers that can take a day to do and it's going to be fine. But when an agent is looking for a request and a decision or a decision to a request in real time and it's got very, very low latency expectations, that's a very different type of product architecture. So I think that's one thing we have to get more inserted into runtime. The second thing is I think only agents AI can manage AI. There's no way so much of how human identity access is manages with other humans. In our customer base. For example, roughly 50% of the access requests are human approved and the other 50 are auto approved. A lot of the auto approved ones tend to be like low value resources and kind of repeat access requests. I think with agents, the amount of decisioning that has to go through some sort of intelligent decisioning engine, it's going to be the majority. There's going to be very little that you could simply say, oh, we've seen this before, we're going to just auto approve it because everything's going to be contextual. But when you think about that, think about the latency scale requirements. You know, there's no way humans can be in the loop on a lot of these decisions. So I think the second big thing that our category has to do is we got to build a lot more intelligent AI that can make decisions that are adaptive and dynamic and real time.

A (27:26)

Great Howard, really appreciate you having aboard. Thanks for your insights.

B (27:30)

Thanks for spending a beautiful sunny San Francisco day out with me.

A (27:35)

Hey, not a cloud in the sky. Great conversation.

B (27:37)

All right.

A (27:37)

Thank you very much.

B (27:38)

Thank you.

A (27:39)

Thanks for listening to Safe Mode, a weekly podcast on cyber security and digital privacy brought to you by cyberscoop. If you enjoyed this episode, please leave a rating and a review and share it with your friends, your co workers, your CISOs, your sysadmins, your mom, your dad, anybody that wants to know more about cybersecurity. To find out more information or to contact me, please look for all of our social media handles or visit visit cyberscoop.com thanks for listening. Check us out next week.