Solving Prompt Injection & Shadow AI for AI Malware
Are AI agents functioning like adversarial malware inside your network? In this episode of the Cloud Security Podcast, Ashish sits down with Jasson Casey, Co-founder and CEO of Beyond Identity, to speak about the security risks introduced by Shadow AI and code assistants . Jasson explains why an AI agent executing a tool is the perfect opportunity for prompt injection or proprietary data exfiltration comparing unchecked agents to Ron Burgundy reading whatever is on the teleprompter . We discuss the "barbell" reaction of CISOs (either blocking AI entirely or blindly accepting the risk) and why placing device-bound identity at the core of your security stack is the only way to safely enable AI speed . From an $80,000 stolen Anthropic key nightmare on Reddit to a red-team exercise that cloned voices using Hugging Face models in just four hours, this episode highlights the tangible threats and solutions of the AI era . Questions asked: 00:00 Introduction 02:50 Who is Jasson Casey? (CEO of Beyond Identity) 03:50 The Reality of Shadow AI: Marketers & Devs Moving Fast 05:10 Why AI Agents Execute Like Adversarial Malware 06:20 Prompt Injection Over Time & Agent "Memory" as Persistence 07:40 The CISO "Barbell": Blocking Everything vs. Accepting All Risk 09:30 Applying the NIST Framework to AI Agents 12:00 The Reddit Horror Story: An $80,000 Stolen Claude Key 13:00 Why Device-Bound Identity is the Ultimate AI Control Plane 15:50 The Death of SaaS IT Products (Replaced by Git + Claude Code) 19:30 Fixing Prompt Injection & Exfil via Attributable Identity 20:50 Moving from UI Dashboards to API Data + AI Skills 26:20 Building "Agentic Playbooks" for Security Teams 27:40 Red Teaming: Cloning Voices in 4 Hours via Hugging Face 30:20 Fun Questions: Kangaroo vs. Crocodile Tasting 31:50 Hobbies: Radar Projects & Northern Mexican Cuisine (Dark Mole) -------------------------------------------------------------------------------- 📱Cloud Security Podcast Social Media📱 _____________________________________ 🛜 Website: https://cloudsecuritypodcast.tv/ 🧑🏾💻 Cloud Security Bootcamp - https://www.cloudsecuritybootcamp.com/ ✉️ Cloud Security Newsletter - https://www.cloudsecuritynewsletter.com/ Twitter: / cloudsecpod LinkedIn: / cloud-security-podcast #cloudsecurity
The Rise of Agentic Cloud Security: Code-to-Cloud Shrinks to 3 Days
Will AI Replace Application Security? Navigating the New SDLC
Attacking AI - Jason Haddix - NDC Security 2026
Surviving Ransomware: How to Guarantee a Clean Recovery After a Breach | ResOps
OWASP's Top 10 Ways to Attack LLMs: AI Vulnerabilities Exposed
Browser Security Explained: Consent Phishing, "Click Fix" Attacks & The Limits of EDR
Why AI Guardrails Are Dead & The Threat of Indirect Prompt Injection
Prompt Injection, Cloud Code & Agent Security Explained | CISO Guillaume Ross
AI Pioneer Geoffrey Hinton: AI Is Conscious, Superintelligence is Coming, And We Should Be Worried
Red Teaming in the Cloud: Why "Least Privilege" is a Broken Concept
Is AI Hallucinations a Myth and the Real Threat from AI
Ex-Google Exec: How to Position Yourself Now Before the Next AI Phase (2026–2027) | Mo Gawdat
The Invisible Prompt Injection Hack & AI’s "Fire Triangle"
Apple’s Big AI, Siri and Software Launch | Bloomberg Tech 6/8/2026
AI ATTACKS! How Hackers Weaponize Artificial Intelligence
How Claude Mythos Changes Vulnerability Management: From CVSS to Exploitability
Andrej Karpathy: From Vibe Coding to Agentic Engineering w/ Stephanie Zhan
How to Design an AI Native Engineering Organization
Opening Keynote: Lead in the Agentic Era
