Securing agentic identity 0 ▲ Matthew Garrett 2 hours ago · 8 min read1687 words · Tech · hide · 0 comments As is the case for many people working in the security industry, the last few months of my life have been focused on dealing with people wanting to use LLMs everywhere. From an enterprise security perspective that’s not an inherent problem - what’s more of a problem is that people want those agents to have access to resources like their calendar and email and so on, and now we have somewhat non-deterministic agents that seem very enthusiastic to achieve what you asked whether that’s a good idea or not, and we’re combining this with credentials that give them access to sensitive data, and leaving those credentials on disk where they can be committed into git repos or exfiltrated to some other service to make use of them on the agent’s behalf or well just any other number of things, at which point your CEO’s email is suddenly readable by everyone and you’re having a bad day. As I mentioned in my last post, pretty much every strong mechanism for keeping credentials in place is just not… No comments yet. Log in to reply on the Fediverse. Comments will appear here.