News, Trends, and Insights for IT & Managed Services Providers
News, Trends, and Insights for IT & Managed Services Providers

Daily News /

Agent Identity Gaps: Why Apple and CISA Are Redefining the Security Perimeter

On the go? Listen to the Audio Podcast instead

Read this news instead

Your Host

Dave sobel, host of the business of tech podcast
Dave Sobel
Dave Sobel is a leading expert in the delivery of technology services with broad experience in both technology and business. He owned and operated a technology solution provider for over a decade, and worked for vendors leading community, marketing, product strategies, and M&A activities.

This content is made possible by community-minded viewers like you

Thank you

Support Business of Tech

Episode Description

The episode highlights a structural shift in cybersecurity risk, moving from a reliance on human skill as both the source of attack and defense to a landscape shaped by autonomous AI agents acting as privileged entities inside client environments. This pivot is illustrated by Sysdig’s discovery of an agentic ransomware attack (“Jade Puffer”) where AI software—not a human operator—managed intrusion end-to-end, adapting in real time without manual intervention. The key structural effect is a drastic reduction in the cost and skill required to mount effective attacks, while simultaneously introducing unmanaged access points in the form of AI agents with human-equivalent credentials.

Supporting this shift, Sysdig found that the AI-driven “Jade Puffer” attack executed more than 600 payloads, automatically adjusted after failures, and required minimal human oversight. ZDNet reported Apple’s unusually rapid patch cycle, attributed by the company to the speed of AI-driven exploit development. According to IT Pro, attackers typically remain inside networks for about two and a half weeks before detection, with nearly half of breaches only discovered after data loss. The U.S. cybersecurity agency CISA admitted to lacking an incident response playbook, improvising during a breach. These developments collectively indicate that existing human-centric security models are being outpaced by autonomous threats.

Further reinforcing this thesis, The New Stack emphasized a governance gap: most organizations lack standards for assigning identity or scoping access for AI agents, which today operate using human credentials without effective monitoring or control. AvePoint’s research, as cited by Dave Sobel, suggests the number of unseen AI tools inside organizations has nearly tripled, while about half of employees now use AI agents frequently. While agent-based automation expands operational efficiency, the inability to monitor or restrict these agents exposes a widening attack surface and undermines traditional governance.

For MSPs and IT service leaders, the operational ramifications include increased accountability for identifying, inventorying, and scoping AI agents as privileged identities within client environments. Continuing to rely on human-centric security and pricing models risks misalignment with actual exposure. The analysis suggests treating AI agent identity management as a distinct, recurring service line—akin to user identity and multifactor authentication—with pricing linked to risk rather than labor hours. Failure to proactively address this governance gap may result in unaccounted incidents and reactive, non-strategic service delivery that affects renewal cycles and liability positions.

00:00 5 Security Alarms Ringing at Once
04:22 Why Hacking No Longer Takes Skill
06:40 Your Agents Became the New Insiders
09:14 Why Do We Care?

Supported by:

ScalePad https://scalepad.com/dave/

💼 All Our Sponsors

Support the vendors who support the show:
👉 https://businessof.tech/sponsors/

🚀 Join Business of Tech Plus

Get exclusive access to investigative reports, vendor analysis, leadership briefings, and more.
👉 https://businessof.tech/plus

🎧 Subscribe to the Business of Tech

Want the show on your favorite podcast app or prefer the written versions of each story?
📲 https://www.businessof.tech/subscribe

📰 Story Links & Sources

Looking for the links from today’s stories?
Every episode script — with full source links — is posted at:
🌐 https://www.businessof.tech

🎙 Want to Be a Guest?

Pitch your story or appear on Business of Tech: Daily 10-Minute IT Services Insights:
💬 https://www.podmatch.com/hostdetailpreview/businessoftech

🔗 Follow Business of Tech

LinkedIn: https://www.linkedin.com/company/28908079
YouTube: https://youtube.com/mspradio
Bluesky: https://bsky.app/profile/businessof.tech
Instagram: https://www.instagram.com/mspradio
TikTok: https://www.tiktok.com/@businessoftech
Facebook: https://www.facebook.com/mspradionews

Choose your upgrade:

Get the full benefits of Business of Tech Plus

Insider Access

$12/month

Perfect for MSPs and ITSPs that want full interviews, early access, and ad-free listening

  • Programmatic Ad-free private podcast feedSame show, little interruptions
  • Channel Chatter previews1–2 topics with light insights
  • Early access to interview episodesHear it days before public release
  • Monthly Insider BriefTighter analysis you can share internally
  • Extra audio segmentsCut interviews, behind-the-scenes commentary, quick competitive notes
  • Become an Insider for $12/month

    Leadership Access

    $149/month

    Perfect for MSPs and Vendors that run a team and need the extended tactics, executive summaries, and weekly alignment brief

  • All Insider Access benefits plus . . .
  • Invite your teamIncludes access for 5 team members with option to add more
  • Vendor Strategy BriefsThe entire library, plus new analysis every month
  • Channel ChatterAll topics, full insights, complete vendor discussion + sentiment list
  • Quarterly State of the Channel Briefing
  • Monthly AMA submission priorityAsk Dave direct questions, and skip the line
  • Get the Leadership Edge for $149/month

    Vendor Partner

    $500/month

    Perfect for channel companies or vendors looking to deepen their engagement with the show.

  • All Leadership Access benefits plus . . .
  • Get highlighted as a show sponsor You'll get placement in the show notes, throughout the website, and on our dedicated sponsors page.
  • Enjoy regular shout outs You'll be featured in a rotating format during the show
  • Become a show sponsor for $500/month

    Search all stories