
The AI AuthZ Problem: Why Human Least Privilege Fails for Autonomous Agents
From AI Security Podcast by TechRiot.io
June 4, 2026 · 48 min · Season 4 · Episode 14
About this episode
The episode discusses the challenges of authorization for AI agents and the risks of connecting them to production data.
Why are security leaders terrified of connecting AI agents to production data? Because unlike humans, AI agents don't apply judgment, and they operate at machine speed, meaning they can relentlessly hunt down production credentials and do catastrophic damage before a human analyst even blinks. In this episode, Ashish and Caleb sit down with Graham Neray , CEO of Oso, to tackle the massive, unsolved problem of AuthZ (Authorization) for autonomous AI. We explore why the industry's reliance on static, over-permissioned human identities is a recipe for disaster when applied to tools like Claude Code and Notion Agents. Graham explains the dangerous pitfalls of allowing agents to adopt the permissions of their human operators (privilege escalation), versus the complexity of assigning agents their own unique service accounts. The conversation dives deep into the fragmented agent security market. Should you deploy a browser extension, an endpoint sensor, or an edge proxy?. Learn why blocking destructive actions is a flawed approach (because agents need to destroy things to work), and why the future of AI AuthZ requires dynamic, data-level policies and continuous "human in the…
People in this episode
Hosts: Ashish, Caleb
Guest: Graham Neray
Topics covered
- AI security
- authorization
- autonomous agents
- human least privilege
- production data
- dynamic policies
Keywords
- AI agents
- authorization
- security
- human judgment
- privilege escalation
- service accounts
- data-level policies
Mentioned in this episode
Organizations: Oso
Products: Claude Code, Notion Agents
More episodes of AI Security Podcast
- Why Asset Intelligence is Replacing the CMDB & Static Dashboards · June 11, 2026 · 43 min
- Securing AI at the Speed of Engineering | DoorDash | Forward Deployed Security | GRC Engineering · May 21, 2026 · 1h 3m
- Verification vs. Validation: How Autonomous AI is Changing Cybersecurity · May 13, 2026 · 1h 10m
- The Zero-Click AI Hack: How to Contain the Blast Radius of Autonomous Agents · April 29, 2026 · 47 min
- Buy vs. Build AI Security: Why [Box.com](http://Box.com) CISO is Creating their Own Agentic SOC · April 22, 2026 · 47 min
- Anthropic's Project Mythos: Why the "Zero-Day Machine" is Terrifying the Security Industry · April 18, 2026 · 1h 3m
Explore listener stats, chart rankings, contacts and more on the AI Security Podcast podcast page.