
The Zero-Click AI Hack: How to Contain the Blast Radius of Autonomous Agents
From AI Security Podcast by TechRiot.io
April 29, 2026 · 47 min · Season 4 · Episode 11
About this episode
The episode discusses the implications of AI agents in security, featuring insights from Elie Bursztein on the evolution of AI and recent vulnerabilities.
Is an AI agent's identity a workload or an action? Ashish spoke to Elie Bursztein , Distinguished Research Scientist and co-author of Google SAIF (Secure AI Framework) about how it is neither and that is exactly why our traditional security models no longer apply to the AI era . In this episode, Ashish sits down with Elie to explore the evolution of AI from a passive "brain in a jar" to an active agent that takes actions on your behalf . Elie breaks down the reality of Indirect Prompt Injection, sharing a recent zero-click exploit where simply sending a malicious Google Calendar invite caused an AI agent to execute unauthorized commands . If your organization is building agentic workflows, this conversation provides aroadmap. Learn why you must treat agents like contractors with a verifiable "mandate," why the order of tool execution matters (never let an agent access private banking data and then browse the open internet), and how the industry is moving toward "semantic firewalls" to contain the AI blast radius . Questions asked: (00:00) Introduction(02:50) Elie Bursztein’s Background & Creating Google SAIF (07:50) Defining AI Agents: The…
People in this episode
Host: Ashish
Guest: Elie Bursztein
Topics covered
- AI security
- autonomous agents
- zero-click exploits
- semantic firewalls
- AI privacy
- indirect prompt injection
Keywords
- AI agents
- security models
- malicious exploits
- Google Calendar
- contractor analogy
- semantic layer
- AI observability
Mentioned in this episode
Organizations: Google, SAIF
More episodes of AI Security Podcast
- Why Asset Intelligence is Replacing the CMDB & Static Dashboards · June 11, 2026 · 43 min
- The AI AuthZ Problem: Why Human Least Privilege Fails for Autonomous Agents · June 4, 2026 · 48 min
- Securing AI at the Speed of Engineering | DoorDash | Forward Deployed Security | GRC Engineering · May 21, 2026 · 1h 3m
- Verification vs. Validation: How Autonomous AI is Changing Cybersecurity · May 13, 2026 · 1h 10m
- Buy vs. Build AI Security: Why [Box.com](http://Box.com) CISO is Creating their Own Agentic SOC · April 22, 2026 · 47 min
- Anthropic's Project Mythos: Why the "Zero-Day Machine" is Terrifying the Security Industry · April 18, 2026 · 1h 3m
Explore listener stats, chart rankings, contacts and more on the AI Security Podcast podcast page.