The Zero-Click AI Hack: How to Contain the Blast Radius of Autonomous Agents

The Zero-Click AI Hack: How to Contain the Blast Radius of Autonomous Agents

From AI Security Podcast by TechRiot.io

April 29, 2026 · 47 min · Season 4 · Episode 11

About this episode

The episode discusses the implications of AI agents in security, featuring insights from Elie Bursztein on the evolution of AI and recent vulnerabilities.

Is an AI agent's identity a workload or an action? Ashish spoke to Elie Bursztein , Distinguished Research Scientist and co-author of Google SAIF (Secure AI Framework) about how it is neither and that is exactly why our traditional security models no longer apply to the AI era . In this episode, Ashish sits down with Elie to explore the evolution of AI from a passive "brain in a jar" to an active agent that takes actions on your behalf . Elie breaks down the reality of Indirect Prompt Injection, sharing a recent zero-click exploit where simply sending a malicious Google Calendar invite caused an AI agent to execute unauthorized commands . If your organization is building agentic workflows, this conversation provides aroadmap. Learn why you must treat agents like contractors with a verifiable "mandate," why the order of tool execution matters (never let an agent access private banking data and then browse the open internet), and how the industry is moving toward "semantic firewalls" to contain the AI blast radius . Questions asked: (00:00) Introduction(02:50) Elie Bursztein’s Background & Creating Google SAIF (07:50) Defining AI Agents: The…

People in this episode

Host: Ashish

Guest: Elie Bursztein

Topics covered

  • AI security
  • autonomous agents
  • zero-click exploits
  • semantic firewalls
  • AI privacy
  • indirect prompt injection

Keywords

  • AI agents
  • security models
  • malicious exploits
  • Google Calendar
  • contractor analogy
  • semantic layer
  • AI observability

Mentioned in this episode

Organizations: Google, SAIF

More episodes of AI Security Podcast

Explore listener stats, chart rankings, contacts and more on the AI Security Podcast podcast page.