#282 - Top 10 Agentic AI Attacks (with Rock Lambros)

#282 - Top 10 Agentic AI Attacks (with Rock Lambros)

From CISO Tradecraft® by G Mark Hardy & Ross Young

May 4, 2026 · 45 min · Episode 282

About this episode

G Mark Hardy interviews Rock Lambros about securing Agentic AI and the associated risks.

In this CISO Tradecraft episode, host G Mark Hardy interviews recovering CISO Rock Lambros (Zenity) about securing Agentic AI and the emerging risks beyond LLM hallucinations. Lambros recounts his path from Oracle developer to CISO and AI standards work, then explains how agentic AI increases risk by connecting models to tools and actions. They discuss agentic AI supply chain attacks, including backdoored LiteLLM packages on PyPI and a compromised Amazon Q update, and the resulting shift from “patch fast” to more cautious dependency controls. The conversation highlights the OWASP Top 10 for Agentic Applications 2026, covering threats like goal hijack, tool misuse, identity/privilege abuse, memory/context injection, insecure inter-agent communication, cascading failures, human trust exploitation, and rogue agents, concluding with practical steps: inventory, kill switches, least agency, intent gates, and observability. OWASP Top 10 for Agentic Applications - https://genai.owasp.org/resource/owasp-top-10-for-agentic-applications-for-2026/

People in this episode

Host: G Mark Hardy

Guest: Rock Lambros

Topics covered

  • Agentic AI
  • AI security
  • supply chain attacks
  • OWASP Top 10
  • dependency controls
  • CISO insights

Keywords

  • Agentic AI
  • CISO
  • supply chain attacks
  • OWASP
  • AI standards
  • dependency controls
  • LiteLLM
  • Amazon Q
  • security risks
  • goal hijack

Mentioned in this episode

Organizations: Zenity, Oracle, Amazon, PyPI

Books & works: OWASP Top 10 for Agentic Applications 2026

More episodes of CISO Tradecraft®

Explore listener stats, chart rankings, contacts and more on the CISO Tradecraft® podcast page.