
#282 - Top 10 Agentic AI Attacks (with Rock Lambros)
From CISO Tradecraft® by G Mark Hardy & Ross Young
May 4, 2026 · 45 min · Episode 282
About this episode
G Mark Hardy interviews Rock Lambros about securing Agentic AI and the associated risks.
In this CISO Tradecraft episode, host G Mark Hardy interviews recovering CISO Rock Lambros (Zenity) about securing Agentic AI and the emerging risks beyond LLM hallucinations. Lambros recounts his path from Oracle developer to CISO and AI standards work, then explains how agentic AI increases risk by connecting models to tools and actions. They discuss agentic AI supply chain attacks, including backdoored LiteLLM packages on PyPI and a compromised Amazon Q update, and the resulting shift from “patch fast” to more cautious dependency controls. The conversation highlights the OWASP Top 10 for Agentic Applications 2026, covering threats like goal hijack, tool misuse, identity/privilege abuse, memory/context injection, insecure inter-agent communication, cascading failures, human trust exploitation, and rogue agents, concluding with practical steps: inventory, kill switches, least agency, intent gates, and observability. OWASP Top 10 for Agentic Applications - https://genai.owasp.org/resource/owasp-top-10-for-agentic-applications-for-2026/
People in this episode
Host: G Mark Hardy
Guest: Rock Lambros
Topics covered
- Agentic AI
- AI security
- supply chain attacks
- OWASP Top 10
- dependency controls
- CISO insights
Keywords
- Agentic AI
- CISO
- supply chain attacks
- OWASP
- AI standards
- dependency controls
- LiteLLM
- Amazon Q
- security risks
- goal hijack
Mentioned in this episode
Organizations: Zenity, Oracle, Amazon, PyPI
Books & works: OWASP Top 10 for Agentic Applications 2026
More episodes of CISO Tradecraft®
- #287 - Cybersecurity Insights You'll Want to Hear (with Michael Hammer) · June 8, 2026 · 45 min
- #286 - AI-Native Security (with Nishant Doshi & Saro Subbiah) · June 1, 2026 · 46 min
- #285 - Passwordless Authentication (with Nishant Kaushik) · May 25, 2026 · 42 min
- #284 - Lessons Learned from SQL Slammer to AI Agents (with Aaron Turner) · May 18, 2026 · 46 min
- #283 - Leadership Lessons and the Art of the Performance (with Chris Brogan) · May 11, 2026 · 48 min
- #281 - SIEM Secrets They Don’t Tell You (with Anton Chuvakin & Alex Hurtado) · April 27, 2026 · 48 min
Explore listener stats, chart rankings, contacts and more on the CISO Tradecraft® podcast page.