Rinki Sethi of Upwind Security on Addressing Identity Gaps in Agentic AI
In a landscape where technology continually evolves, agentic artificial intelligence (AI) has emerged as a complex challenge in cybersecurity. Rinki Sethi, the Chief Information Security Officer (CISO) and Chief Security Officer (CSO) of Upwind Security, emphasizes the unique security risks associated with agentic AI systems. According to Sethi, these systems create a "layered attack surface," where individual actions may not seem harmful, yet collectively they can cause significant breaches.
Sethi’s insights highlight the necessity for a proactive approach to securing AI systems. She argues that effective security measures must be integrated into the architecture of these systems from the outset, rather than being added as an afterthought. This proactive strategy involves thorough threat modeling and identity governance, which are essential to anticipate and mitigate potential vulnerabilities.
Notably, Sethi points out that accountability for security failures remains distributed across various layers of AI architecture. Attacks can originate not only from the AI model itself but also from the orchestration layer or the identity plane. Each of these layers requires specific controls tailored to address their unique vulnerabilities. This multi-layered approach aims to enhance security, as relying on a single layer for defense is insufficient in the face of sophisticated threats.
In her discussions, Sethi elaborates on the orchestration of identities between agents, humans, and systems. "Agent to agent, agent to human, human to agent," she explains, illustrating the complex interrelationships involved. Proper governance of these identities is crucial to preventing unauthorized access or actions. According to Sethi, addressing identity management challenges is paramount—whether regarding machines, humans, or AI agents.
In a recent video interview with Information Security Media Group (ISMG), Sethi shared additional insights into the intricacies of securing agentic workflows. She stated that even with perfect visibility into these systems, certain AI-driven attack vectors remain undetectable. This highlights the need for advanced methodologies in monitoring and managing AI interactions.
One particularly alarming aspect discussed was the risk posed by non-malicious insider actions. Sethi noted that even harmless interactions by users through AI agents can potentially lead to serious data exposure. This reality underscores the importance of comprehensive training and protective measures concerning insider actions to safeguard sensitive information.
To further elucidate the complexities of agentic AI, Sethi introduced the concept of "red teaming." This strategy involves creating simulated attacks to test and evaluate the robustness of AI workflows. By doing so, organizations can uncover risks that traditional step-level policy checks might overlook. Such red teaming exercises are instrumental in understanding and fortifying the security posture of organizations that leverage agentic AI technologies.
Sethi brings to her role a wealth of experience, having led security initiatives at prominent technology firms including Twitter, Rubrik, and IBM. Her extensive background equips her with the insight necessary to navigate the emerging threats in AI security. As CISO and CSO at Upwind Security, she is tasked with overseeing the company’s global information security strategies while shaping innovative approaches to cloud and AI security.
The increasing prevalence of agentic AI systems prompts a reevaluation of existing security frameworks. As organizations strive to harness the benefits of AI while minimizing risks, the challenges associated with identity governance and threat detection become more pronounced. Sethi’s insights serve as a beacon for those in the cybersecurity field, urging them to adopt a comprehensive approach that prioritizes early integration of security measures.
In conclusion, the complexities associated with agentic AI highlight an urgent need for a robust security framework that accounts for the distributed nature of identity management and attack vectors. As Rinki Sethi articulates the pressing challenges facing organizations today, her call to action for preemptive security strategies is a critical takeaway for any entity looking to secure their digital infrastructure in an increasingly automated world.
This discourse not only sheds light on the multifaceted risks posed by agentic AI but also serves as an invitation to engage in ongoing conversation about the evolution of cybersecurity in the face of technological advancements.