AI Agents Outnumber IT Admins: Credential Sprawl and Network Risks with Chris Boehm

[00:00:01] There are now more AI agents running inside enterprise environments than there are IT administrators managing them. They authenticate with inherited credentials, they access sensitive data, they call APIs, they invoke other agents, and they move laterally across systems. All without waiting for a human to approve the next step. And most organizations have no idea how many they're running, what those agents can reach, or what happens when one of them is compromised.

[00:00:26] Microsoft noticed this too. They took Agent365, their new control plane for governing agents, out of preview and into general availability. Their own security chief told VentureBeat, I have 18 agents running behind my team chat right now. If the person responsible for Microsoft security has a shadow army of agents in his daily workflow, the question isn't whether organizations need to govern this, it's whether anyone can get ahead of it.

[00:00:52] Microsoft answer is governance at the identity and endpoint layer. Zero Networks has a different answer. Enforce it at the network layer before misbehavior becomes a breach. Same problem, different architecture. That tension is what this episode is about. Chris Boehm is the field chief technology officer at Zero Networks who sponsored this episode, where he helps organizations apply identity-based segmentation and zero trust principles to real-world network security challenges.

[00:01:21] His background spans threat hunting, incident response, and security architecture across public agencies and Fortune 500 enterprises. The kind of partitioner who's seen what a breach actually looks like from the inside and built programs to make the next one harder. Chris, welcome to the business of tech. Thank you for the welcome.

[00:01:42] Now, I want to start with the thing that's changed most visibly. Like that's not the AI tools, but it's the posture of those organizations deploying them. Because it's not just the people are using AI, it's that they're now deploying autonomous agents that act on their behalf. And most are really doing faster than any framework can keep up with.

[00:02:02] Now, Zero Networks focuses on this specifically. The AI segmentation launch in April introduced that AI agent control. So it's visibility and enforcement for every AI agent in the environment, including what they access and how they communicate. Tell me a little bit about the way you look at the way AI agents are actually being deployed right now. Like, what's the access pattern that scares you the most?

[00:02:29] So there's not a company I haven't talked to in the past six months that doesn't have AI modernization as part of the project plan today. So if you're looking into AI modernization, you get very excited, you see the power behind it, you usually have someone that even hyped you up into it. Now it's an executive level decision, even a board level initiative, if you're not doing it, you're behind. It's like the cloud conversation years ago, if you're familiar with it.

[00:02:53] So the fear factor to the AI modernization strategy is after they realize the just how quickly things usually move, think of it from the scope of in the past, you brought up administrators, administrator would come in, they'd run a tool that deploys at usually the human's effort, maybe some automation, a scheduled task or something, and it would do the job it's supposed to do.

[00:03:14] Agendic AI or AI or just anything that's usually localized as micro SL learning model or learning language model, whatever you want to consider calling it. Now it has the capability of scanning, learning and expanding into your ecosystem. So that's, that's one fear factor. For example, if I just run something localized, and I say, Hey, I want to solve this problem. It says, Yeah, I'm just gonna, I'm just gonna figure it out for you.

[00:03:37] I'm gonna connect to everything you have connection access to, I'm going to learn everything you have access to. And then based on access, if you gave me access to it, I'm just going to start kind of sprawling and spreading and gather the information and solve the answer for you. So powerful stuff, very powerful. The concern is what if it wasn't utilized the right way. And that's what I think of it from the perspective, what if someone got onto my machine and did the same thing?

[00:04:00] Would it access things that shouldn't have access to? Would it be sprawling out of control? Or is it doing what I'm telling it to actually do? Because it's not always super transparent, it just finds the answer and says, Here's the answer you're looking for, I solved it for you.

[00:04:12] Well, how did you get that answer? I don't understand how you found that data. Oh, we found it here. And it was on this list and this database. And it's called customer data 123. You're like, Oh, don't I can access that? Yes, but don't read customer data. Like, that's the kind of scenario I'm talking about here. When it comes to it's doing the right job. It's not be malicious. It's just using what I potentially have access to. And that's a that hopefully that never happens. But that's exactly the scenario that I have concern about when you're utilizing agentic AI or AI in general when it's localized.

[00:04:41] Now give me a little bit of a sense of the speed here because the hype would imply that everyone is moving incredibly fast, and everyone is being incredibly productive. And there's this whole group that are moving out there. But you brought up cloud and it's a great example because you know, I know that we're still doing cloud migrations for some customers now, particularly in the long tail of customers. And that conversion took a very long time. Even if I put hyper acceleration to that, this may not be moving nearly as fast.

[00:05:10] Talk to me about the speed factor, how fast you think it's happening, and the risks at potentially misjudging that.

[00:05:47] So it's a really big difference compared to how it is today. So in and even make it easier, it's almost dump proof, you can just say, I'm you saw this question, and say it in that word phrase. And what is the answer? It'll do it for you. It learns it contextualizes it and figures out. So there's no learning curve necessarily in comparison to, and that's where the framework conversation comes in. It just enables very quickly and it's not measured or pressured into a factor of you have to do it a certain way.

[00:06:15] So it's a wild, wild west, like open source, it kind of sprawls very quickly. So the acceleration, it's already happening. Companies already use AI, every one of them, I guarantee it. You may not even realize it. You are utilizing it. Just like you mentioned, Microsoft states it, most companies are using AI in the back end if you aren't using it yourself. So I would argue almost every company is utilizing the AI terminology of an LLM in some form or fashion.

[00:06:41] Now, if you're empowering and pushing your organization to use it, it probably will be a one to year two time frame or not at all. You're just taking the stance of we're going to take a different approach because we have too many security concerns. I don't think most will stick in that stance because they're going to realize their competitions and their competitors are now moving into the space of how the heck are they moving so fast? It's because they're using AI. So AI is going to drive the factor of money in the end. Gotcha. Now, the other thing that I've been thinking about here is just the inherited credential problem. We've all talked about it, right?

[00:07:10] The idea of agents are spinning up. They inherit permission. Nobody tracks them. Credential governance alone doesn't close the gap. So credential governance alone, I mean, for example, let's do the same scenario I talked about. You're using my credentials and I have access to whatever I have access to. It could be my credentials. It could be separate credentials.

[00:07:40] Hypothetically, everything is done perfectly. Even me as someone who's built out complicated cloud multi-tier infrastructures, someone always says, in order for me to do this job for us as a company, I need X mode that has access to a lot. That's just a developer that could be, it doesn't matter. There's always someone or some form or fashion that says, this is the exception. Well, those exceptions start building up over time. And all of a sudden, what if that exception is that AI is using that model of having access to everything?

[00:08:08] And then you add something to that everything bucket and it spreads. So even if you say, hey, we're all paywalled, it's locked in and within this user credential. Well, unfortunately, this one user credential over here that now has access to the AI module does have access to everything. So how are you containing that? And that's exactly where we say, well, it's not just the identity layer. Identity is very important, but there's a network layer approach as well. So let's migrate it down to what is truly necessary, what this user normally does.

[00:08:34] And if they breach that abnormal, we're going to challenge them through like a zero trust mindset of validate. This is who you say you are and who you really are to prove it that you should have access to this. And that's the approach that zero networks takes is you can still do what you need to do. But if you don't normally do it, you don't technically, even though you have access to it, you should prove you are who you say you are. So it doesn't act as malicious or anything out of context, like an AI sprawling unnecessarily.

[00:09:04] Now, that extends out to the larger network capacity, too, because you've described like in a blog, the self-defending network concept. Right. You put a whole blog together around it. You've framed it as a fundamental architecture question. The idea that if attackers move using legitimate paths, detection will always be catching up from that.

[00:09:23] Right. And so really what I want you to do is help me make the prevention argument explicitly, not the marketing version, but the technical argument, why eliminating that lateral movement is more durable than improving detection speed. Yeah. So the problem, I mean, there's the philosophy of detection speed. How fast can it go? CrowdStrike did show just in the past year on their own report. If I remember correctly, it's 20, 23, 27 seconds. I always flip the two numbers for some reason in my head.

[00:09:52] Anyways, less than 30 seconds. They had a lateral movement happen within 30 seconds. That means they detected it or they saw it afterwards and they said, this is how fast we saw a machine move to another machine, technically. OK, well, lateral movement from my perspective means I've jumped from the host that I came to and I got into another host and I'm now attacking from that host or doing some action over there. I'm sprawling across my network or sprawling across my entities. The reason why typically this approach is, hey, I have EDR, I have all the logging, I have everything in place.

[00:10:22] Most concepts can't move that fast with alerting, detection, response, innovation unless it's instantly blocked. I'm assuming an EDR said, hey, this is malicious, block. But when it sounds real and it looks real and acts real, it won't be blocked. It'll say, hey, we're allowed to do this. I've worked with multiple EDR companies and the most awkward conversation is when the IR response team comes in and says, how did this happen? And I'm like, well, you know, until this point, it looked fine.

[00:10:50] Like it looked like you, it looked like the user. Unfortunately, multi-factor authentication was authorized. It might not have been appropriately, but they got past your security measures put in place and they were able to sprawl with little to no challenge. And then they unfortunately you're in this ransomware scenario of this being compromised. So having just the localization, being able to say, wait a second, let me validate and prove who you are and stopping them at that window instead of letting it go across your network is powerful.

[00:11:20] And while allowing the business operations to continue moving forward. And hopefully that answers your question. But the main thing is, is really narrowing down the scope of what is really relevant on my day to day business of a service account, developer, whatever, and then minimizing the blast. So even if I do normally talk to five machines all the time as a developer, my coding, my databases, my backups, whatever, it's limited to that blast radius versus my whole entire infrastructure where I could just keep hopping around. Gotcha.

[00:11:47] But my understanding is a prevention architecture really requires you to know what's normal before you can define what's blocked. And my concern is, is we layer that AI agent piece back in with them spinning up all the time, sometimes without IT's knowledge. Like how do you build a baseline that doesn't need constant manual updating in order to stay current in that environment? Yeah. So you're spot on. I mean, AI is constantly, it can be just like a Kubernetes workload. Like the volume is based on context of what is necessary at that time.

[00:12:17] So usually there is a baseline of learning. For example, let's just say the AI is communicating to the database, to these data volumes and so on and so forth over exit period of time. But the occasional time it may need to reach out or do something different. Those anomalies can be detected or even responded to. So how Zero Networks takes that approach is, hey, we've notified that this is an abnormal pattern. It has been authorized. We can see it's been authorized, but we would recommend you open up these ports dynamically based on the flow of this agent.

[00:12:44] So it notifies the networking team, IR team, even the identity team. Like this user is doing something differently. Is this something you're aware of? Or we've blocked and we just notify you. Like, hey, they're constantly trying to access this. So we have this second day concept of learning what changes abnormality. That happens as a business. Things change. You can even be ahead of it and say, based on change control, you need to do the following. That's the standard practice of allowing it to grow, but then becomes more time consuming.

[00:13:10] So we try to take that approach away from them saying, let me make it easier for you by learning what you're doing and providing you the context of why you need to open it up. That's what we do to make it simpler and easier. But, of course, without any approach or attempt to the modifications of scale and visibility of what it's trying to access, it won't really notice the difference. Because it has to have some kind of learning base in order to know for it. So usually, yes, you have to have some kind of baseline. And there is some recommendation baselines you can go for.

[00:13:37] But most people don't have a, I have no idea what it's going to do. I usually have a concept of this is going to talk to this. This is a scope. This is what I'm going to do. Or you're just pretty much having a flat network in the first place. So you already have other problems. Gotcha. We're going to get into what this means for the MSP stack. But first, let's hear from Zero Networks about what their solution does. This episode is supported by Zero Networks. Cyber resilience is no longer a security team problem. It's a board-level business imperative.

[00:14:06] When an attacker gets inside a network, the real questions become, how far can they move? Can they get to the crown jewels? And how much of the business can they impact? And for how long? That's where Zero Networks comes in. Zero Networks helps organizations prevent attacks, minimize blast radius, and maintain business continuity. Even when attackers get inside.

[00:14:28] Their micro-segmentation platform automatically builds segmentation policies based on how legitimate users and systems actually communicate. Making every access and connection verified and intentional. The result, for a threat actor, is lateral movement is blocked and threats are contained before they can cause damage. Because it's not the breach, it's the damage. Contain the breach before it spreads. The question isn't if attackers gets in.

[00:14:56] It's whether your business stays running when they do. Zero Networks was built for exactly that. Visit them at zeronetworks.com. So I brought up the Microsoft Agent 365 launch to talk about that because their model is that identity first, endpoint first, and then network enforcement. You're inverting that sequence. So make the case for me of why you start with the network layer.

[00:15:23] Particularly when we think about MSPs whose clients may not necessarily have a mature identity infrastructure. So typically you have your assets. You log in. You gain authentication. And then usually after an attacker comes in, they move around. Typically. Typically. So if you have ransomware, you have malware, you have whatever. It's not one machine. They want to cause massive destruction, damage, or get money and paid for it. So the concept is like, okay, well, there's EDR in place.

[00:15:51] There is the scope of understanding what is happening. Most vendors, let's just say a smaller group, 30 machines, you may not even have Active Directory. You may use something else. You may use localized accounts. You may not even have something. Most do have email, though. Most do. So typically there's some kind of authentication process on the email layer. And then there's the network layer. So from that approach, we said, hey, how can we make it flow within the business no matter if they had localized Active Directory or Active Directory in place?

[00:16:20] And that's why we do a multi-factor authentication patent with our communication to kind of answer your question. So we kind of take it with the approach of we don't necessarily need Active Directory, but we are identity first. We live on the identity layer with the localized entity layer of what activities are going on, what is actually happening in network flow, communication. And we're not dependent on a network stack. So you can have any kind of network stack. You just have to have an operating system and let us give a line of sight and access.

[00:16:48] And then we can learn what your machine is doing and then send notifications and multi-factor authentication to elevate privileges whenever necessary. That might be a little more complicated than I planned on saying, but hopefully that answers your question. Well, it's certainly real. And I know our audience appreciates getting into that level of depth. I got to ask a margin question because this feels important. MSPs are already managing tool sprawl. I've got Cisco data showing 78% have disconnected, fragmented security stacks.

[00:17:17] Zero Networks is asking them to add another layer. So what's the consolidation argument? Like what goes away when Zero Networks goes in? Yeah, I'm very familiar with those conversations. At least from the platformization conversations of why you want to contextualize into a single solution. When it comes down to why is usually the approach, and this is not always the right approach, but usually the conversation is what is happening today?

[00:17:45] And are we meeting the regulations in place that our customers are asking for? So why that is a problem is usually your tool stack is not meeting it or doesn't hit the granularity for your regulation purposes. That's one reason someone adds into their stack. Another reason is, well, there is other solutions that we're kind of looking at, but is it cumbersome and is this more simplified? So that happens too. We have some customers that say, I don't know what really is happening in my environment. It's extremely flat.

[00:18:12] I do have firewalls and all these tools and everything, but they're wanting me to manually do everything at this approach. Whereas Zero Networks comes in and says, you don't have to know anything about your network. We'll learn it all for you. And by the way, if it changes, we'll tell you it changes too and how to fix it. So it's a different approach of, well, we could do it here, but we don't have the time, capabilities or effort. So we take the automated approach and scalability approach. And that's another reason why you might look at Zero Networks.

[00:18:41] Those are two top-of-the-line reasons. Typically, we can't do it to that level. Typically, micro-segmentation is very hard. If it was super easy, then every vendor in the market would be doing this. So that's usually the reason why people look at another vendor for micro-segmentation capabilities. But the automation approach is what really makes Zero Networks shine, and it shows scalability and capabilities. I mean, we have customers that can say they're 100% segmented, and that's hard to say in this space. Because if you're fully locked down, then people are afraid, like, well, then my business can't run.

[00:19:11] Well, not if you do it appropriately. You can be truly isolated based on your segmentation goals. Gotcha. Now, as we wrap up our time together, I've got one big question here. Because we've talked about a lot of stuff pre-breach, but I do have to ask, like, post, right? We in the security world, we like to talk about the when, not if. So when the breach happens, but Zero Networks is part of that, what does the post-mortem look like that's different?

[00:19:36] Like, what's different about being able to look back and work with the information that you're providing in that micro-segmentation environment that wouldn't have been there before? Any kind of breach, there's the, how did they get in? What did you actually, like, what did they do? And then how do we mitigate it going forward? Or how do we, you know, get them out and then mitigate it going forward is the typical approach. So from a disaster recovery is usually how I look at it. Like, I'm disaster, I'm recovering from this.

[00:20:04] I'm going to walk through the whole entire scenario of how they got in, the approach, what was handling. We already see everything on every asset in your environment. So you can have this as an augmented to your SIM, and that's what a lot of customers do. Your EDR hopefully caught it. Your other tools hopefully caught it. But this is another validation point that you can have. The ideal scenario, especially with customers who have Zero Networks, the blast radius has already been contained and isolated. So you don't have the same whole business impact operations.

[00:20:32] The goal right now is to say, if something did happen, and it's not if but when is what most security people say. When it happens, how far and how much damage does it cause my business? And does it bring the whole thing down or just a small part of my business down? And our goal is to eliminate it to it's only a small piece of business where the rest of it's going forward. So the big difference for us typically when we're on an IR call is, hey, these assets were not protected by Zero Networks.

[00:21:00] Because it wasn't relevant, it wasn't our crown jewels or whatever, they were able to gain access and sprawl there. Well, that's just how the design of the micro segmentation works. You have to have it on everything in order to be fully isolated. So that's the typical approach, I would say. It makes a ton of sense. Well, Chris, I know we could do this all day long. But if listeners are interested in reaching out, continuing the conversation, what's the best way for them to do so? I would recommend my LinkedIn. I'm on there all the time. It's probably my most socialized network.

[00:21:28] And of course, you can always reach out through ZeroNetworks.com if you want to as well. Chris, this has been fantastic. Really appreciate you joining me today. Of course. It was a pleasure. And we'll see you all next time. Want more from the Business of Tech? Join Business of Tech Plus for ad-free episodes, early interviews, extended cuts, subscriber-only shows, and exclusive member perks and analysis. Sign up at businessof.tech.com.

[00:21:56] And follow this show in your podcast app. And if you're on YouTube, hit subscribe and the bell so you never miss a story. Reviews and comments help spread the word, too. Interested in advertising? Head to mspradio.com slash engage. The Business of Tech is written and produced by me, Dave Sobel, under ethics guidelines posted at businessof.tech. Thanks for listening. I'll see you on the next episode.

[00:22:27] Produced by Picture This Video. Part of the MSP Radio Network.