Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Druva: Governing AI Agents: Guardrails & Authentication

Druva
07/07/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


and as large enterprises, the risk that something goes wrong is huge. So, far, far less, I think it's probably changed mostly from the perimeter being the place you needed to be concerned about and making sure nothing got in. Internal. Now it's internal, and it is very much 50-50 between internal and external, that balance that you have to be worried about a well-intentioned employee who wants to do a good job, and they get an agent, and they start doing some work, and maybe there's a supply chain attack or something that allows an agent to do significantly more. So, I know we're, in the next couple of months, we're going to be talking about things like AA auth and new standards for authentication that have been worked through the various bodies to get to a consistent approach to how authentication should work for agents, delegated approval, and making sure that it's as limited as possible.

TL;DR

  • Enterprise customers are increasingly worried about the broad access AI agents can acquire, with the risk of something going wrong considered significant at scale.
  • The security threat model has shifted to roughly 50-50 internal versus external risk, meaning insider misuse — even unintentional — is now as concerning as external attacks.
  • Supply chain attacks targeting AI agents represent an emerging vector where a well-meaning employee's tool can be weaponized to do far more than intended.

Summary

In this short clip, David Gildea of Druva and Joseph Holland of Aon discuss the real-world security risks that AI agents introduce inside large enterprises. The conversation highlights a fundamental shift in how organizations must think about their threat surface: the traditional perimeter-focused model has given way to an environment where internal and external threats are now roughly equal in concern. A well-intentioned employee deploying an AI agent can inadvertently open the door to supply chain attacks that allow that agent to operate far beyond its intended scope. Looking ahead, the speakers point to emerging authentication standards — including agent-to-agent (AA) auth and delegated approval frameworks — being developed across standards bodies to establish consistent, least-privilege access controls for AI agents. The key takeaway is that governing AI agents requires purpose-built authentication and strict permission scoping, not just perimeter defenses.

Chapters

0:00 - Enterprise AI Agent Risk
0:08 - Shift to Internal Threats
0:33 - Emerging Auth Standards

Key Quotes

0:00 "Our customers are definitely concerned about the access that these tools have, and as large enterprises, the risk that something goes wrong is huge."
0:17 "Now it's internal, and it is very much 50-50 between internal and external."
0:21 "You have to be worried about a well-intentioned employee who wants to do a good job, and they get an agent, and they start doing some work, and maybe there's a supply chain attack or something that allows an agent to do significantly more."

FAQ

What makes AI agents a unique security risk compared to traditional software?

AI agents can be granted broad access by well-intentioned employees and, if compromised through a supply chain attack, can perform actions far beyond their original scope — making least-privilege controls and agent-specific authentication critical.

What authentication standards are being developed for AI agents?

The speakers reference AA auth (agent-to-agent authentication) and delegated approval frameworks currently being worked through standards bodies to create a consistent, limited-access approach to agent authentication.


Categories:
  • » Webinar Library » Druva
  • » Cybersecurity » Zero Trust
  • » Data Protection
Channels:
News:
Events:
Tags:
  • AI & Machine Learning
  • Zero Trust
  • Identity & Access
  • Security Operations
  • Thought Leadership
  • short_form
  • AI agent security
  • Authentication standards
  • Supply chain attacks
  • Least-privilege access
  • Enterprise risk management
  • AI governance
  • Internal threat vectors
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Druva: Governing AI Agents: Guardrails & Authentication

              Upcoming Webinar Calendar

              • 07/09/2026
                01:00 PM
                07/09/2026
                The HUMAN Experience: Empowering Agentic Trust in Practice
                https://www.truthinit.com/index.php/channel/2026/the-human-experience-empowering-agentic-trust-in-practice/
              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting a Championship-Level Security Team for Unmatched Defense Success
                https://www.truthinit.com/index.php/channel/2025/crafting-a-championship-level-security-team-for-unmatched-defense-success/
              • 07/14/2026
                02:00 PM
                07/14/2026
                Understanding the Crucial Role of Context in AI Data
                https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-ai-data/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Innovations in Data Privacy and Digital Protection
                https://www.truthinit.com/index.php/channel/2000/insights-and-innovations-in-data-privacy-and-digital-protection/
              • 07/22/2026
                01:00 PM
                07/22/2026
                Insights from Attackers During the FIFA World Cup: A HUMAN Dialogue
                https://www.truthinit.com/index.php/channel/2029/insights-from-attackers-during-the-fifa-world-cup-a-human-dialogue/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 07/29/2026
                12:00 PM
                07/29/2026
                Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
              • 07/29/2026
                01:00 PM
                07/29/2026
                Ask Your Cloud Anything: Unlocking Governance Silos in your Environments
                https://www.truthinit.com/index.php/channel/2048/ask-your-cloud-anything-unlocking-governance-silos-in-your-environments/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Becoming Agent Ready: Insights from Cyera's Expertise
                https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jul
                09

                The HUMAN Experience: Empowering Agentic Trust in Practice

                07/09/202601:00 PM ET
                • Jul
                  14

                  Crafting a Championship-Level Security Team for Unmatched Defense Success

                  07/14/202601:00 PM ET
                  • Jul
                    14

                    Understanding the Crucial Role of Context in AI Data

                    07/14/202602:00 PM ET
                    • Jul
                      21

                      Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

                      07/21/202604:00 AM ET
                      • Jul
                        22

                        Insights and Innovations in Data Privacy and Digital Protection

                        07/22/202606:30 AM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version