Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

What if you hired about 100 new employees for every one you already had, and then, on a whim, gave them all admin rights? Sure, these fresh hires would likely be brilliant and hungry to make an impression. But they wouldn’t always know the rules. Some would make mistakes. Others might take liberties. Before long, it’d be bedlam. That’s what’s happening right now inside financial services institutions.

In this episode of Security Matters, Chris Schueler, CEO of Cyderes, joins host David Puner for a dive into the evolving challenges of enterprise security. The conversation explores the dangers of privilege creep, the explosion of machine identities, and why accountability at every point of interaction is essential for building resilient teams and systems.

Earlier in 2025, an AI agent named Claudius made headlines when it insisted it was human, promising to deliver products in “a blue blazer and red tie.” Quirky? Sure. But beneath the strange admission sat a more important truth: today’s AI agents aren’t just chatbots with puppet-like ambitions, whose untruths would be betrayed by a growing nose. They’ve evolved into actors with real credentials, access, and autonomy.

AI agents are quickly becoming “first-class citizens” in financial services, mimicking human behavior and holding privileged access that rivals employees. Yet unlike people, they don’t appear on your official org chart. The financial services sector already lives in a state of constant tension: the race to adopt new technologies for a competitive edge often faces off with the duty to preserve customer trust earned over decades of reliability, regulation, and security.

From resetting passwords and approving workflows to pulling HR data and orchestrating cloud infrastructure, AI agents now perform tasks that previously required a human with privileged access. AI has moved beyond the realm of passive chatbots into autonomous, persistent operations, performing work on behalf of an individual or entity. Like it or not, that makes AI agents a new part of your workforce. They hold credentials, trigger workflows, and make their own decisions.

One unmanaged machine identity—whether a TLS certificate, SSH key, code signing certificate, or API secret—that’s all it takes to crash your website, halt transactions, and leave customers complaining about you in the comments. No one is immune. In fact, 83 percent of organizations have experienced a certificate-related outage in the past 24 months. Even tech giants recently made headlines after expired renewals triggered hours of downtime and millions in lost revenue.

Modern digital supply chains are increasingly complex and vulnerable. In this episode of Security Matters, host David Puner is joined by Retsef Levi, professor of operations management at the MIT Sloan School of Management, to explore how organizations can “sense the signals” of hidden risks lurking within their software supply chains, from open source dependencies to third-party integrations and AI-driven automation.

CyberArk Privilege Cloud version 14.7 improves user experience and operational efficiencies in the CyberArk Identity Security Platform. This release introduces significant updates and improvements, including Secure Access space and the new Identity Protection space, which features Threat Detection and Response (TDR), Risk Management, and more.

Do you know why Shai-Hulud should raise your hackles? Unless you’ve spent time on Arrakis in Frank Herbert’s Dune or the npm ecosystem this month, the name Shai-Hulud might not ring a bell. In Herbert’s world, Shai-Hulud is the colossal sandworm of Arrakis—feared, powerful, and destructive. In our world, I guess you could say the same thing. Shai-Hulud surfaced as a malware worm that tore through the npm software registry on Sept. 16–17, 2025.

We’ve spent decades treating persuasion like an art—something you could master if you had charisma, practice, or luck. Lawyers use it to hone arguments. Marketers use it to craft taglines. On the flip side, phishers use persuasive tactics to sharpen lures to razor points. But looking at it as an art form, while intuitive for some, can be messy. Hit-or-miss. Especially when you consider that today’s means of persuasion can run like code: systematic, reproducible, and scalable.