Description

Your AI agents are users now. They have your permissions. They read your email. They send messages. And they act on instructions that anyone with an internet connection can drop into your inbox.

In this episode of Threat Talks, Lieuwe Jan Koning, Co-founder and CTO at ON2IT Cybersecurity, sits down with Jack Cable, CEO and Co-founder of Corridor and former lead of Secure by Design at CISA, to walk through the “lethal triangle” (the three conditions that turn helpful AI into a breach vector) and what CISOs should be doing right now, before the technology runs further ahead of the controls.

Timestamps

00:00 – 01:36 Cold Open: The User Inside Your Software
 01:36 – 04:23 What Agentic AI Actually Is
 04:23 – 07:20 The Lethal Triangle: Three Conditions for a Breach
 07:20 – 10:05 Why Prompt Injection Has No Fix Today
 10:05 – 14:09 Sanctioning Agents Without “Allow Fatigue”
 14:09 – 18:45 OpenClaw: Should Your CISO Authorize It?
 18:45 – 21:17 Sandboxing, Sub-Agents, and What to Do Right Now

Key Topics Covered

• The “lethal triangle” – sensitive access, untrusted input, and the ability to take unapproved actions – and why every basic email agent already breaks all three rules
• Why prompt injection cannot be reliably solved by another LLM, and why deterministic guardrails (sandboxing, allow-lists, human-in-the-loop) are the only durable answer today
• Why “allow, allow, allow” fatigue makes per-action approvals largely theatrical, and why routing approvals through a separate model is a real, if partial, improvement
• Why Jack Cable’s CISO answer on OpenClaw and similar general-purpose agents today is short: don’t authorize (and what to deploy in its place)