Jasson Casey: [00:00:00] Every time your agent executes a tool, it's a chance for proprietary information to basically be exfil. Yeah. It's a chance for maybe that tool if it's not actually authorized or maybe even malicious to send C two commands back to the agent. And the agent just like, uh, Ron Burgundy will happily do what's ever on the teleprompter.

It also starts to look and feel a little bit like adversarial malware. How do you run fast but not run fast into a next breach? Like that's an interesting tension.

Ashish Rajan: There's only two camps that I see mostly is one is an outright denial that we won't do it at all. Yep. The other one is the floodgates already open.å

It is, uh, OpenAI everything's being used. You just have no idea.

Jasson Casey: Prompt injection is a real problem. Uh, information xFi is a real problem. Mm-hmm. How do you manage any of those things? In a systematic way, not whack-a-mole, everybody can come up with a whack-a-mole, uh, technique. Yeah. But how do you manage this in a systematic way that has the fewest moving parts, if not through identity. In four hours we used it to pull a couple of models off of hugging face and [00:01:00] realtime audio impersonation. It wasn't that hard to turn that into a red team kit as well. Um, we can leave a pretty convincing voicemail. And I think it was like seven seconds of high quality sampling. If the security teams are not adopting these sort of workflows and really going deep on it, they're gonna get left behind.

Ashish Rajan: Most companies are at two stages for AI adoption. Either they have not gone ahead at all and just blocked the entire AI usage completely, or on the other end, they have accepted the risk and just decided to speed boat ahead for the kind of AI they want to do in their organization. I had a great conversation with Jasson Casey, who is the CEO of Beyond ai.

We spoke about how AI agents are currently being used in the organization, and my shadow AI would just become a commodity after a while. Once you establish standards for what Goodis are and what good AI practices. However, how the challenge would remain in a world where AI agents can work on browsers, containers.

Local endpoints, how do you establish identity and perhaps even contain in relation to isolate what [00:02:00] can be done if in case the AI system is compromised? All then a lot more in this episode with Jasson Casey, if you know someone who's working on securing AI agents. Perhaps the use of identity or containerization.

Just even understand what, what the new threat model is like. I would definitely share this episode with them. As always, if you have been listening or watching our episodes for a while and have been finding them valuable, I would really appreciate if you take a quick second to drop the subscriber follow button on whichever platform you've been listening or watching this on.

We are on all platforms, including Apple, Spotify, YouTube, and LinkedIn. I also wanna say thank you to everyone who came and said hello to us at RSA. It meant a lot when you took the time stopped and said hello and basically shared the love that you had for the podcast and the work we do here as well.

Thank you so much for all the love and support. I hope to see you the at the next conference as well. And I hope you enjoy this episode with Jasson Casey and I'll talk to you soon. Peace. Hello and welcome to another episode of Classical podcast with Jasson, with me. Thank you for coming on the show, Jasson.

Jasson Casey: Thanks for having me.

Ashish Rajan: Maybe just to set some context, if you can share a bit about [00:03:00] yourself and your background as well.

Jasson Casey: I am uh, co-founder and CEO of a company called Beyond Identity. Um, my background, I am a a engineer product person. I've been in the security infrastructure space pretty much my entire career.

And, uh, yeah, I like to work on deep tech problems that are challenging but also meaningful

Ashish Rajan: and talking about challenging and meaningful problems. We were talking the other day about how shadow AI has become like the new standard for. First response for ai. And, and, uh, and I guess you had some interesting thoughts about what's the role of shadow AI if it's actually worth investing a lot of time in, or is it, what is it protecting you from?

I'm curious to, if you wanna share your thoughts on the whole shadow AI piece and A, in terms of a, is it a valid concern and B, is it something that we should probably build programs around?

Jasson Casey: Yep. So, uh, so first. Yeah, it's a concern and you can definitely see the, um, the response to it just in the advertisements.

Yeah. Before I even left the airport in New York last night I saw [00:04:00] three different company adverts all about, like AI discovery, shadow ai, and whatnot. So it's, it's definitely a little noisy on that right now. Why should you care about it? Every company in the world, private or public, is exceedingly getting pressure from the board and from its investors to be more efficient.

To show some of these advantages that we've been promised around ai, like how do you operate in a more AI native way and you flip that, uh, to the inside of an organization and you can actually see the promise of some of these projects, right? Engineers. Doing things that used to take them six months and six weeks, right?

With some of these code assistance like Cursor or Claude Code or Codex or Gemini CLI. Like, marketers doing things like building a browser plugin that literally follows them as they're going through LinkedIn and follows them as they're looking at competitive websites. Produces A-J-S-O-N stream and a GI repo that Claude is consuming to do kind of structured competitive analysis.

So like it's there, right? And so I think this creates a natural tension in most organizations. How do I run [00:05:00] fast? How do I let the organization run fast? 'cause the organization exists to build product, right? Mm-hmm. To, to help customers with specific problems and to drive top line revenue. At the same time.

When you look at how these, aI code assistance work and these agents work, and I, I'm gonna focus a lot on code assistance, but I'll, I'll argue that like agents kind of structurally are the same. When you look at how they work, their power comes not just from using an LLM. The LLM is kind of like the brain, but you've gotta bring interesting data to the brain to say, chew this, synthesize something.

Tell me what to do next.

Ashish Rajan: Yeah.

Jasson Casey: And you've gotta bring tools to that brain as well. You've gotta give it arms and legs to interact with the real world. Yeah, and that's where the danger comes from, right? Every time your agent executes a tool, it's a chance for proprietary information to basically be exfil.

Yeah. It's a chance for maybe that tool, if it's not actually authorized or maybe even malicious to send C two commands back to the agent. And the agent just like, uh, Ron Burgundy will happily do what's ever on the teleprompter. Right? It also starts to look and feel a little bit like adversarial malware or living off the [00:06:00] land, right?

Like tool execution of an agent. It certainly feels like living off the land. Every tool execution is a potential, the result is a potential prompt injection. Mm-hmm. Right? I don't just inject the prompts from prompt input. I can have prompt injection that comes through. The result of tool calls prompt injection doesn't have to happen all at once.

A context is big. A context gets stacked. The way Transformers work is they don't read that context linearly. Mm-hmm. They have a way to actually associate related contexts. Yeah. So if I'm smart, I can actually inject a prompt slowly in partitions over multiple tool calls to then get that transformer to do what I want.

Modern agents have memory now, right? They can remember things about prior conversations. When you see that compacting context, what they're really doing is they're trying to figure out how to contextually store that information so they can kind of retrieve it recursively later.

Ashish Rajan: Yeah.

Jasson Casey: In a way that makes the conversation feel like it continues and it's seamless.

Ashish Rajan: Yeah.

Jasson Casey: That feels a lot like malware persistence. Maybe I can persist my prompt to like get it to do something [00:07:00] when a condition arises a little bit later.

Ashish Rajan: Yeah.

Jasson Casey: So there's this natural tension in organization between how do I run fast and become AI native, but also like. These behaviors are clearly new, but also potentially gonna flag a lot of your existing security controls and even the security mindset.

So like, how do you run fast but not run fast into a next breach? Like that's an interesting tension.

Ashish Rajan: Yeah. And I guess maybe to what you said as well, a lot of CISOs are under the pressure from their boards or their executives that, hey, uh, we need to, I mean, I guess I, there's only two camps that I see mostly is.

One is it's an outright denial that we won't do it at all. Yep. And we're gonna wait and see what happens. The other one is the floodgates already open and there is CLO cord, there is, uh, open ai. Everything is being used. You just have no idea. Maybe that's kind of where some of that touching comes in from as well.

Is that the only way to deal with this? Uh, the shadow ai?

Jasson Casey: Uh, so, so we see the barbell as well. We see these large financial organizations that have literally just paused the prog the projects. And the [00:08:00] response is a bit heavy handed. It's like, well, only these three people can do it and no one else.

Alright, so clearly they're not the chosen one. Yes. And then we see the other end of the spectrum, which is, well, this is the point of our business and, um, we're just gonna blindly risk accept all of this. Yeah. And so our argument is you don't actually have to make that choice. There are smart, lightweight, intelligent ways of letting the organization run pa run fast.

While also getting kind of a, a safe, secure context wrapped around that agent.

Ashish Rajan: Mm-hmm.

Jasson Casey: Um, that helps you understand what's going on. Yeah. But then also make decisions about what you want to allow and where you want to nudge people for better actions. And so these are kind of classic security control user interaction mindsets, right?

You don't necessarily wanna shut everything down. You wanna know what's going on. You want to nudge people in the right direction to the right behavior. And you do want to kind of. Shut down. Very known bad actions or activity. So we see, see it as a bit of continuum,

Ashish Rajan: but do you find that a lot of people, maybe, I don't know if [00:09:00] this is the right thing or I, it's maybe limited.

Do you find that when people focus only on data exposure or shadow ai, as they only do challenges, are they missing something more than what they should be focusing on? Or is that just the tip of the iceberg?

Jasson Casey: It's the tip of the iceberg, right? So, uh, everything is new and nothing is new, right? It's like, what is it?

Uh, the king is dead long. Live the king. Yeah. We still are establishing like a standard NIST cybersecurity framework, right? We still need to identify, we need to know what we have, we still need to protect, like how do we harden what we have? Mm-hmm. How do we make sure we have the controls on the things that we have?

We still have to detect how do we know when a bad thing happens, right? Because we can't prevent all bad things from happening. We still have to respond, right? Like when a bad thing happens. What are we gonna do, right? Like, where is the fire extinguisher? Have we actually trained on how to use it and repair?

Right? So like I would argue the framework is still the same. Uh, there's a new use case in the organization called, uh, a agentic use cases. Right? As these organizations go through becoming AI native and shadow AI is kind of the way of getting the conversation started. [00:10:00] A lot of organizations are kind of thinking about, well, let's just number one figure out what we have.

Yeah. And that's a great way to start because again, like without identify, you can't really run the other. CSF functions, right. Or the other CSF dimensions, but I would argue it is just the tip of the iceberg. Yeah. Because what you really want is you still want foundational security just over the ENT lifecycle.

Ashish Rajan: Interesting. And would you say everything that we have done so far in industry, like I've got maybe CISOs, maybe thinking, oh, that's should be fine. I have EDR XDR R. I have seen, I have all these things that I've traditionally used. Mm-hmm. And they seem to gimme the confidence that I can take care of most of the problems.

But to what you were saying earlier, developers using Claude Code Curs, uh, there's their browser base extensions as well. Mm-hmm. What's the what's the obvious blind spots that if people have just gone, I'm just gonna use the traditional, I'm only going to focus on say, uh, my network controls. Yep. And.

That, that should be enough for [00:11:00] me to limit the exposure that I have for all these LLMs. Is that enough?

Jasson Casey: Uh, so, absolutely not. So let's break agents into a couple categories. So like, there are agents inside of SaaS products that customers experience through. Uh, uh, a SaaS control panel, right? Yeah.

I would argue that a lot of the risk in that environment is kind of traditional risk. It can be managed by DLP, it can be managed by traditional identity, et cetera. Now let's talk about agents running on machines.

And let's specifically zero in on code assistance, because that's, I think, what almost everyone has experience with right now.

Yeah. Yeah. This may be a managed machine. This may be an unmanaged machine. Yeah. This may be a third party managed machine contractor as well, right? Yeah. Um, it could be all of those scenarios. It's gonna have access to your code. Yeah. It's going to have access to your intellectual property. Mm-hmm. It's gonna have access to your local device.

Mm-hmm. Um, it is going to, if it's going to be productive, someone's going to be inherently telling it where value is and isn't. Mm-hmm. So how do you actually know about that? How do you actually secure that? What is the lowest leverage [00:12:00] action? What's the simplest thing you can do as an organization? That gives you at a bare minimum visibility and the removal of like, really low hanging fruit security problems like credential theft and session hijacking of the agent itself.

Ashish Rajan: Would you say identity?

Jasson Casey: Yeah. So there was a Reddit story making the rounds couple weeks ago. And the gist of it was, Hey, my, my Claude code key or my Anthropic key got popped and I just got an $80,000 bill. I think I'm gonna go bankrupt.

Ashish Rajan: Oh.

Jasson Casey: And um, you know, the interesting part of that story is when you look at these code assistant.

It's, they're still using this legacy technology where essentially, whether it's a user credential or whether it's a session credential, it's stealable, it's not device bound. Yep. Uh, which means you can you can fish, you can do this thing called device code flow phishing, you can do, uh, session hijacking, et cetera.

So that doesn't have to exist. That tech technology to solve that problem, not reduce the rate of it happening, but actually make that go away, has existed now for a couple years, and identity is essentially the technology that makes that go away. Now, identity that does that, that's [00:13:00] device bound, that's posture based, could take one step further, it could launch the workload, in this case, Claude Code Codex, Gemini, et cetera.

And it could launch it in a, in a, what we call kind of this secure, durable context where it's monitoring the risk of what the agent's actually doing.

Ashish Rajan: Yeah.

Jasson Casey: So that immediately gives you discovery around things like tools, not just M-C-P-M-C-P is one route of tools. Mm-hmm. But there are other types of tools.

Yeah. Uh, your system uses built in bash to anything that you've actually, uh, put local in the system. There are skills, there are sub-agents.

Ashish Rajan: Yeah.

Jasson Casey: There are plugins that package all of this together, right? Uh, there's local permissions that your developers, not even your developers, your marketing analysts, your researchers, et cetera, are, are manipulating.

So the security context that this identity system can launch, it can very quickly discover these assets, understand them, run it through some sort of policy saying, is this good? Is this not good? And then continuously monitor that. So if anything were to ever change, basically. Kill the agent session. Right.

And withdraw its ability to actually access the sensitive information.

Ashish Rajan: Yeah. Yeah. But isn't [00:14:00] identity a bit more complex in sense of There is the whole, what we used to traditionally call system users. Mm-hmm. By doing automated actions. And there is Ashish, the actual employee. Mm-hmm. And there is Aashish, the contractor.

Mm-hmm. Like. How would, I guess what I'm coming with this is that a lot of people al already have, especially in enterprises mm-hmm. There's already a established identity team that focuses on MFA user onboarding, user offboarding.

Jasson Casey: Mm-hmm.

Ashish Rajan: It, this almost seems like a paradigm shift from that, or is it not?

Jasson Casey: This is the unification of identity and security. You have to understand identity, but you also have to understand security. So the operating system has an identity. The operating system identity and the corporate directory identity, are they the same? Probably not. They're related. Yeah, but they're not the same.

Um, a non-human workload versus a human workload.

Ashish Rajan: Mm-hmm.

Jasson Casey: How similar versus different, actually, are they? When I want to do continuous identity,

Ashish Rajan: yeah.

Jasson Casey: It's not enough to only be in the control plane. You have to also be in the [00:15:00] data plane. Otherwise you cannot be a point of enforcement. And we think code assistant agents, specifically AI agents in general are kind of the forcing function for that.

Like they're really kind of making it clear that control plane identity security products are not enough. You actually have to be data plane enforcement as well.

Ashish Rajan: And what would that look like in terms of, I guess where I'm coming from, this is like people already have established architectures. Mm-hmm.

The mature ones even have like a scene provider, EDR provider. Right. And I'm sure an identity provider as well. What am I changing? Because, uh, obviously a lot we are at RSA, there's a lot of people who are thinking about how am I approaching AI security as a whole in my program? Yeah. Are there blind spots in these.

Program, the traditional program that we done.

Jasson Casey: Yeah. So, so there's a couple interesting things there. Number one I think we're gonna see enterprise architecture change drastically, right? Oh uh, so the market's already started to speak in terms of SaaS IT products are no longer as valuable as they were before.

Mm-hmm. And the reason why is we think essentially if your, if your value comes from being a [00:16:00] database with an ICI. Well, I can do that with Git and Claude Code. And we're already starting to see this, like even in our own organization, our workflows have changed. So adding AI to your existing IT architecture is a way of kind of signaling that you're a dinosaur and you're probably gonna get eaten.

The rethinking your actual business architecture to, if I have natural agentic workflows in my business. What does it look like? What can change? Maybe I don't really need all of these existing systems as before.

Ashish Rajan: Mm.

Jasson Casey: And when you start considering that there are knock on effects, you're still gonna need EDR.

You're still gonna need a SIEM, but the way you're gonna design your your security stack is not going to be the same. And I would argue the simplifying architecture. For that new stack is actually placing identity at the core of that security architecture.

Ashish Rajan: Yeah. Yeah

Jasson Casey: I was just gonna say like when you think about it from a security perspective, whether you're worried about like proactive defense or you're worried about response. Identity already is core, right? You still need to understand, all right, what's the offending process? Who launched that [00:17:00] process?

What's the effective user id? What was the group? I like? You're already trying to dig into all of these identity concepts, right? Yeah. And generally, you're, you're, you're, you're failing it like the determinism problem. How do I know exactly this came and this came and this came and this came and you're kind of doing a probabilistic nuance, well, this likely came from here and you're building this probabilistic glass radius.

Ashish Rajan: Yeah.

Jasson Casey: This is, this is the thing that changes and actually simplifies if you have an identity security solution at the core, all of these things have device bound attributable identity.

And it, it simplifies, whether it's anything from discovery to protection to detection.

Ashish Rajan: Do you find that I mean, because it's funny, ev everyone who would've, who would hear or watch this, they'd be like, but there are defined roles for these things.

There are people who have dedicated roles for identity, dedicated roles, for cloud dedicated roles. Like, so are you already seeing that, maybe in your customer base as well, are you seeing people actually starting to evolve that into what the new world is?

Jasson Casey: Absolutely. Uh, I'd say we see all three. So we see the barbells, right?

Uh, um, we see folks basically kind of just [00:18:00] not doing anything about it. Okay. Right. We see folks risk accepting it. Which is another version of not doing anything about it. And then we see people actually exploring their organizational architecture and their IT architecture. Just, uh, it's not, it's not met cap's rule.

I forget the g uh, the guy's name. But there's this general rule that your architecture, uh, reflects your organizational structure and vice versa. Yeah, yeah. Right. It's no different whether you're talking about how you build software or how you actually build the architecture of your business itself.

Mm. And I think we're gonna see the same thing. We're starting to see that

Ashish Rajan: And because a lot of the industry outside of the whole data exposure and. Shadow ai. The other thing people keep talking about is prompt injection, and that's the real problem that people should be focusing on. 'cause obviously the, so far the conversation that we've been talking about is that shadow AI is required, but it doesn't need to be.

If you focus on the identity piece, you can still manage it. The same with data exposure as well. You can limit the exposure from it. What about this prompt injection? 'cause obviously as a security program people are building, they're also thinking about, oh, that's great. But, uh, all these [00:19:00] AI agents that are running multi-stage.

And then prompt injection. 'cause the way, at least the narrative goes, whether it's indirect or direct, it could happen at D across multiple stages. Mm-hmm. And I don't, I would not know what stage am I losing control at, or I would not know if I'm being packaged by it. Does identity kind of help tackle that challenge as well?

Jasson Casey: If you're actually using device mount identity in Eurogen, it means your agent has an identity.

It means you can track the agent, whoever authorized the agent's identity. It means all the services, it interacts with all the tools, whether they're local or remote, whether they're MCP or built-ins, uh, have an identity that's attributed.

It means everything actually has a chain of providence, right? So I would argue you can't prompt injunction is a real problem. Uh, information xFi is a real problem. Injected prompt persistence is a problem. How do you manage any of those things in a systematic way? Not whack-a-mole. Everybody can come up with a whack-a-mole, uh, technique.

Yeah. But how do you manage this in a systematic way that has the fewest moving parts, [00:20:00] if not through identity?

Ashish Rajan: Interesting. I was So, you know how, uh, obviously you're, you're an engineer at heart as well. I'm curious, is the future that you're seeing with some of the mature customers you have is the future for security where there's less dashboards and more APIs?

Jasson Casey: Yeah. Yeah. So we're already starting to see this. Um, the, so with where AI is right now, it's very good at analyzing data.

And the, what it's not good at is being deterministic, right? Like, um, you'll ask it to do a thing against your 800 data points. Mm-hmm. You'll do it against 600 data points and it'll say, ah, good enough for me.

Because it observed this behavior on Reddit, right? Yeah. So the, that, that's kind of level one, level the level two organization. When they're interacting with the ai, they start to realize, all right, so really what I ought to do is I, I do problem discovery with the ai and I'm not worried about completeness, like enumerating the whole set.

I'm worried about understanding what I wanna do. Mm-hmm. Then I have the AI write a script.

Ashish Rajan: Mm-hmm.

Jasson Casey: The script does the thing deterministically. Then I wrap that script in a skill and a [00:21:00] prompt, which is how I handle the probabilistic hand wavy of an analyst and whatnot. Mm-hmm. And we see the organizations that are actually kind of already at that sort of lifecycle and how they interact with data.

They're starting to ship less UI features. They're focusing more on just kind of API data access and wrap it with skills. And we're actually experimenting with this ourselves. And so the, the basic premise is, look, if I expose the data

Ashish Rajan: Yep.

Jasson Casey: Through the agent effectively, and I teach the agent how to do and interact in a way that's deterministic, right?

Like the. Everyone's had the, the agent go off and do something really, really annoying. It's like, why aren't you doing this? You're not doing the right thing. Why do I have to tell you not to make mistake? That kind of stuff. Right? Yeah. Once you kind of get over that hump, all of a sudden you realize that these agents allow your customers to play with the long tail of your data, and they can even generate graphs and charting on the fly, dashboarding on the fly.

Ashish Rajan: Mm-hmm.

Jasson Casey: By pivoting to that sort of product architecture, it lets you number one. [00:22:00] Open all the data to the customer, not just what your UX team is working on.

Ashish Rajan: Yeah.

Jasson Casey: Number two, you get a signal, right? So if everybody's doing something different, then that's probably gonna be your best interface. But what if you get a signal that says, you know what, 80% of my customers just keep asking these same 20% questions.

Maybe that's where I'll invest in a little bit more, where the AI may not be able to do it just in time. But yeah, we see a different development pattern.

Ashish Rajan: So you see security is making smarter choices moving forward. And I guess. The, the flipper of it also is that people who are considering building security programs and even making decisions about what products to buy, they should probably consider that.

And obviously planning five, six years is in, in an AI world, sounds ridiculous, but in the next six months to one, let's just say 2026, yeah. In 2026, if I'm trying to rebuild or uplift my security program to be. Like cover the gap that I have for AI security, which kind of, we spoke about the traditional at least the traditional roadmap has had gaps because of the traditional threat model we approached it with in today's threat model, if I'm [00:23:00] building a roadmap for say 2026.

Mm-hmm. What would you say they should consider like, especially if it's a mature organization, like an enterprise, which already has a plethora of identity, XDR, SIEM, all of that jazz. Mm-hmm. What do you see them, uplifting towards, and obviously as general as possible, we can't go into nuance, but what do you see them as?

Uplifting their a, their architecture, enterprise architecture. And b, from a, what should they be looking at as a future building tech? Hey, this would last you, 'cause you guys have done this internally. You guys have completely AI fied yourself for the conversation we had. Right?

Jasson Casey: Got customer success, people building, um, dashboards and analytics.

Ashish Rajan: Yeah, I think I remember. And they were deploying Claude Code and going, oh wait, this is very different. So I imagine a lot of people want to get to that place as well. So where do you see these people who are watching or listening, what should they focus on for test 2026 for their teams to be almost that like, 'cause everyone's being asked to, Hey, we use more ai, use more ai, but people don't know what that looks like.

Jasson Casey: Yeah. [00:24:00] So I think there, there's. Couple parts of the question. So from a, I think there's like a IT business, I hate the word business process, but like how your business operates question. And that has to be answered really by leadership. Mm-hmm. And you take a step back and you, you basically put everything on the map and you, you ask yourself, why do I operate this way today?

Which part of these operational steps. Are because of these, were the only tools available to me at the time, versus it's actually necessary for how my business operates. So like, here's a, an extreme example. Let's say you're starting a business today. Let's take this extreme argument just to kind of see where the bound, where it breaks down.

What if the, we only buy three products.

Uh, for our business to, to go operate, we buy GitHub or GitLab, right? So we have a GI repo. Yeah. Uh, we buy Claude Code or Codex or Gemini, ICLI. And, um, maybe like workspace or O 365. So we have email.

Ashish Rajan: Yep.

Jasson Casey: And nothing else. What if that's all [00:25:00] that we had, right?

Mm-hmm. How far would we get? Where would we start to break down? Why do we really need to bring in other products?

Ashish Rajan: Ooh,

Jasson Casey: what For clearly accounts payable, expense reporting and whatnot. But like that's. Uh, I guess sorry to the Expensify people, but that's less exciting. What else do I really, really need?

Yeah. I think, I think the SIEM guys and the Soar guys have a good spot, right? Because essentially their, their, their product and their value is kind of deeper analysis and big data uh, big data collection for like stream and analytics. I think the EDR guys have a, a long-term play as well, just because like their their key value is.

Behavioral analytics around, uh, like funky on device processor, beha process, behavior.

Ashish Rajan: Yeah.

Jasson Casey: But like a lot of these other products that are about like making workflows better, do they have a place?

Ashish Rajan: Yeah. Yeah. Okay. I see what you mean. Yeah. And I can see your point. You start questioning and once you start drilling down into all the parts that you already cover, you're almost thinking, what's the point of this when all I care about is metrics and I have APIs?

Mm-hmm. [00:26:00] That can enable me to do a lot more of this with a Claude Code or a Codex, whatever as well. And what parts are specialized That would make me help, like, I guess, yeah, I, it's a, it's a growing problem, but do you also find that the security programs moving forward would also need to be more agent, for lack of better word?

Jasson Casey: Oh, if they're not agentic already, they're getting left behind. So for instance, just like everything else that we've talked about. You want your security team to essentially have agentic playbooks.

Ashish Rajan: Mm.

Jasson Casey: Think of it as a playbook. The agent is gonna run. So you use Claude Code. Yeah. Yeah.

Um, have you built, you probably built skills. Yeah, yeah, yeah. Yeah. You've probably gone through that loop where you realize, okay, I really need this to be a Python script. This part, this part. Need can be like pro can be language. This part needs to be a script. This part can be languages. Oh, yeah.

Yeah. So like your security team need to be going through that in their playbooks. Mm-hmm. Because there are certain areas where judgment is required. Right. And that's what the LLM is great for. There are other areas where you don't really need judgment, you need perfect execution. Mm-hmm. Right? Like, I need to run this for all end points.

I need to do this analysis. Exactly. In this way. [00:27:00] Yeah. And that's where that's where I was talking about like that basic life cycle of like breaking down prompt, breaking down a skill. Almost thinking of it like classic control flow graphs. Yeah. And for each node is a probabilistic node, is a deterministic node is a probabilistic node is.

And if it's a probabilistic node, it's an lm, it's an LM task. And if it's a deterministic node, it's a script task. So yeah, if your security teams aren't like building this out already number one, they're getting, they're behind. Number two, uh, you can use that for controls verification, controls research uh, detection playbooks actual detection.

It's actually really, really good at prototyping. This is more of like an, uh, red team offensive thing, but like in four hours, uh, at the end of last year, we used it to pull a couple of models off of hugging face.

Ashish Rajan: Oh right.

Jasson Casey: And basically build, uh, realtime audio and, uh, realtime audio impersonation.

And, uh, the goal of the exercise was to have uh, a poem read by different people at the party who weren't actually at the party. [00:28:00] Basically in the style, I think of a Christmas Carol, but like saying things about the business, right? Oh yeah, yeah. Like, here's what went well and whatnot. It took about four hours, right?

Oh. But like, it wasn't that hard to turn that into a red team kit as well around like, Hey, when we wanna do targeted phishing in this, in this particular way we can leave a pretty convincing voicemail. And I think it was like seven seconds of high quality sampling. And that was with very little research.

Wow. And that was, uh, zero shot training. So like we took models off the, off the. Off the shelf to make that work.

Ashish Rajan: Yeah. Yeah. Well,

Jasson Casey: Claude wanted to really, Claude was really excited for me to actually do some fine tuning on a model. We just didn't have time.

But I guess I'm just getting excited about the implementation, but yeah, if the security teams are not adopting these sort of workflows and really going deep on it

Ashish Rajan: mm-hmm.

Jasson Casey: They're gonna get left behind. And, um, I, I would say the other thing I would caution against is you may start doing these things and see all these product announcements and then say, well, maybe I shouldn't do this. This other vendor will kind of do it for me. And I would kind of caution you against that sort of thinking.

Whether you buy a [00:29:00] product or build a product, you still have to understand the domain the product operates in. Yeah. And you're not gonna build real experience and real depth of knowledge if you're not running those experiments and if your team isn't running those experiments now.

Ashish Rajan: Yeah, actually that's a good point because, and to be fair, it's not just for certain parts of security, all of it, like your GRCs.

Your, uh, detection, engineering soc identity, everyone needs to be kind of on that track of what's the, what's the agent playbook here?

Jasson Casey: We could probably almost have like a game show like stump the chump, right. Uh, you pick the area. Yeah. And I would argue we could probably come up with a pretty set of really interesting experiments.

Yeah. Executable almost immediately to see like, how could this change?

Ashish Rajan: Wow. Awesome. It's a good note to kind of, uh, wrap up the tech questions. I've got snack war that's going to be here. You have choices of British and Australian, but you also have the choice of well, we are an interesting, as well.

I've got kangaroo, crocodile.

Jasson Casey: All right.

Ashish Rajan: Or the, the sweeter versions of [00:30:00] Vegemite version. Uh, these are traditional, so these are, these are, let's

Jasson Casey: try crocodile and kangaroo.

Ashish Rajan: All right I'll let you, uh, pick one. Funny how everyone goes for the interesting ones.

Jasson Casey: That's,

Ashish Rajan: may, may, may, maybe not. That part.

Jasson Casey: It tastes like plastic.

All right. Just pop it in.

Ashish Rajan: Yeah. Uh, I'm gonna grab one as well. So cheese in that. All right. Kangaroo and coro. Is it chicken?

Is it like chicken by any chance? What, how would you describe the taste of it?

Jasson Casey: It doesn't have the structural texture of like a

Ashish Rajan: Jamie

Jasson Casey: Meat, a beef. Like, it kind of disintegrates a bit.

Ashish Rajan: Mm.

Jasson Casey: It's not that stringy.

Ashish Rajan: Is that what you expected for crocodiles, Turkey, to be?

Jasson Casey: Actually no. I expected it to be a bit more, um, I guess I expected the texture to be different. Mm-hmm. So I, I've eaten alligator.

Ashish Rajan: Oh

Jasson Casey: yeah. Yeah. Um, and, um,

Ashish Rajan: is that gamey?

Jasson Casey: I wouldn't necessarily say it's gamey, but I don't know if [00:31:00] I have a good flavor palette for gaming.

'cause I grew up eating a lot of wild gaming. Oh

Ashish Rajan: yeah, yeah, yeah.

Jasson Casey: But, um, no, it, it's, um, the. The, the alligator that I had, the texture is very tough. It's very, it can be kind of almost rubbery.

Ashish Rajan: But No, I think I, when I first had it, I actually thought it was like more like chicken and I'm like, um. 'cause I was expecting it's more gamey and this is the kangaroo, if you wanna try that as well.

Jasson Casey: I think I've had kangaroo steaks before.

Ashish Rajan: Oh, you've had that before?

Kangaroo steak. Mm-hmm. Which just, I mean, it does taste like a jerk jerk version of a kangaroo steak.

Jasson Casey: Yeah. That's not that surprising.

Ashish Rajan: Yeah. This is, this was like on point, but

Jasson Casey: that's surprising.

Ashish Rajan: Yeah. I, I've never had crocodile meat to begin with, which is I was like, oh, I wonder what that would be like. But it was one of the best sellers and I'm just like, I guess people take this when they leave Australia to buy crocodile meat, but which leads me to good.

Uh, my. Fun questions as well. First one being really, what do you spend time on when you're not trying to solve identity problems in the world now?

Jasson Casey: Let's see. I, [00:32:00] uh, so I live in the country. I do spend a lot of time outside with the family and the dogs, and we, um, yeah, we have a small garden. I'm doing quite a bit of research on trying to figure out what we're gonna plant this year.

Mm-hmm. I have, uh, some electronic projects that I work on. The, um, um, it's actually a radar project.

Ashish Rajan: Oh.

Jasson Casey: Um, the, uh, it, it, it's just a way of kind of working a technical problem, but not thinking too hard. Not not having to think too hard from like a, a consequential work perspective.

Ashish Rajan: Oh, yeah. Yeah. Fair. And it's sort so, so different from work as well that you almost like a,

Jasson Casey: you're on pure engineering.

Yeah. Yeah. It's inter, you know, it's, um. Uh, the world is clearly evolving. The cost of, of drones is coming way, way, way down. The idea of multipurpose or dual use components, um, in, um, kind of commercial and civilian life versus in, um, uh, defense life is really starting to get blurred. We see this with like the war in Ukraine.

We see this with, uh, the, the, the war on Iran that's going on right now. And, uh, one of the things I've been [00:33:00] interested in, in a while is, obviously like ISR. Right. And from a cyber perspective, uh, that's pretty close to home. But I don't know, I've just always been curious about it from like a, uh, an EMF, an EMI perspective, a radar perspective.

My dad worked in radar, so yeah. Oh right.

Ashish Rajan: Awesome. And um, second question. What are some, something that you're proud of that is not only a social media

Jasson Casey: crowd of it, not only social media? I'm really good at cooking.

Ashish Rajan: Favorite dish?

Jasson Casey: Actually, so my favorite dish really is simple stuff. Uh, Northern Mexican cuisine.

I make, uh, uh, a dark mole that's pretty good every Thanksgiving. Um,

Ashish Rajan: oh, I didn't realize there were different kinds. So North Mexican food is different to like the, I just mean my mind is like fajitos and tacos.

Jasson Casey: Oh, no, no, no. So Mexico's big place.

Ashish Rajan: Yeah.

Jasson Casey: Um, there's lots of different regional cuisine.

Ashish Rajan: Yeah.

Jasson Casey: Um, uh, the part, uh, the, the food that I kind of grew up on is more earthy.

Nutty bitter flavors, astringency, um, so like dark malaise with like that, that, uh, kind of chocolate folded in. The smell, uh, that I remember [00:34:00] from Thanksgiving as a kid honestly was like, toast, toasted, dried chilies going into like a chicken or a Turkey stock.

Ashish Rajan: Oh, wow. That sounds yum.

Jasson Casey: And then letting that just cook for a while like that.

Yeah, I, so, I mean, I cook, I cook all kinds of foods,

Ashish Rajan: but I'm gonna look up North Mexican. I was just not even aware of the category I should be looking for. I'm gonna look for the

Jasson Casey: new Mexican too, like, just think like, uh, Texas, Mexico border food.

Ashish Rajan: Oh, okay. And, uh, final question. What's, uh, what's your favorite cuisine or restaurant?

I guess this is North Mexican food, I guess.

Jasson Casey: Uh, I, so yeah, it is hard to pick, right? So like, I love Japanese food. I actually make a killer Ramen takes about five days, but I can make a Killer Ramen five

Ashish Rajan: days

Jasson Casey: to Well, you want make

Ashish Rajan: to,

Jasson Casey: you wanna do it right. You wanna let your ingredients actually have time to settle and whatnot.

Ashish Rajan: Okay. Fair. I mean, I was gonna say like, normally ramen shops just go, go down the path of, I mean, I'm sure they bought it for a few days as well. 'cause that's the whole thing in Japan as well. Right? Because, uh, ramen is the thing that makes one ramish shop different to another ram shop.

Jasson Casey: The, there, there's, there, there's a lot of variation.

There's a lot of style. But the, hi, the history of it [00:35:00] was, it's basically the working man's lunch. Like what can you make that satisfies someone very quickly

Ashish Rajan: Yeah.

Jasson Casey: And gets them in and out.

Ashish Rajan: Yeah.

Jasson Casey: Um, but you know, and

Ashish Rajan: it's filling at the same time,

Jasson Casey: like most Japanese cuisines though, like they've perfected it to an art and

Ashish Rajan: Yeah.

Jasson Casey: But yeah, like Mediterranean food, middle Eastern food Indian food. I like food.

Ashish Rajan: I mean, I like food as well, so this kind of works out really well. So, uh, I mean that's the fun questions I had. Uh, where can people connect with you, learn more about Beyond Identity Yeah. And the work you guys are doing.

Jasson Casey: Um, so I'm on LinkedIn, I'm on X.

Yeah. Uh, Jasson, Casey. Uh, remember Jasson S two S's.

Ashish Rajan: Yeah.

Jasson Casey: And, um, everything that I was saying about ai. We support in a product called Ceros. Yep. And you can try it for free beyond identity.ai.

Ashish Rajan: Yep.

Jasson Casey: Uh, if you go to Beyond identity.ai, sign up for Seros. Try it out. Uh, if you don't like it, complain, we'll make it better.

And if you do like it, tell us where we could improve it. Anyway,

Ashish Rajan: yeah, I will put the links in the short as, but thank you so much for coming on the show.

Jasson Casey: Thanks for having me.

Ashish Rajan: No, thank you.

Jasson Casey: Yeah,

Ashish Rajan: thanks again for tuning in as well. People listening are watching this episode of Cloud [00:36:00] Security Podcast.

This was brought to you by Tech riot.io. If you are enjoying episodes on cloud security, you can find more episodes like these on Cloud Security Podcast tv, our website, or on social media platforms like YouTube, LinkedIn, and Apple, Spotify. In case you are interested in learning about AI security as well, do check out a sister podcast called AI Security Podcast, which is available on YouTube, LinkedIn, Spotify, apple as well, where we talk.

To other CISOs and practitioners about what's the latest in the world of AI security. Finally, if you're after a newsletter, it just gives you top news and insight from all the experts we talk to at Cloud Security Podcast. You can check that out on cloud security newsletter.com. I'll see you in the next episode, please.

‍