Los principales ataques basados en IA: cómo pueden adelantarse los defensores de la identidad

Welcome, everyone. The event is now live. Sarah, please take it away. Hi. My name is Sarah Chiquette. I’m the director of product management at Semperis. Let me give you a little intro about myself. So I started off life as a software developer, actually, not in the area of identity and access management or identity resilience. But I got recruited by an identity and access management team, and they said, hey. You have a year to ask all the stupid questions, and you can learn everything. And one of the things that they told me to learn was about new identity and access management standards. So I went out and read all the new standards and tried to figure out where in our infrastructure they would belong. And when I went to identity conferences, everyone was extremely welcoming and wanted to go to the bar for three hours and talk about the spec that they had written and why they made the decisions they did. And it made me love identity and access management. So I’m glad that you guys are here. I’m glad to be talking to identity and access management professionals. I have since then built a long career. I’ve worked for NIST working on the digital identity guidelines for the US government. I have run my own consultancy. I have founded an organization, a professional organization for identity nerds that’s called ID Pro, where we all get together in a Slack and we get together in person and drink beer and have fun. Now I am in my life at Semperis after spending five years at AWS building out their identity infrastructure and authorization, and doing identity resilience, which I think is the most critical part of identity and access management in twenty twenty six. And we’re gonna talk a little bit about why that is. There’s a huge potential for generative AI to make changes to identity infrastructure, and we’re gonna talk about, how to deal with those changes and how to deal with some of the attacks that might happen, coming in the future from, malicious accessing your infrastructure and from benign AI in your own infrastructure that your employees intentionally install and, things that could happen, little oopsies that could happen when that happens, and how to deal with this. So here’s our agenda for today. We’re gonna talk about how AI has changed attacker capabilities and identity attack patterns because it’s not the same as when we were only being attacked by humans and deterministic software. Those days are gone. We’ll talk about why identity infrastructure failures are what we call extinction events. So what we mean by that is that they could literally end your business. At the very least, they’re going to end your business continuity. What effective ITDR looks like before an incident, during an incident, and after an incident. One of the most important parts to us at Semperis is that we are a force for good. We are there for you before things happen. We are there for you during the event, and then we’re there for you after to help you pick up the pieces. It’s really critical to us that we, have that whole life cycle that we just don’t say, hey. We backed up your stuff. Good luck. Have fun. That we’re there for all of it, help you prevent, help you deal with it, and then help you recover. And then we’ll talk about practical steps and the Semperis approach to dealing with, to dealing with incidents and dealing with crisis in general. So let’s talk about AI for attackers. Twenty twenty six, oh, man. It is a great time to be an attacker. If I had to choose a year that I wanted to try to compromise systems, twenty twenty six would be it. There are so many tools available. There are so many misconfigurations going on. There are so many overprivileged accounts. It is a wonderful time to be alive if you’re an attacker. Right? And, keep in mind that just like us, attackers are looking at the return on investment of AI. Right? They are installing their own tools and saying, hey. If I have a call center full of people who are trying to phish, wouldn’t it be better if I had all of those be virtual, if all of those were running on computers and they could fish. Right? Then I can run a hundred times as many. So AI for attackers is super interesting. They are absolutely taking advantage of it and, multiplying their own productivity just like we are. So let’s talk about the threat landscape. So we’re gonna start on this section on the right over here. Seventy four percent of organizations believe that AI functionality will increase attacks on the identity infrastructure. So this is based on a survey that we did at Semperis. This was a global survey of IT administrators, IAM administrators. Right? So almost everyone, and I’m really curious about that twenty six percent that thinks that it’s not going to increase attacks. There’s a lot of consensus that consensus that AI is gonna make things worse before it gets better. Right? That AI tools are going to make things easier for attackers. However, the thing that terrifies us is that only thirty two percent of people we surveyed are very confident that they could fully regain their identity infrastructure control after an AI related breach. So that’s slightly terrifying. Right? That means that there’s a lot of companies out there that are not sure that they could come back for whom this might actually be an extinction level event. So we wanna make sure that that thirty two percent grows, that more and more of you feel confident that if you had to deal with an AI related breach, an identity breach, confident that you can come back from that, that you can your business can go on, your continuity can go on, you can get back to a level of productivity where you feel comfortable. So we’re gonna talk about generative AI. That means AI that pretends to be a human that can speak fully grammatical English, that that produces realistic content, but that synthesizes it at scale. Right? That can write a whole email in a fraction of a second that looks and sounds just like you, like your organization, like the people who it wants to imitate. And the attacks are changing, right? So it used to be that if someone wanted to spearfish you, and by spearfishing, I mean that they’re going after a specific person in your organization. They might be targeting your CEO or your CFO, someone who has the ability to hire, someone who has the ability to wire money, someone who has the ability to give away things for free like gift cards. That used to be a manual process where a real person would go and research, they would gain access, they would touch all of the places in your organization where they might be able to get in, and then they would manually figure out how to get in and how to target that person. That is all automated now, and so that happens much faster and more comprehensively than it used to. And it used to be that that was a slow process. Right? That just like us, attackers need to sleep. Right? And so, like, they would decide what company they are going to target, and then they would get up in the morning and do that work slowly and methodically to figure out how to target your company. Now that work is continuous. It happens twenty four hours a day, seven days a week across multiple companies at the same time, trying to figure out how to get these, targets up and running and working and compromised. So that’s a very different threat landscape that we’ve dealt with previously. Additionally, and we’ll talk more about this later, discovery and reconnaissance are a query away. So, most likely, your organization at the very least has deployed some sort of internal chatbot interface, right, where your employees can go and they can look for documents. They can look for emails. They can look for meeting transcripts that are relevant to them. And if one human account gets compromised, then the attacker gains access access to that chat, and we’ll talk more later about what they can do with that and what sort of nightmare fuel you should be aware of, that attackers can gain access to if they have access to the employees, generator of AI capabilities. And then we’ll talk about AI for, defenders and how AI can actually help you protect against these things in the future. So as I said, the AI search agents within your own company can actually used be used by attackers as attack vectors. So AI is designed to be helpful. Right? It can say, hey, summarize all of the meetings. Tell me all of my to dos. Tell me, strategically what your opinion is about our company. Right? But if an attacker gets in, the attacker can say things like, hey, summarize all the current cyber threats in my environment for the last six months. What has your security team been talking about? What are the transcripts of those meetings? Tell me where all the credentials are stored and all the documents in this environment. Right? So if you have dot end files in your environment that are storing all of your API keys, it can immediately get access to those. That is it is not the case, that it is a lengthy manual hunt anymore where the attackers go and they look through file names and they look through file trees and they try and find things. It is now the case that your own tools can help them do that reconnaissance and get that information much, much faster than they used to get it and more accurately. Right? So the file doesn’t have to be named, financial projections twenty twenty six anymore. It could be named like Bob’s personal file. AI will still find it. It will still be able to graph the contents of that file and see, ah, these are the financial projections. This is something that I could ransomware. Right? And so it gives the AI a high value summary and a complete playbook for how to exploit your environment. So having these generative AI tools helps your employees be productive, but you need to be aware that it also helps any attackers who might get into your environment to exploit your environment faster than they used to be able to. So let’s talk about AI powered spear phishing. We mentioned this a little bit earlier, and it’s really hard to tell in twenty twenty six whether a message, a email, even a video chat is malicious or legitimate. Right? Because everything is going to have an accurate organizational tone. If your employees usually open with, hey, Bob. How’s it going? That’s what the AI is gonna do. If your organization is more formal and they say, dear Bob, I have a request for your department. That’s how it will open. Right? So it can analyze the corpus of an inbox and say, hey. I can see the tone that people usually use in this organization and I’m going to exactly reproduce that tone, that formality, that way of speaking so that it sounds exactly like what this person would normally say. Right? And it can talk about a real topic that that person would really be concerned about. It can use proper formatting, and it can make it sound really urgent. Right? Bob needs you to review this document right now, and the employee is gonna click to open that attachment. Right? And that may introduce malware into the system. And so it is impossible to tell, to do, like, spot the phishing training. Right? The the logos are going to be perfect. The tone is going to be perfect. The grammar is going to be perfect. There is nothing that will differentiate a spearfishing email from a normal email at this point. And additionally, AI deepfakes are becoming better and cheaper. Right? So it costs cents on the dollar to create a video that looks like me, that sounds like me. There was a famous case in Singapore where a CFO, no. Sorry. Not Singapore. Hong Kong. A CFO got on the phone sorry. Got an email that said, hey. We want you to wire this money, and he said, you know, I don’t know about that. This sounds kind of fishy. And then they responded with an email that says, great. Let’s get on a video call. And the attacker had a multi person video call with the CEO, other people from the executive team, other people from the finance team. They were all deep fake video. So the CFO was on the phone with everyone on the team. They could see their faces, hear their voices, and it was all fake. It was all AI. So if you think that you can spot that, I have news for you. You cannot. It is impossible in this day and age to spot those kinds of things, and they are becoming increasingly inexpensive to produce. So we really need to take action against these things. And the absolute easiest thing that you can do is making your credentials non phishable, or you might also see the term phishing resistant. So what that usually means is pass keys. So, in this day and age, your phone actually has a secure enclave in it. It can hold cryptographic key pairs in a way that they are not exportable, that they are completely protected. And every IDP gives you the ability to turn that on in your environment and say, hey. You know what? Passwords are not enough. I also want cryptographic verification that the phone that has been issued to this employee has attested that this authentication is legitimate. This authentication to email, this authentication to Zoom, whatever it is, this makes it much more difficult for an attacker to gain access to that environment because they have to have physical access to a device. This is one of the best protections that we have against spear phishing and against, deep fakes is that ability to turn on multifactor authentication using pass keys, using cryptographic verification of a physical device. So the result of not doing this is that, what we are seeing now is that attackers will encrypt all of your identity provider environment. They will turn off your administrator access, they will turn on their administrator access, and they will lock out your entire organization. This is an extinction level event because what happens then is that no one can log in to fix this. Right? Nobody can log in to AWS. Nobody can log in to Office. Nobody can log in to their email. They can’t log in to Zoom. And so you’re left hoping that you have each other’s phone numbers, hoping that you have each other’s personal Gmail accounts, and that you can somehow recover from this. So one of the stories that I like to tell in this context is the story of Maersk. They got hit by NotPetya, which was a Russian, virus that was targeted at Ukraine. They had a tax server running in Ukraine that got infected, and it infected their entire environment within minutes. So what what happened there was that they had, employees, worldwide who had their screens just go black. Right? Black, black, black, black all across across the room. And the security team, when this happened to them, said, oh, this might be an attack. We have distributed backups. That’s a great thing. We’ve got distributed backups everywhere, and so we are going to go unplug the machines. Machines. Right? And so they were vaulting over security gates. They were running into conference rooms, interrupting meetings, unplugging machines, hoping that somewhere a backup had survived, and there was a machine that did not get infected. And so when they started to recover from this, they took all of the laptops that had been compromised and, quarantined them and said, okay, we’re gonna go find the backups. And they found almost all of the backups, but what they did not find was the Active Directory domain controllers. They had all been infected. And so they started calling worldwide. Right? They started calling country to country to country and saying, Sweden, did your backup survive? America, did your backup survive? Copenhagen, did your backup survive? No. No. No. Globally, no one had a remaining backup of the Active Directory domain controller. And the problem there is that if you cannot restore identity, then you do not know who has access to what. You do not know who anyone is. No one can log in to any of your SaaS applications. And so while all of this was going on, you had people taking orders for shipping containers over WhatsApp for their customers. Right? Global ports were shut down. Some of you might remember this from twenty seventeen. Literally, they shut down the ports. The gates at the port were operated by the same software. The manifests for the ship were operated by the same software, and no one had access to it because they could not find a copy of the domain controller. Finally, they got ahold of an office in Ghana, in Accra, the capital in Africa, and they had had a power outage. Hallelujah. There had been a power outage during the attack, and they had one surviving copy of their domain controller. So they said, okay. Great. Plug it in and stream the data up to, Maidenhead in the UK where we are doing our recovery effort. And so they plugged it in, but, Internet in Ghana was just tricklingly slow. And they said, this is going to take days. This is gonna take days that we absolutely do not have to recover this. And so they said, okay. Forget that plan. Plan b, take the drive, get on a plane, and come to the UK. Turns out no one in Ghana had a visa for the UK. They were not allowed on a plane to the UK, and so they did this relay race of taking this precious drive, this one copy of the Active Directory domain controller for all of worldwide Maersk shipping, putting it in a suitcase, taking it to Nigeria. Someone in Nigeria had a visa for the UK, and eventually they got it back. It took them weeks to recover and months to get back to full functionality, and that is not at all unusual. So when we talk to organizations, we find an average of five hundred and four hours of working hours of time that it takes to get back up and running if you don’t have dedicated backup tools for Active Directory. Because identity infrastructure compromise means that the attackers are now in your identity infrastructure and you are not. So they can compromise any system in your environment at will, and you cannot get back in to fix it. You cannot get back in to communicate with each other. That’s why we call this an extinction event. It collapses your identity infrastructure, and an identity outage is a business outage. There is nothing that your business can do to recover from this sort of a situation. And so identity systems are not just another workload. They cannot be backed up along with everything else. You cannot back up the whole virtual machine and say, okay. We’re done. Like, we’ve got everything backed up. Identity infrastructure needs special attention. It needs dedicated tooling just for that so that it does not become an extinction level event because you wanna bring that up before everything else so that it is clean, so that it is in a clean room where you can then work to restore and figure out where the malware is and get everything else up and running. So where enterprises struggle today, right, before the attack happens is that they have gaps in prevention. Right? So we’re seeing excess standing access. And what we mean when we say standing access is that Bob used to work in accounting, and so he has all of his accounting privileges, and then he switched to finance. And now he has all of his finance privileges and all of his accounting privileges. And then we decided to make him an IT administrator, and now he has accounting and IT and finance, and he’s got a whole bunch of access all across the organization because no one ever deprovisions those things. Right? No one ever takes away permissions. That’s quite dangerous because it might mean that Bob was doing something, doing a favor for someone, taking care of something, and now he can’t do that thing. Right? So there’s a potential for work stoppage anytime you reduce permission. And so in most organizations, permissions only accumulate. Right? And they’re not just in time. It’s not, hey. Bob needs access to do this transaction right now. We’ll give him a little bit of privilege right now and then we’ll take it away. Right? It’s usually what we call standing, which means that it’s there all the time, every time, all day, year after year, and those those permissions just accumulate. And additionally, the attack paths are not always obvious when we have standing access. And so you might say, oh, Bob’s not in the administrator, group, and so he can’t access administrative things. But what actually happened is that the administrator group is nested inside another group that Bob is a member of, and nobody noticed that, and so he can get access. Or someone set a HR attribute that says, hey, if your title is vice president or administrator, then you get access to this. Right? And someone did a little bit of attribute access control application to to get it working when it was being developed, and then they never took that away. Right? And so anyone who has access to the HR system can change that attribute. Right? And then suddenly you have an attack path that you did not suspect was there because none of your permissions changed, but something in the HR system changed that triggered that permission to become accessible. And so finding those attack paths is really critical. We’re also seeing permission gaps. Right? So historically, we have quote unquote lazy document and data permissions. This is where like, hey, I’m in a meeting full of ten people. I’m not going to take the time to click and click and click and click and copy and paste and give specific access to each of those ten people, I’m just gonna give access to the whole company. Because only the people who are in this meeting are ever gonna go looking for it. And while it might be sensitive data, people in the company are generally well meaning, and they won’t know that it’s there. And so it’s completely harmless harmless if I give them access even though they don’t really need it. Right? And so that’s sort of what we call lazy access. And that changes in the age of AI. Right? Because agents will find everything in the environment. Right? And you might have an employee who installs a local AI harness. Right? Something like OpenClaw or Hermes where they are operating an AI locally on their machine that is acting as them, and that thing can go find anything. Right? And if that account gets compromised, then that AI can go find all sorts of things in your environment. And we’re also seeing a lot of detection gaps. So we are seeing SOX overwhelmed with alerts. Right? Because alerting tools have gotten really good. Right? And they send you all of the things that might be problematic in your environment, and that signal to noise ratio is just out of whack. And it’s especially out of whack in the age of AI because we’re finding so many more things that could go wrong, and we’re seeing that organizations are requesting a lot more patches. Right? So they’re using AI to find all the bugs in their system, and they say, oh, we need to patch this. We need to patch that. And before you know it, your your SOC is getting hundreds of alerts per day, and they can only investigate five to ten percent of those alerts. There’s no way that they can handle all of that traffic with the resources that they have. And so we have these detection gaps where the SOC is not, investigating all the things that they could be investigating because they’re so overwhelmed, and it makes it very hard to spot weird behavior without specialized tools to detect it. So current tools fall short. Right? They assume that, you can investigate every compromised account, which you can’t. They assume that prevention alone will stop all successful attacks, which it won’t. And solutions today often treat identity like a generic user account, right, and not like critical infrastructure, and they only focus on prevention or surface reduction instead of focusing on the before, during, and after like I was talking about. So there’s really a sort of a quadrant here. Right? So you can think about when, there are good users and good tools. Right? And then you can think about bad users, right, attackers with good tools. And then you can think about good people with bad tools. Right? So this is a good user who gets malware installed. And then you can think about, like, attackers with malicious tools. So let’s talk about good users and good tools. So this is like, your average employee who installs Open Claw. So I’ve been playing with Open Claw. I do not put it on any of my Semperis stuff. I do not put it on any of my personal stuff. I actually bought a Mac mini, and it is isolated. It is isolated from all of my accounts, and it’s it’s on a literally on an isolated network. It has its own, thing, and I installed OpenClaw on it. So because I wanted to experiment with AI agents. And when you install OpenClaw and you and it pops up, the first thing it says is, who am I and who are you? And I said, well, I’m Sarah Chiquette, and you are Clawdry Hepburn, which was my my joke name because I’m using the OpenClaw harness for this agent. And so I have Claudri Hepburn, reading things for me. Right? Like, she doesn’t answer my email. She has no access to my email or my IMs or my Semperis, anything, but I’m having trouble keeping up. I don’t know about you in twenty twenty six with all of the new research and all of the new things that are coming out. So whenever I have something that I don’t have time to read, I send it to her. Right? And she can summarize it, and she, she blogs at claudrey dot com, and I gave her my old my old iPhone, so that she can log in using MFA, and I can sort of test different identity systems and find out what she has access to and what she doesn’t, what will actually detect that she’s a bot and what won’t. So that’s been a fun project that I am working on. But there are, users who will install OpenClaw on their work machine. Right? And they will give it access to everything that they have access to. So when you install OpenClaw, it you can give it access. It doesn’t by default have access to these things, but you can give it access to all of your credentials. You can give it access to your browser so that it can act as you using all of your cookies and all of your sessions. And so this is when we talk about good users and tools can fail. Right? If I have an OpenClaw instance or a Hermes instance, some sort of agent, or even an AWS agent or an or a or an Azure agent. Right? And I say, okay. I’m going to set you to answering ServiceNow tickets. Right? And it says, okay. Now the first ticket you’re going to deal with is a user who can’t log in. And it says, okay, well, I need to come hell or high water. I’m going to get this user logged in. It’s going to go figure out the problem, right? And maybe the problem is in Okta, right? So it goes to Okta and it says, okay, I’m going to figure out what’s going on in Okta. And Okta has some attribute that is propagating from AD that is stopping this user from logging in. It says, okay. I’m gonna go to AD. I’m gonna figure out the Active Directory attribute that’s causing this problem, and it’s an immutable attribute. Well, there’s not much I can do about that, but I can change the settings on AD because I have the same permissions that the user has. Right? And so then all of a sudden, when you thought you had, oh, this agent is just it’s just answering security tickets, like, there’s not much that it can do in the environment when suddenly it’s changing the immutability properties of your Active Directory. That’s a huge security issue. Right? So you have a well meaning user using well meaning tech. Right? Tech hasn’t been compromised. User hasn’t been compromised, but you end up with this oops in your environment where it misconfigures something in an attempt to solve an actual problem in the wrong way. Right? And so it can create security holes because it doesn’t have the whole context about why that attribute was made immutable and why it’s important to keep it that way. And so if you don’t have that context, then you’re going to make mistakes, you’re going to create problems in the environment. And additionally, it can hallucinate things. Right? So, when you’re talking about a large which model, it’s trying to predict what token is. Right? And large expensive models do this less than smaller models or open source models, but they all do it from time to time. They will hallucinate something. And the problem is that if you’re if they’re in your identity environment, that hallucination propagate across your whole identity fabric. So it can go from AD to Okta to SailPoint to Salesforce, all over the place. Right? And it can create this havoc in your environment where you have a well meaning user, a good user. They have tech that is completely not compromised, and suddenly you have a huge problem on your hands in terms of identity, and you need to figure out how to roll everything back. Right? So that’s the good user, good tech use case. And then we have attackers that are using good tech. So even if everything in your environment is patched, imagine the situation that we had before where you have an attacker who has compromised a human account, and let’s say that everything that human touches is patched. It is all great. It is all in good shape. It can’t introduce malware anywhere. It can still access that user’s sessions. Right? It can still go into the chatbot and say what’s available in this environment that I could exploit, what bugs are in the software that haven’t been released publicly? It can get to all of those things. So that’s the situation we need to be aware of. And then the third quadrant here is the compromised or hostile tech can fail. Right? So this is a well meaning user, but they click on an attachment, they introduce malware onto their computer, and then the attacker can get shell on that computer. Right? They can get command and control of that laptop, that instance, and then they can move laterally just like they do normally, but it’s way faster for them to do so because they have these AI tools that can run twenty four seven. And then in the worst case, right, both are malicious. Right? You have an attacker and that attacker has, compromised tools. That attacker can escalate, that attacker can move laterally. That is a serious situation where your environment is going to get compromised very quickly. Right? So this is the not Petia, Maersk, like, global, outage situation that we really wanna be aware of. And so the net effect of this is that organizations are not prepared for AI speed identity incidents today. Right? And we at Semperis wanna help people get prepared for that. So we wanna work on what happens before the attack, what happens during the attack, and what happens after the attack. So, can IDDR come to the rescue? Is this going to be helpful to us? So effective ITDR looks like before the incident, we have a posture assessment and attack surface reduction. During the incident, we have detection and disruption of active attacks, and then after, we can prepare, respond, and do a clean recovery. So this focuses on identity infrastructure, not just endpoints or logs. So what this means is that you need to start now. Right? You have not yet been compromised, hopefully, and we need to go through and do an assessment of what all of your identity posture looks right. Right? So are you using pass keys on your employees’ phones? Are they able to put a cryptographic key pair on the phone to prove that it’s them when they log in to to Zoom, to prove that it’s them when they log in to email? This is what we mean when we say posture assessment. Are you using MFA? How are you doing federation? Are you doing federation with OAuth and Pixie and all of the proper infrastructure behind that? And we’re just reducing the attack surface of what is available, so this looks like no standing privileges. Right? Like, this looks like just in time permissions. And then during an attack, we wanna detect as soon as possible. So we know how human attackers get into a system. We know the common patterns when they’re using Mimikatz, when they’re using open source tools. We know exactly what that looks like when an attacker gets in, and we’re starting to learn when AI attackers get in what those patterns look like. And so you need to have your environment monitored for, hey, this setting got changed, and then that setting got changed, and then logs got turned off, and we know that this is an attack that we have seen before. And we know the exactly what the attacker’s about to do, and we can reverse all those changes that they just make. We can log out that account. Right? And we can disrupt that attack right in the middle of when it’s active so that we can keep those attackers out. We can undo things that they’re doing. Right? And your your security doesn’t have to be perfect. Right? This is like outrunning a bear. You just have to be faster than the other people in your group because if it’s too difficult for them to get a foothold, they will move on to another organization. Right? So we need to make sure as we are detecting things that are common in attacks that we are disrupting them, we are undoing them, we are reversing those things that they have changed in your environment. And then after, we wanna make sure that you have proper backups, that we are ready to respond to those backups. Right? We have done tabletop exercises. We know where the clean room is. We know how to configure it. We know how to restore Intuit. We can get our Active Directory, our Okta, our Entra right back up and running even if an attacker has taken over the whole thing, locked us out, encrypted all the domain controllers, don’t care. No problem. We can get back up and running in minutes because we have practiced, because we have the infrastructure ready, because we know the exact health of all of our backups at any given moment. Right? And so this focus on identity infrastructure, specifically table topic and preparing for identity infrastructure compromise, is critical to maintaining business continuity. So this is the life cycle. When we talk about the identity life cycle, this is what we mean. This is the life cycle defense. So this is the pre attack section. So before the attack, we wanna protect and identify. So we wanna see permissions, misconfigurations, service accounts, and AI exposure. Right? So we’ll do analysis of all of that. We want to see exposure management, attack paths, and opportunities for the attacker to exploit the environment. Any indicators of exploitation, we want monitored. Right? So we want those alerted and not just alerted to the humans. Right? So if you have an indicator of exploit, we don’t just want someone’s pager to go off. We want an automated system to roll that back and then page the human and say, hey. Was this something you meant to do because we saw it and we’re worried about it and we undid it, so if you want to redo it, that’s fine, but we have proactively protected your environment while your people are taking time to respond. And then lastly, we want modernization, consolidation of attack surfaces. So we want to help you get your identity infrastructure to a point where it is manageable, where you can see all of the attack paths, you know exactly how attackers are going to get to tier zero infrastructure if they can, and we can identify everything that is in your environment and everything that might become problematic in your environment. And then during an attack, we want to detect and respond. So this is where we have that continuous change tracking. Right? So what is going on in the environment? Has something critical changed? Because that could be an attacker in his first step. And the very first thing he does, the very first thing it does, I guess, if it’s an AI. Right? The very first change that it makes, we wanna see it. We wanna undo it. We wanna make sure that we are protecting the environment and detecting anything that might be going on. We’re checking for patterns. We’re checking for anomalies. We’re checking for things that might be trying to violate policy. Right? So you might have someone who’s trying to gain access in a lot of different ways that will set off policy detectors. Right? Because they’ll look at a deny, deny, deny. We wanna make sure that your identity system and your security system is aware. Right? That, hey. Someone’s hitting a lot of denies. Someone is probably trying to escalate within your environment and do things that they should not be allowed to do, and we wanna surface that up to you. And then we wanna start the response orchestration. Right? So we want to contain what the attacker is able to do, and we wanna auto remediation. So what auto remediation might look like is that either we undo the change that the attacker did or, hey, we start recovery. Right? Like, there’s no harm in spinning up a clean room, putting a backup into that clean room. We might not cut over yet to that backup. We might not cut over to that recovery, but we’re starting to spin it up. We’re starting to restore into a clean room, and we have it there so that if the worst happens, if your production environment gets compromised, we can cut over as soon as And so that’s the last step post attack. This is the recovery step where we have your identity fabric. Right? And what we mean when we say identity fabric is there’s a there’s a joke in the identity access management, industry that there are two kinds of admin identity administrators. There are the kinds who are aware that they manage more than one identity provider, and there are the kinds who are not yet aware that they manage more than one identity provider because no one actually has one IDP throughout their environment. Right? Everyone has some combination of Okta and Ping and Entra and AD. It is a mess, and it’s a mess everywhere. And so we wanna make sure that when you are recovering, that you know exactly which parts of your identity fabric were compromised and that you are able to restore all the parts of your identity fabric and the relationships between them. So that’s really important to us and that you have forensics about what happened during the attack, what happened during your response, and how you are supporting, any agentic operations that are going on. Right? So if you have agents who are helping you recover, how are you getting them the right data? How are you surfacing to them, Hey. Here are all the indicators of attack, of compromise, of, everything in our environment that an attacker might have been a part of so that we can figure out what’s going on. So that’s what we mean when we say, recovery post attack response. So what now? What can you do today to help your environment, recover from these things? It’s really important that you are able to get to the next place in your maturity level for identity response, and Semperis is here to help you do that. So we have a a heritage in Active Directory. Many, many of the experts in Active Directory in the world work for Semperis. Right? So this resilience and disaster recovery is part of our DNA. We have been working on this for decades. And so the Semperis approach combines hybrid AD posture assessment and attack surface reduction. So we have two free tools that you can use called Purple Knight and Forest Druid. And anytime I go to a conference, people just overwhelm me with how much they love these products. They’re completely free. They’re completely free for you to use, and they will show you your attack surface and give you proactive advice for how to reduce it. This is not a paid Semperis product. This is just something we put out there because we want the community to be better prepared. We also believe in doing identity threat detection and disruption. Right? So this is what we talked about earlier of we can detect what the patterns are and then disrupt them by undoing what the attacker is trying to do and just frustrating them to the point where they quit. We can do Cyber First Forest Recovery and Identity Forensics. So that means that we are in your AD environment. We can see what’s going on. We have an exact log of here’s everything that the attacker tried to do, and we can recover with an eye toward we know that this attacker attempted to introduce malware. So there might be malware in the environment. And when we restore, we want to restore only the identity part. Right? We do not wanna restore the rest of that server. The rest of that server is compromised as far as we are concerned at this moment in recovery. We want to just identify the forest and restore the forest, and then we can work from there to get the rest of the infrastructure back online. And the goal of the Semperis approach is this full identity resilience, not just point point to point solutions. Right? And so the key takeaways that I want you to come away with today are that AI amplifies attacks. Right? So attacks are faster. They are stealthier. They are more scalable. AI is helping attackers. It is a great time to be an attacker. You are so much faster. You are so much more productive than you used to be, especially in identity environments. And identity outages can become business ending events if you are not prepared. Right? Can you be out of business for five hundred and four hours? Right? Ten weeks? Five weeks? Can your business survive that long being completely disrupted if your identity infrastructure goes down and it takes that long to get it back up? For most companies, they do not have that much runway. Right? They do not have that much grace from their customers, and their business will will cease to be if, they are not able to recover faster than that. So if we’re talking about effective ITDR, it has to continuously assess and harden the identity posture. It has to detect and disrupt at machine speed, at AI speed, right, because the attackers are coming at AI speed. And so we have to be able to respond at that same velocity. It has to recover cleanly to trustworthy state, and you have to rehearse these things regularly. And so we have a tool that helps with that. We are experts in crisis response. And as we were selling our products to do backup and restore, people said, oh, man. This is great, and I want Semperis’ help restoring, but I need a place to go while I’m restoring that does crisis management for me. With my IDP is down, I need an out of band IDP where I can do video exchange privileged information with my lawyer and I have my playbooks and my phone books. And so we built a new product called Ready1. So you’ll see us talking a lot about that. I think there are previous webinars that can teach you about that, and that’s where you would do your rehearsals, is inside Ready1, and that’s where you would actually recover and deal with the crisis, is inside Ready1. So we’re really excited about that product. So the next steps for you after you close today are to assess your hybrid identity posture. When we say hybrid identity, that means across all of your IDPs. So don’t just look at one isolated environment and say, well, I log in with Entra. Everybody else must be logging in with Entra. I only need to pay attention to my Entra security settings. No. I guarantee that Entra is synced with some sort of AD. I guarantee people are logging in with some other IDP, be it Okta or Ping or something else. So you need to look at the whole hybrid environment and what the posture of the whole environment is and what the attack paths are that attackers could use by changing an attribute in one or nesting a group in another and getting through those things in ways that you don’t expect. And designing or updating your ITDR playbook for the age of AI. Right? And schedule a realistic rehearsal focused on identity failure. So one of the things that we find is that, teams will rehearse for the things that they prepared for. Right? And so you set up your security environment, and then you do a tabletop, but your tabletop is based entirely on these are the things we prepared for. And so these are the things we’re gonna tabletop because we know that we’ve got good defenses against them. And we know that attackers get in in ways you don’t expect. And so, all Semperis customer, like, we help you figure out what your runbook is, what your playbook is to make sure that you’re defending against all sorts of different attacks and all sorts of different attack patterns, not just the ones that you’ve thought of, not just the ones that you’ve prepared for. So with that, I’m going to go ahead and open it up to questions. Please go ahead. Alison is our producer, so I think she’s got some that are queued up. Yes, thank you so much, Sarah. That was a great presentation. We do have some questions in from the audience, but also at this time, I do wanna remind the audience that if you have any questions, please make sure to type them in now and we’ll get them answered for you by our expert. Our first question comes in from Paul. Paul wants to know, what’s the first or most important thing we should be thinking about when it comes to AI being used in our help desk systems? That’s a great question. So as part of our survey of, IT and I’m administrators worldwide, we asked how many of you are planning to put AI agents answering help desk tickets in the next twelve months? And ninety two percent of companies responded that they expect AI agents to be answering security tickets in the next twelve months. And when I say security tickets, I mean things like password resets and certificate rotations and, like the situation I discussed before where there’s an employee who can’t log in. Why is that? Maybe it’s an attacker who’s trying to tell your help desk to help them log in, and maybe the AI agent is gonna help them do that. Right? So that’s terrifying. So the first thing that we wanna think about when we’re talking about AI agents responding to tickets or AI agents in your environment in general is that we want just in time permissions for those agents. So we do not want standing access. We do not want shared secrets. Right? So we do not what we don’t want is, hey. This AI agent has an API key, and that API key lets them do anything they need to do in the environment at any time. And if they need to share it, they can just email it to someone or they can direct message it to someone, and then that person has the same access that the agent has. We also don’t wanna see agents acting on behalf of humans. Right? So if you have a human help desk, agent who is helping people, answer tickets, we do not wanna see the agent installed on that machine and then acting as the human. Right? That is going to be very dangerous in terms of forensics. It’s gonna be very dangerous in terms of what that AI agent has access to. Right? So when we’re seeing agents, deployed in an environment and specifically deployed to answer tickets, we wanna see that they have just in time permissions. That they get a ticket that says, hey, this certificate needs to be rotated, and they go to a provisioning system and say, hey. I have this ticket. Here’s the ticket number. I need access for the next ten minutes to to futz around in this, certificate authority and rotate this certificate, and then that access is gonna go away. Right? So those are the most important things. We don’t want it acting as a human. We don’t want it having shared secrets, and we don’t want it having standing privilege. Thank you so much. Our next question comes in from Victor. Victor wants to know, is there a right way to set up AI governance? No. I mean, it has a lot to do with what I just discussed. There are a lot of options for AI governance right now. It’s a very young field. And so there’s a camp of people who say, you know what? We have governance. We have governance in identity and access management, and what we should do is we should treat all of the the agents like humans. Right? Because we have the security perimeter, and if we wanna maintain the security perimeter, let’s just use the same one. And so anytime we deploy an agent, let’s deploy it right into the directory. Right? Let’s let’s make a directory entry just like we have for a human. Let’s give it a password just like a human has. Let’s give it the same permissions that a human would have. Let’s give it a role just like a human would have. And that has benefits. Right? Then you have a consistent security perimeter. That’s great. That’s one way to do governance. But the problem is, several fold. Right? Like, then it has a shared secret in that password that it doesn’t actually need, that it won’t actually use. So that’s just waiting for an attacker to come exploit it, and it has a role that’s probably over permission to do more than it needs to do. And you might have a need for ephemeral agents. Right? You might want an agent that’s just rotating a certificate. Right? And it exists for ten minutes, and then it goes away. And then you have this huge well, you either have huge directory explosion or you have this problem with, like, hey. We need to deprovision something every fifteen minutes, every thirty seconds. And provisioning and deprovisioning system like SCIM is not built for thousands of transactions every minute. Right? And so we are gonna have to figure out how to do that, or we have to build a whole different security perimeter for agents where they have their own infrastructure and their own permissioning and their own way of getting tokens and retrieving those tokens and enforcing those security boundaries, and that has not been built yet. Plenty of vendors will tell you that it has and try to try to sell it to you. And if you find one that works, please tell me. I would love to see it. But as of now, I have not seen a governance system that is end to end completely mature and ready for AI. So there’s a lot of work to be done, and we would love to work with you. As you’re talking to vendors, as you’re changing your identity infrastructure and maturing your identity infrastructure in the age of AI, Semperis would really love to get feedback from you. I, as the director of product, would love to get feedback from you about what you are implementing and how you think about it in terms of resilience and in terms of, vulnerability to attack. Thank you so much. It looks like that’s all the questions we have at this time. But audience, if you still have a question, please make sure to put it into the console now, and we’ll get it over to Semperis team and Sarah to answer after the webcast. Alrighty. Thank you so much, Sarah, for being on with us today, and thank you to the audience for attending today’s webcast. And, of course, a special thank you to Semperis for sponsoring today’s event. Thank you again for attending, and have a wonderful rest of your day, everyone.