Episode 202

Title: When Identity Isn't Enough: Securing AI Agents at Runtime

Host: Mike Schwartz, Founder/CEO Gluu
Guest: Roshan Shaik, Founder & CEO RuntimeAI

Channels

Description

AI agents authenticate with valid credentials, pass MFA, and then commit fraud — bulk data exports, cross-tenant queries, unauthorized payments — all with a clean token. The identity layer tells you who the agent is; it doesn't tell you what the agent should be doing. This session covers the emerging runtime enforcement layer for agentic AI: behavioral baselines, real-time fraud scoring, and why the post-2012 identity stack (DPoP, MTLS, device-bound sessions) is necessary but not sufficient when the threat is an authenticated agent acting outside its declared scope.

Homework

FBI IC3 PSA on AI-enabled OAuth token attacks (May 2026)
Identity ≠ AI Security : RuntimeAI post, 4.5K impressions, strong identity community discussion
RuntimeAI platform overview: https://www.runtimeai.io/

Takeaways

Livestream Audio Archive

Will be here

Episode 202

Title: When Identity Isn't Enough: Securing AI Agents at Runtime

Channels

Description

Homework

Takeaways

Livestream Audio Archive

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!