PLAY PODCASTS
Securing the Cloud in the Age of AI with Andrew Krug
Episode 10

Securing the Cloud in the Age of AI with Andrew Krug

Antisyphon Training Anticasts

March 27, 202659m 0s

Audio is streamed directly from the publisher (media.transistor.fm) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.

Original episode pageView transcriptChapters

Show Notes

Existential Courage: The Hitchhiker's Guide to Surviving AI in Cloud

🛝 Webcast Slides -
https://www.blackhillsinfosec.com/wp-content/uploads/2026/03/SLIDES_The-Hitchhikers-Guide-to-Surviving-AI-in-Cloud.pdf

Can AI really help secure the cloud, or is it quietly making things worse?

Join Antisyphon instructor and security researcher Andrew Krug for a free one-hour Anti-cast on what really happens when AI collides with cloud security.

  • Andrew will cut through the hype and look at how LLMs affect IAM, monitoring, governance, and real-world risk.
  • Learn where AI helps, where it hallucinates, and how to defend cloud environments without panic.
  • Expect practical insights, grounded strategy, and a bit of cosmic humor. Bring your towel. Don’t panic.


Chapters

  • (00:00) - Intro
  • (02:44) - Our trip through the galaxy
  • (03:38) - What kind of literature is the Hitchikerʼs Guide to the Galaxy?
  • (04:29) - Don't Panic
  • (05:18) - The Agentic Revolution
  • (05:56) - Cast of Characters
  • (07:44) - The State of AI in the Enterprise - Deloitte
  • (10:53) - How do teams build agents?
  • (12:11) - What are teams using agents for?
  • (13:17) - Why build on Bedrock + AWS
  • (14:17) - Are we learning? Or not learning?
  • (15:58) - Are you the fixed point in a shifting universe?
  • (17:01) - TL;DR the majority of these are the same threats we have been dealing with
  • (18:16) - Prompt Injection is the new SQL Injection
  • (19:13) - Sandbox Escape
  • (20:20) - Shared Structure: General Software & AI Supply Chains
  • (23:03) - The Bad News
  • (24:29) - Threate Vector Coverage
  • (25:24) - The Expanding Universe of Secrets
  • (28:15) - Hope is not a strategy! But a strategy can give us hope.
  • (28:36) - (Yes we AI-Removed Andrew's Coughs)
  • (29:40) - back to: Hope is not a strategy! But a strategy can give us hope.
  • (30:47) - Plan for maximum risk scenarios
  • (33:03) - Squishy Stuff
  • (34:38) - KIRO
  • (37:11) - Infrastructure and Data Protection
  • (39:11) - Priveledge Escalation Paths – https://pathfinding.cloud
  • (40:58) - The AI Stuff
  • (42:01) - So anyway, here's Firewall
  • (43:34) - OpenTelementry
  • (46:47) - You still have to have logs
  • (48:22) - MCP
  • (49:22) - Learn more from Andrew in: Securing the Cloud Foundations
  • (50:23) - Post Show Q&A

Credits
Creators & Guests
Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel

🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com

Click here to watch a video of this episode.

Brought to you by:

Black Hills Information Security 

https://www.blackhillsinfosec.com


Antisyphon Training

https://www.antisyphontraining.com/


Active Countermeasures

https://www.activecountermeasures.com


Wild West Hackin Fest

https://wildwesthackinfest.com

Click here to view the episode transcript.

← All episodes of Antisyphon Training Anticasts