Is “identity is the new perimeter” more of a marketing slogan than a real security strategy? In this episode, Roy Akerman and Rob Ainscough sit down with Susanne Senoff from Conga to discuss how AI agents are starting to behave more like threat actors, and why traditional ideas like “perimeter” and “zero trust” are becoming harder to define. Susanne shares firsthand experience, including an AI agent that wrote reverse proxy scripts and triggered a high-severity cloud alert, showing why security hygiene, understanding critical assets, and monitoring behavior matter more than static privileges or tier-zero boundaries. Together, they explore how IAM needs to evolve from slow administrative processes to real-time, context-aware security, and why CISOs need teams and partners that can keep up with an AI-driven world. Key Topics 1. Debunking "Identity is the new perimeter" 2.AI Agents as both business enablers and threat actors 3. Evolving IAM: From administrative controls to real-time, behavioral security 4. Shifting identity from static, admin-time governance to behavior-, intent-, and context-aware controls that operate at AI speed 🎧 Episode Highlights [01:53]: The moment when an AI agent behaves like a threat actor [03:14]: Why “identity is the new perimeter” falls short in an AI-driven world [07:13]: Why managing AI agents is like parenting a rule-bending 15-year-old [12:37]: Reinventing controls around agents [14:57]: Evolving IAM from static governance to real-time, intent-aware controls 🔑 Key Takeaways: Identity security must shift from static perimeters to behavior- and intent-aware controls. The old idea of “identity as the new perimeter” and flat concepts like users vs. non-humans can’t keep up with AI agents that behave like threat actors, move across cloud surfaces, and exploit basic privileges in unexpected ways. Modern IAM has to operate at runtime, continuously understanding assets, context, ownership, and behavior so security teams can make millisecond decisions about what to allow, challenge, or shut down. AI agents are forcing security teams to rethink risk, resilience, and incident response. As the time from vulnerability discovery to exploitation collapses from months to hours (and soon minutes), defenders can’t rely on ticket-driven processes or slow business validation to decide if something is “okay.” SOCs will increasingly need predefined, business-aware guardrails that justify blocking first and asking questions later on systems that truly matter, supported by AI-driven context, stronger hygiene, and a “minimum viable enterprise” mindset focused on critical processes, data, and apps rather than just tier-zero infrastructure. IAM is becoming a core part of the CISO’s security stack, not an adjacent function. Susanne shares that CISOs must own identity security architecture, embedding identity security engineers, redefining skills around AI, and partnering with vendors based on vision rather than feature checklists. The next generation of identity teams will be judged not just on joiner/mover/leaver workflows, but on their ability to run real-time, AI-assisted identity defenses that understand intent, adjust access dynamically, and help the business adopt AI safely instead of trying (and failing) to slow it down. 👤 Guest Spotlight:Susanne Senoff Susanne Senoff is the Chief Information Security Officer at Conga, where she leads the company’s cybersecurity strategy and helps drive secure innovation in an AI-driven world. With more than 20 years of experience in cybersecurity and risk management, she has held leadership roles at companies including McAfee, Microsoft, and Morgan Stanley. Susanne is known for her practical, people-first approach to security leadership and for helping organizations adapt to emerging AI and identity threats. Stay Connected: https://www.silverfort.com https://linkedin.com/in/rob-ainscough https://www.linkedin.com/in/roy-akerman https://www.linkedin.com/in/susanne-elizer-senoff-575ba96
