Stenobird

Episode

#348 AI Agents in Your Systems: Speed, Security, and New Access Risks with Jeremy Epling, CPO at Vanta

Podcast
DataFramed
Published
Mar 2, 2026
Duration seconds
2662
Processing state
processed
Canonical source
https://www.datacamp.com/podcast
Audio
https://dts.podtrac.com/redirect.mp3/cohst.app/pdcst/6G1A6D/episodes.captivate.fm/episode/8d3d0f12-1f5f-4060-8c1b-64a41b4f668b.mp3
JSON
/v1/public/podcasts/dataframed/episodes/348-ai-agents-in-your-systems-speed-security-and-new-access-risks-with-jeremy-epling-cpo-at-vanta
Markdown
/podcast/dataframed/348-ai-agents-in-your-systems-speed-security-and-new-access-risks-with-jeremy-epling-cpo-at-vanta.md

Actions

  • POST https://stenobird.com/v1/public/podcasts/dataframed/episodes/348-ai-agents-in-your-systems-speed-security-and-new-access-risks-with-jeremy-epling-cpo-at-vanta/transcription-requests
    Idempotently request low-priority transcript generation for this episode.
  • GET https://stenobird.com/podcast/dataframed/348-ai-agents-in-your-systems-speed-security-and-new-access-risks-with-jeremy-epling-cpo-at-vanta.md
    Read the agent-friendly Markdown representation of this episode resource.

Summary

AI agents are a double-edged sword, offering powerful automation for security workflows while introducing unprecedented access and data leakage risks. This discussion explores how to leverage agentic automation for tasks like security questionnaires while maintaining strict governance and human-in-the-loop controls.

Topics

  • AI Agents
  • Cybersecurity
  • Automated Compliance
  • Data Privacy
  • Governance
  • Risk Management
  • Software Automation
  • Machine Learning

Highlights

  • Main idea: AI agents are transforming security from a manual cost center into a data-driven business enabler by automating repetitive evidence collection
  • Failure mode: Uncontrolled agent access can lead to 'data walking out the door' through unintended scraping or unauthorized tool integrations
  • Practical takeaway: Implement a tiered risk approach, starting with read-only permissions and sandboxed environments before allowing write-access automation
  • Design principle: Prioritize high-confidence responses; it is better for an agent to refuse an answer than to provide a hallucinated or inaccurate security claim
  • Practical takeaway: Use 'human-in-the-loop' patterns, such as routing complex queries to Slack, to ensure expert oversight of automated outputs

Chapters

  1. 1:00 The Double-Edged Sword of AI Agents: An exploration of how AI agents simultaneously empower cybersecurity defenders and provide new advanced capabilities to attackers.
  2. 7:40 Hidden Risks in Data Integration: The dangers of unintended data scraping and the risks associated with third-party AI integrations pulling in sensitive internal sources.
  3. 14:10 Engineering for High-Confidence AI: Why quality is the primary feature in AI products and why agents should be designed to refuse answers when confidence is low.
  4. 17:30 Automating Security Questionnaires: How Vanta uses agents to parse complex documents and automate the repetitive work of responding to vendor security reviews.
  5. 30:50 Multi-Agent Orchestration: Using sub-agents and tool calls to handle complex, high-value queries that require human clarification via Slack.
  6. 37:20 Managing Risk in Enterprise Environments: Strategies for deploying AI automation in large enterprises, focusing on read-only use cases and user opt-ins.
  7. 40:40 Security as a Business Driver: Moving beyond the 'cost center' mindset by using AI to demonstrate the tangible value of security controls to executives.