{"podcast":{"title":"The Stack Overflow Podcast","slug":"the-stack-overflow-podcast","podcast_index_feed_id":450923,"rss_url":"https://rss.art19.com/the-stack-overflow-podcast","website_url":"https://art19.com/shows/the-stack-overflow-podcast","image_url":"https://content.production.cdn.art19.com/images/f1/4b/a2/43/f14ba243-6fa1-48bc-88bb-16b5e90e01cf/9ab8462ecb3182c5303998dc1a19385c2c816946f95a9fa658457e657e3ea170cac950b4c623a4447028d0e31bb3b3e2ec62ad0b4d3fe42f5bc0419c6d811c9d.jpeg","author":"The Stack Overflow Podcast","episode_count":939,"summary":"For well over a decade, the Stack Overflow Podcast has been exploring what it means to be a developer and how the art and practice of software engineering is changing our world. From creating code to running it in production, we host important conversations and fascinating guests that will help you understand how technology is made and where it’s headed. Hosted by Ryan Donovan, the Stack Overflow Podcast is your home for all things software.","last_synced_at":null,"page_url":"https://stenobird.com/podcast/the-stack-overflow-podcast"},"episode":{"title":"Prevent agentic identity theft","slug":"prevent-agentic-identity-theft","published_at":"2026-03-27T04:30:00+00:00","page_url":"https://stenobird.com/podcast/the-stack-overflow-podcast/prevent-agentic-identity-theft","show_page_url":"https://stenobird.com/podcast/the-stack-overflow-podcast","url":"https://rss.art19.com/episodes/35568da5-4910-4311-9953-be924436b1df.mp3?rss_browser=BAhJIg90cmFuc2NyaWJyBjoGRVQ%3D--952c5701c84ad333c69d5faa668f8177091704f0","audio_url":"https://rss.art19.com/episodes/35568da5-4910-4311-9953-be924436b1df.mp3?rss_browser=BAhJIg90cmFuc2NyaWJyBjoGRVQ%3D--952c5701c84ad333c69d5faa668f8177091704f0","summary":"As AI agents move from the cloud to local environments, they introduce massive security risks to personal and professional files. This discussion explores how to implement identity verification and credential brokering to prevent autonomous agents from misusing sensitive access.","meta_description":"Learn how to secure local AI agents using zero-knowledge architecture, identity brokering, and runtime signals to prevent agentic identity theft.","key_points":["Main idea: Local agents running on personal or work machines significantly expand the 'blast radius' of potential security breaches","Practical takeaway: Move from 'giving' credentials to 'brokering' access, providing time-limited, single-room permissions instead of master keys","Failure mode: Relying on long-lived credentials for autonomous agents allows for massive damage if the agent hallucinates or is compromised","Technical strategy: Utilize zero-knowledge architecture and public/private key pairs to ensure even the service provider cannot access sensitive data","Future outlook: The security of the next generation of AI will depend on verifiable digital credentials and post-quantum cryptography"],"chapters":[{"start_ms":60000,"title":"Engineering Roots","summary":"Nancy Wang discusses her background in engineering and her interest in how complex systems are built and deconstructed."},{"start_ms":180000,"title":"The Risk of Local Agents","summary":"An analysis of why running agents on local machines creates a massive security risk for files, repos, and terminals."},{"start_ms":290000,"title":"Managing Agent Swarms","summary":"A look at the challenges of governing access when dealing with large numbers of simultaneous autonomous agents."},{"start_ms":390000,"title":"Verifiable Digital Credentials","summary":"Exploring the necessity of verifying the identity of an agent through digital credentials and passkeys."},{"start_ms":500000,"title":"The Arms Race of Hallucinations","summary":"How the unpredictability and potential for misuse in AI models create a new frontier for cybersecurity threats."},{"start_ms":610000,"title":"Securing the Keys to the Kingdom","summary":"The importance of protecting API keys and credentials as the primary choke point for agent security."},{"start_ms":715000,"title":"Brokering vs. Giving Access","summary":"A strategy for using temporary, scoped access tokens instead of handing over permanent master keys."},{"start_ms":825000,"title":"Zero-Knowledge Architecture","summary":"How public and private key combinations create a secure vault that protects user data from unauthorized access."}],"topics":["AI Agents","Cybersecurity","Identity Management","Zero-Knowledge Architecture","Credential Brokering","Local Computing","Software Engineering","Post-Quantum Cryptography"],"duration_seconds":1511,"processing_state":"processed","actions":[{"name":"request_transcript","method":"POST","url":"https://stenobird.com/v1/public/podcasts/the-stack-overflow-podcast/episodes/prevent-agentic-identity-theft/transcription-requests","description":"Idempotently request low-priority transcript generation for this episode."},{"name":"read_markdown","method":"GET","url":"https://stenobird.com/podcast/the-stack-overflow-podcast/prevent-agentic-identity-theft.md","description":"Read the agent-friendly Markdown representation of this episode resource."}]}}