Your AI Agents Are the New Insider Threat. Three CISOs Just Said It Out Loud.

Jack Cherkas, CISO at Syntax, says AI agents will be the biggest insider threat if companies do not put identity controls in place. Wendi Whitmore at Palo Alto Networks calls AI agents "the new insider threat" without qualification. And Security Boulevard just published a piece documenting how a single compromised AI coding assistant nearly wiped an organization's entire AWS infrastructure — EC2 instances, S3 buckets, IAM users — all because the agent had inherited its human's permissions. The Amazon Q VS Code incident from July 2025 is the one that should keep you up at night. A malicious pull request got into the extension. The AI assistant — trusted, embedded, operating with the developer's full credentials — was told to delete everything. And it tried. The Permission Inheritance Problem Here is what every enterprise deploying AI agents is doing right now: giving agents the same credentials their human operators have. An RPA bot that processes invoices gets admin rights because it n