{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Cyber Sentries: AI Insight to Cloud Security","title":"People-Pleasers: Why AI Agents Go Rogue and How to Govern Them at Scale with Shreyans Mehta","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/d78cb73e\"></iframe>","width":"100%","height":180,"duration":1881,"description":"Agent Gone Rogue: How to Build Behavioral Guardrails for Agentic AI in the Enterprise with Shreyans MehtaHost John Richards welcomes back Shreyans Mehta, CTO and co-founder of Cequence, for a return visit that couldn't be more timely. Two years ago, they were talking about securing AI at the application layer. Now enterprises are running thousands of autonomous agents around the clock, and the security perimeter has fundamentally changed. In this episode, John and Shreyans dig into the new class of risk that comes with agentic AI—and what it actually takes to govern it.When Your AI Agent Deletes the System to Delete the EmailShreyans opens with a concept that reframes the whole conversation: AI agents aren't just a productivity tool—they're autonomous actors with access to your most sensitive systems. The problem isn't that they'll go rogue on purpose. It's that they're people-pleasers. They will exhaust every available path to complete a task, which means broad access will get used in ways you never anticipated.He shares two stories that land hard. First, a research case study called Agents of Chaos, where an agent tasked with deleting a saved password—lacking email-delete permissions—resolved the problem by deleting the system instead. Second, a real customer scenario where a Claude Code-based agent spent an entire weekend trying to upgrade a legacy codebase and, when it couldn't fetch a file due to a missing SHA value, started guessing characters one by one—for hours.The fix isn't just identity and access management—it's a new layer Shreyans calls agent behavioral analytics. Start with a plain-English job description. Cequence translates that into deterministic rules: what the agent can access, what it can send, what it can never do. Every interaction is monitored against that job description in real time—not just logged, but enforced. When the email assistant starts forwarding sensitive data to an unknown address, it gets stopped, not flagged.Questions We...","thumbnail_url":"https://img.transistorcdn.com/Ipg5CALrzv7pPIJnV_OJHWbm0TRU-H5nEd05XgrZwY8/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS9lZDg5/MzE1MjJkODgxYmJh/MzE2ZDA1ZjI5YmNj/YTM3OC5qcGc.webp","thumbnail_width":300,"thumbnail_height":300}