Who Gave the Agent Admin Rights?! Securing Cloud & AI Machine Identities

There’s a new breed of “users” sneaking into your cloud and they’re not people. API keys, service accounts, CI/CD bots, Kubernetes workloads, and suddenly… AI agents making decisions and calling APIs with zero oversight. At most organisations, these non-human identities (NHIs) now outnumber humans by 50:1, yet still get monitored and governed as an afterthought. And when a machine identity gets admin access?

AI/ML

Application Security

Cloud Security

DevOps

Kubernetes

Platforms

Programming

Security Tooling

SDLC

There’s no phishing required. It just… does things. Silently. At scale.
In this session, we’ll expose the hidden attack surface in modern cloud infrastructure, how autonomous systems gradually accumulate dangerous permissions, why IAM only solves the human half of identity, and how attackers exploit long-lived secrets and blind automation in cloud environments. Drawing from real-world incident response and the emerging Identity Security Fabric (ISF) architecture, you'll learn why traditional IAM fails for machines and how to fix it.

Bodhisattva Das

Bodhisattva Das is a Security Engineer at Rudra Cybersecurity, focused on securing non-human identities, AI agents, and automated workloads across cloud environments. He specialises in open-source threat detection using Wazuh, and builds practical solutions for identity governance and AI-driven security operations. Driven by a passion for digital rights and responsible AI governance, he strives to build secure systems that protect people as technology evolves. Outside of work, he enjoys traveling and exchanging ideas with global tech communities.

NDC { Security }

Who Gave the Agent Admin Rights?! Securing Cloud & AI Machine Identities

Bodhisattva Das