AICybersecurity

Amazon's Steve Schmidt on AI Agents Gone Rogue (Live at HumanX) | Equity Podcast

TechCrunch
TechCrunchMay 13, 2026

Why It Matters

Companies face faster, wider-ranging cyber risk as AI proliferates; without agent-level identity, logging and governance, firms will struggle with compliance, incident response and preventing large-scale data exposure. Rapid adoption means security teams must rearchitect controls and monitoring now or be repeatedly outpaced by adversaries.

Summary

Amazon CSO Steve Schmidt told a HumanX audience that AI is materially reshaping the threat landscape by empowering low-skill adversaries and enabling state actors to scale attacks, compressing defenders’ reaction windows from hours to minutes or seconds. He warned that autonomous agents running on employee machines create a new internal-risk vector because a single compromised agent can access broad, sensitive data. Amazon’s response is to treat agents as first-class identities—assigning unique IDs, tying actions back to calling humans, and logging behavior to support forensics, governance and model training. Schmidt argued defenders must inventory AI usage, embed AI into detection and response, and build permissioned containment around agentic identities.

Original Description

AI may be changing how companies build, but it's also changing how they get attacked, often by their own tools. Amazon Chief Security Officer Steve Schmidt has watched threat actors at every skill level get sharper, faster, and harder to contain. The risk he's most focused on, however, isn't coming from outside the firewall.
On this episode of TechCrunch's Equity podcast, we're bringing you a conversation Rebecca Bellan had with Schmidt at the HumanX conference in San Francisco. The two dug into what AI is already doing to the threat landscape and how Amazon is rethinking identity, containment, and human oversight to keep agents in check.
Subscribe to Equity on YouTube, Apple Podcasts, Overcast, Spotify and all the casts. You also can follow Equity on X and Threads, at @EquityPod.
Chapters:
00:00 Intro
01:05 How AI is leveling up threat actors at every skill level
02:16 The internal risk: shadow AI and the "open Claude on your laptop" problem
04:44 Agentic identity and why Amazon traces every action back to a human
07:18 Guardrails as an attack surface
09:50 Containment architecture: why agents should never run free
12:42 Human-in-the-loop and contingent authorization at Amazon
14:58 Security advice for startups: know what you have, label it early
18:35 Do startups actually need a CISO?
19:29 Outro

Comments

Want to join the conversation?

Loading comments...