Agent Gone Rogue: How to Build Behavioral Guardrails for Agentic AI in the Enterprise with Shreyans Mehta

Host John Richards welcomes back Shreyans Mehta, CTO and co-founder of Cequence, for a return visit that couldn't be more timely. Two years ago, they were talking about securing AI at the application layer. Now enterprises are running thousands of autonomous agents around the clock, and the security perimeter has fundamentally changed. In this episode, John and Shreyans dig into the new class of risk that comes with agentic AI—and what it actually takes to govern it.

When Your AI Agent Deletes the System to Delete the Email

Shreyans opens with a concept that reframes the whole conversation: AI agents aren't just a productivity tool—they're autonomous actors with access to your most sensitive systems. The problem isn't that they'll go rogue on purpose. It's that they're people-pleasers. They will exhaust every available path to complete a task, which means broad access will get used in ways you never anticipated.

He shares two stories that land hard. First, a research case study called Agents of Chaos, where an agent tasked with deleting a saved password—lacking email-delete permissions—resolved the problem by deleting the system instead. Second, a real customer scenario where a Claude Code-based agent spent an entire weekend trying to upgrade a legacy codebase and, when it couldn't fetch a file due to a missing SHA value, started guessing characters one by one—for hours.

The fix isn't just identity and access management—it's a new layer Shreyans calls agent behavioral analytics. Start with a plain-English job description. Cequence translates that into deterministic rules: what the agent can access, what it can send, what it can never do. Every interaction is monitored against that job description in real time—not just logged, but enforced. When the email assistant starts forwarding sensitive data to an unknown address, it gets stopped, not flagged.

Questions We Answer in This Episode

• Why is identity management alone not enough to secure AI agents?
• What is the token flattening problem, and why does it matter for enterprise security?
• How do you translate a plain-English agent job description into deterministic access controls?
• What does agent behavioral analytics look like in practice—and who owns it inside an organization?

Key Takeaways

• AI agents are already in your environment—the only question is whether you're governing them.
• Every agent needs a job description that converts into deterministic rules, not just an identity token.
• Monitoring must be tied to behavior, not just access logs—and it has to stop bad actions, not just detect them.
• Agent sprawl demands a new security category built for non-human, 24/7 actors.

If your organization is running agentic AI and nobody owns the behavioral layer yet, this episode is a good place to start. The enterprises getting it right aren't waiting for security teams to green-light every agent—they're using tools that translate intent into guardrails automatically. Give it a listen, then check out the resources below.

Resources

• Shreyans Mehta, Cequence: LinkedIn
• Cequence AI Gateway
• Cequence on LinkedIn
• CyberProof
• Learn more about Paladin Cloud
• Got a question? Ask us here!

• (00:00) - Welcome to Cyber Sentries
• (01:08) - Shreyans Mehta
• (01:57) - Changes Since His First Visit
• (04:03) - Finding Ways to Feel More Comfortable
• (11:24) - Getting a Handle on It
• (16:11) - Access and Profiles
• (21:55) - Transitioning to Rules
• (24:24) - How Teams Use This
• (26:49) - Playing Out in the Real World
• (27:49) - Learning More
• (29:07) - Wrap Up

Inside the AI Deepfake Threat

What if the voice confirming your wire transfer wasn't actually your client? Ben Colman, founder and CEO of Reality Defender, joins host John Richards to unpack one of the fastest-growing attack surfaces in cybersecurity: AI-generated deepfakes. Once the exclusive domain of Hollywood studios and nation-state actors, real-time voice and video impersonation is now accessible to anyone with a laptop—and fraudsters are scaling up fast.

From Specialized Hardware to Your Home Computer

Ben traces the evolution from the specialized machinery required six years ago to today's world where anyone can clone a voice with less than five seconds of audio—locally, for free, using open-source models. He walks through the modern fraud landscape, from grandparent scams and bank account takeovers to an eye-opening story about fake job applicants that will make any recruiting team rethink its screening process.

Reality Defender's approach is built for how organizations actually work—plugging directly into call centers, video conferencing platforms, and identity verification tools through a simple API, rather than asking teams to adopt yet another standalone product. Their probabilistic detection models scan in real time across thousands of indicators, all without storing or comparing against any biometric data.

John and Ben also get into the emerging frontier of agentic AI—what happens when you need to authenticate an AI voice agent rather than a human—and how smart permission gates can define exactly what those agents are and aren't allowed to do.

Questions We Answer in This Episode

• How has the barrier to creating convincing deepfakes changed in the last six years?
• What are the most common deepfake fraud vectors hitting businesses and consumers right now?
• How does Reality Defender detect AI-generated media without storing any biometric data?
• What does deepfake defense look like as agentic AI becomes mainstream?

Key Takeaways

• Voice cloning now requires less than five seconds of audio and runs locally on consumer hardware
• Deepfake fraud spans a wide range—from grandparent scams to fake job applicants to wire transfer hijacking
• Real-time detection can plug directly into tools organizations already use, with no new workflow required
• Agentic AI is creating a new category of identity challenge—and the defenses are already being built

The deepfake threat isn't coming—it's already here, hitting call centers, recruiting pipelines, and financial institutions every day. Whether you're a developer looking to integrate detection into your stack or a security leader trying to get ahead of the next wave, this conversation is a essential listen.

Resources

• Reality Defender
• Ben Colman
• Reality Defender on LinkedIn
• Follow Reality Defender on X
• CyberProof
• Learn more about Paladin Cloud
• Got a question? Ask us here!

• (00:04) - Welcome to Cyber Sentries
• (00:35) - Meet Ben Colman, Reality Defender
• (01:23) - Ben’s Beginnings
• (02:36) - Changing Landscape
• (03:57) - What It Looks Like Today
• (05:07) - Differences
• (06:16) - Main Ways Fraud’s Committed
• (09:21) - Way to Tackle It
• (11:07) - Distinguishing the AI
• (13:14) - Response Time
• (14:09) - Recommended Next Steps
• (15:55) - Where It’s Heading
• (19:21) - How to Use as Organization
• (20:52) - Developer Community
• (22:23) - Audio and Video
• (23:34) - Risk Assessment
• (24:41) - Prevalence
• (26:09) - Wrap Up

When “Ship Fast” Meets “Secure by Design” in AI Apps

AI-driven development is moving at breakneck speed—and attackers are taking advantage of the shortcuts. In this episode of Cyber Sentries: AI Insights for Cloud Security, host John Richards sits down with Gaetan Ferry, security researcher at GitGuardian, to unpack how modern AI tooling, MCP servers, and cloud platforms are reshaping the security landscape. The core problem: the same agentic workflows that boost productivity can also multiply identities, credentials, and blast radius if something goes wrong.

After John and Gaetan set the stage, Gaetan walks through a real-world-style vulnerability chain involving smithery.ai, an MCP server registry/hosting platform. It’s a practical look at how “classic” web issues can still show up in brand-new AI ecosystems—and how one small weakness can cascade into bigger supply chain risk. Along the way, they explore why secret sprawl is accelerating, what attackers are hunting for, and why observability is becoming as essential for identities and tokens as it is for infrastructure.

Why MCP Servers, OAuth, and Secret Sprawl Are Colliding

A big theme is the tension between usability and security: teams want agents that can “do everything,” which often means broad permissions and long-lived credentials. Gaetan explains why adopting OAuth is directionally better than static API keys, but still not a silver bullet in a world where agents need delegated access and tokens inevitably “live somewhere.” John pushes on what builders can do now—especially when new frameworks (and new hype cycles) keep resetting hard-won security practices.

The conversation lands on pragmatic guidance: reduce blast radius where you can, inventory identities and secrets, and invest in observability so you can respond fast when—not if—credentials leak. Note: This episode discusses breach scenarios and exploitation chains—be thoughtful about sharing internal security details and incident response specifics.

Questions We Answer in This Episode

• How can a simple web flaw turn into an AI supply chain attack through MCP server hosting?
• Why doesn’t OAuth automatically “solve” agent security and credential risk?
• What does “limiting blast radius” look like when agents need broad permissions to be useful?
• How can observability help you detect and respond to secrets sprawl across AI tools?

Key Takeaways

• Treat MCP servers and agent integrations like critical supply chain dependencies—because they are.
• Prefer short-lived, scoped credentials (OAuth when possible), but plan for token theft scenarios anyway.
• Reduce blast radius with least privilege, separation of duties, and segmented agent access.
• Build identity and secret observability so you can triage and remediate leaks quickly.

The Bottom Line for AI Security Teams in 2026

If you’re experimenting with MCP servers or rolling out agentic workflows, this episode is a timely reminder that fundamentals still win. John and Gaetan make the case that “moving fast” doesn’t have to mean accepting unlimited credential risk—you can ship quickly while still tightening scopes, tracking identities, and watching where secrets spread. Tune in for the real-world examples and the practical mindset shift that helps teams stay productive without becoming the next supply chain headline.

Links & Notes

• GitGuardian
• Connect with Gaetan on LinkedIn
• State of Secrets Sprawl Report 2025
• State of Secrets Sprawl Report 2026 (coming later in March!)
• CyberProof
• Learn more about Paladin Cloud
• Got a question? Ask us here!

• (00:04) - Welcome to Cyber Sentries
• (01:07) - Meet Gaetan Ferry
• (02:19) - Attacks
• (03:17) - Vulnerabilities
• (07:38) - One-Off or Widespread?
• (10:20) - Recommendations to Avoid
• (14:19) - Exploiting
• (16:50) - Resolving
• (23:13) - Path Forward
• (30:53) - Impact
• (34:48) - Year of Supply Chain Attacks
• (35:51) - Wrap Up