“My background is within the intelligence group, the place we studied insider risk via a well-established lens: ego, ideology, and economics. These motivations haven’t modified. What’s modified is the working setting and who/what qualifies as an insider,” says Chris Cochran, subject CISO and vice chairman of AI security on the SANS Institute.
“It’s now not simply workers. It’s contractors, fraudulent hires who gained entry via identification fraud, and now AI brokers working with persistent, privileged entry,” he says. “A misconfigured agent is a superuser that by no means sleeps. A compromised agent is an adversary with respectable credentials shifting at machine velocity. If it has trusted entry and may act on knowledge, it’s an insider, witting or unwitting.”
The shift to distant work, Cochran provides, additionally eliminated bodily and psychological obstacles to insider dangers. “Downloading knowledge to a private gadget doesn’t really feel like espionage, and that trivialization is the chance,” he says. “Layer on financial stress: Whereas firms freeze hiring and suppress raises, and you’ve got a recipe for witting insider risk at scale.”
