This week on Shared Security, Tom and Kevin sit down with Jay Beale — founder of InGuardians, long-time Black Hat trainer, creator/contributor behind Kubernetes security training, and part of the team behind the DEF CON Kubernetes CTF. Jay shares stories from decades of offensive security work, including the time Tom hired him for a physical penetration test and Jay somehow ended up inside a call center instead of stuck in the lobby. The crew also digs into what makes good security training, why Kubernetes is such a natural platform for both defenders and attackers to understand deeply, and how the DEF CON Kubernetes CTF is designed to be welcoming for both competitors and learners. The episode closes with a practical look at AI infrastructure risk. Jay explains how production AI stacks running on Kubernetes can be attacked like any other cluster — and how modifying a vector database behind a RAG system can turn indirect prompt injection into a persistent, high-impact attack path.

** Links mentioned on the show **

Jay's Black Hat USA Course: Agentic AI-aided Kubernetes Attack and Defense
https://blackhat.com/us-26/training/schedule/index.html?day=4daysattue#agentic-ai-aided-kubernetes-attack-and-defense-51318

Jay Beale on LinkedIn
https://www.linkedin.com/in/jaybeale/

InGuardians
https://www.inguardians.com/

DEF CON
https://defcon.org/

** Watch this episode on YouTube **

https://youtu.be/aMHk62dprDA

** Become a Shared Security Supporter **

Get exclusive access to bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today by going to our YouTube channel's membership section: https://www.youtube.com/channel/UCg9CCDIYkDDqwEZ3UYaxjnA/join

** Thank you to our sponsors! **

SLNT

Visit slnt.com to check out SLNT's amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code "sharedsecurity".

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast
Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social
Follow us on Mastodon: https://infosec.exchange/@sharedsecurity
Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/
Visit our website: https://sharedsecurity.net
Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe
Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe
Leave us a rating and review: https://ratethispodcast.com/sharedsecurity
Contact us: https://sharedsecurity.net/contact

AI agents are useful, but they become risky when they can take action in real systems. In this episode, Tom Eston discusses recent reporting about attackers tricking Meta’s AI support chatbot into helping hijack Instagram accounts, and why that story matters far beyond social media. Tom explains practical guardrails for AI agents: read-only access first, human approval for consequential actions, separated accounts and contexts, prompt-injection awareness, least privilege, logging, monitoring, and adversarial testing for support and account recovery workflows.

Special thanks to Guardsquare for sponsoring this episode! Guardsquare is the leader in mobile application security, with multi-layered protection for your Android and iOS apps. Learn more at Guardsquare.com.

** Links mentioned on the show **

Podcast: Hackers Asked Meta AI To Let Them In. It Worked
https://www.404media.co/podcast-hackers-asked-meta-ai-to-let-them-in-it-worked/

The Verge summary of the Meta/Instagram AI support chatbot exploit
https://www.theverge.com/tech/941179/meta-instagram-ai-support-chatbot-exploit-hacked

** Watch this episode on YouTube **
https://youtu.be/TL3MGnI4hUU

** Become a Shared Security Supporter **

Get exclusive access to bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Become a supporter today by going to our YouTube channel’s membership section: https://www.youtube.com/channel/UCg9CCDIYkDDqwEZ3UYaxjnA/join

** Thank you to our sponsors! **

SLNT

Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”.

** Subscribe and follow the podcast **

Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast

Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social

Follow us on Mastodon: https://infosec.exchange/@sharedsecurity

Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/

Visit our website: https://sharedsecurity.net

Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe

Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe

Leave us a rating and review: https://ratethispodcast.com/sharedsecurity

Contact us: https://sharedsecurity.net/contact

The post Guarding AI Agents: Boundaries and Safeguards appeared first on Shared Security Podcast.