Why Identity Must Come First in the Age of AI Agents | A Black Hat SecTor 2025 Conversation with ...
1When we talk about AI at cybersecurity conferences these days, one term is impossible to ignore: agentic AI. But behind the excitement around AI-driven productivity and autonomous workflows lies an unresolved—and increasingly urgent—security issue: identity.
In this episode, Sean Martin and Marco Ciappelli speak with Cristin Flynn Goodwin, keynote speaker at SecTor 2025, about the intersection of AI agents, identity management, and legal risk. Drawing from decades at the center of major security incidents—most recently as the head cybersecurity lawyer at Microsoft—Cristin frames today’s AI hype within a longstanding identity crisis that organizations still haven’t solved.
Why It Matters Now
Agentic AI changes the game. AI agents can act independently, replicate themselves, and disappear in seconds. That’s great for automation—but terrifying for risk teams. Cristin flags the pressing need to identify and authenticate these ephemeral agents. Should they be digitally signed? Should there be a new standard body managing agent identities? Right now, we don’t know.
Meanwhile, attackers are already adapting. AI tools are being used to create flawless phishing emails, spoofed banking agents, and convincing digital personas. Add that to the fact that many consumers and companies still haven’t implemented strong MFA, and the risk multiplier becomes clear.
The Legal View
From a legal standpoint, Cristin emphasizes how regulations like New York’s DFS Cybersecurity Regulation are putting pressure on CISOs to tighten IAM controls. But what about individuals? “It’s an unfair fight,” she says—no consumer can outpace a nation-state attacker armed with AI tooling.
This keynote preview also calls attention to shadow AI agents: tools employees may create outside the control of IT or security. As Cristin warns, they could become “offensive digital insiders”—another dimension of the insider threat amplified by AI.
Looking Ahead
This is a must-listen episode for CISOs, security architects, policymakers, and anyone thinking about AI safety and digital trust. From the potential need for real-time, verifiable agent credentials to the looming collision of agentic AI with quantum computing, this conversation kicks off SecTor 2025 with urgency and clarity.
Catch the full episode now, and don’t miss Cristin’s keynote on October 1.
___________
Guest:
Cristin Flynn Goodwin, Senior Consultant, Good Harbor Security Risk Management | On LinkedIn: https://www.linkedin.com/in/cristin-flynn-goodwin-24359b4/
Hosts:
Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.com/ (https://www.seanmartin.com/)
Marco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com/ (https://www.marcociappelli.com/)
___________
Episode Sponsors
ThreatLocker: https://itspm.ag/threatlocker-r974
BlackCloak: https://itspm.ag/itspbcweb
___________
Resources
Keynote: Agentic AI and Identity: The Biggest Problem We're Not Solving: https://www.blackhat.com/sector/2025/briefings/schedule/#keynote-agentic-ai-and-identity-the-biggest-problem-were-not-solving-49591
Learn more and catch more stories from our SecTor 2025 coverage: https://www.itspmagazine.com/cybersecurity-technology-society-events/sector-cybersecurity-conference-toronto-2025
New York Department of Financial Services Cybersecurity Regulation: https://www.dfs.ny.gov/industry_guidance/cybersecurity
Good Harbor Security Risk Management (Richard Clarke’s firm): https://www.goodharbor.net/
Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage
Want to share an Event Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf
Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us
___________
KEYWORDS
cristin flynn goodwin, sean martin, marco ciappelli, sector, microsoft, ai, identity, agents, ciso, quantum, event coverage, on location, conference
Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com (https://pcm.adswizz.com/) for information about our collection and use of personal data for advertising.