AI Is the Biggest Cyber Threat — Only Okta’s AI Security Playbook can safe you

Jack Hirsch, Head of AI Products at Okta ($15B market cap), reveals the wildest AI cybersecurity threats. He shares why AI agents are the biggest security blindspot, and explains his controversial take on why traditional PM experience is bad founder preparation. Transcript: https://www.news.aakashg.com/p/jack-hirsch-podcast Timestamps: 00:00 Intro 02:02: Wildest AI Cybersecurity Threats 04:27 Moment AI Changed Security 06:32 How AI Agents Change Security Equation 11:14 Most Dangerous AI Threats 14:16 Okta's AI Threat Detection System 18:10 Ads 19:50 Okta's AI Security Playbook Revealed 22:15 T-Shaped Identity Strategy Breakdown 26:42 One Thing Every Company Must Do This Year 31:37 Ads 33:16: How to Handle AI Security Threats 40:09 Building AI-Secure Products at Okta 46:47 Fundamental AI Product Development Principles 01:06:29 Butter.ai Startup Story (2015) 01:19:18 Why Evernote Failed Despite Early Success 01:20:48 Hustling Into PM at Evernote 01:26:51 Personal Identity Protection Guide 1:30:36 Outro Thanks to our sponsors: 1. Amplitude: The market-leader in product analytics: https://amplitude.com/session-replay?utm_campaign=session-replay-launch-2025&utm_source=linkedin&utm_medium=organic-social&utm_content=productgrowthpodcast 2. The AI Evals Course for PMs: Get $1155 off with code ‘ag-evals’: https://maven.com/parlance-labs/evals?promoCode=ag-evlas 3. The AI PM Certificate: The #1 AI PM certificate: https://maven.com/product-faculty/ai-product-management-certification?promoCode=AAKASH550C7 4. Kameleoon: Leading AI experimentation platform: http://www.kameleoon.com/ ---- Key takeaways: 1. Identity is Everything: Over 80% of breaches stem from identity attacks, not device or network vulnerabilities. You cannot get security right without getting identity right - this is the new reality. 2. DPRK Infiltration Operations: North Korean agents are passing full interview processes, getting hired, having laptops shipped to device farms, and operating as inside threats within major organizations. 3. AI Agents = Security Blindspot: Companies deploy AI agents en masse without treating them as identities requiring access management. JP Morgan's CISO called this out as the biggest current threat vector. 4. Help Desk Social Engineering: Attackers use AI voice cloning and deepfakes to impersonate employees calling help desk for password resets, MFA bypasses, and account access - often successfully. 5. Session Security Over Time: Authentication degrades after login. Okta focuses on continuous session monitoring and risk signal sharing between security vendors rather than constant MFA prompts. 6. T-Shaped Identity Strategy: Deep identity security (phishing-resistant auth, lifecycle management, risk sharing) plus broad integration across all enterprise systems - not just SSO and MFA. 7. Cross-App Access Standard: New OAuth standard allows AI agents to inherit user permissions across enterprise apps without individual OAuth dances for thousands of employees. 8. Essential vs Discretionary AI: Essential AI (bot detection, fraud prevention) stays always-on. Discretionary AI (log summaries, access reviews) gives customers opt-out control for compliance. 9. AI Product Principles: Accelerate don't abdicate, solve real problems before prototyping, ignore AI hype cycle. Use AI as thought partner, not replacement for product judgment and domain expertise. 10. Personal Security Stack: Lock credit reports immediately, use password manager with unique passwords, enable passkeys everywhere, lock phone number with carrier PIN to prevent SIM swapping attacks. ---- Where to find Jack: LinkedIn: https://www.linkedin.com/in/jackhirsch/ Okta: https://www.okta.com Where to find Aakash: Twitter: twitter.com/aakashg0 LinkedIn: linkedin.com/in/aagupta/ Newsletter: news.aakashg.com #cybersecurity #ai #productmanagement About Product Growth: The world's largest podcast focused solely on product + growth, with over 187K listeners. Hosted by Aakash Gupta, who spent 16 years in PM, rising to VP of product, this 2x/week show covers product and growth topics in depth. Subscribe and turn on notifications to get more videos like this.

Aakash GuptahostJack Hirschguest

Sep 22, 20251h 31mWatch on YouTube ↗

EPISODE INFO

Released: September 22, 2025
Duration: 1h 31m
Channel: Aakash Gupta
Watch on YouTube: ▶ Open ↗

EPISODE DESCRIPTION

Jack Hirsch, Head of AI Products at Okta ($15B market cap), reveals the wildest AI cybersecurity threats. He shares why AI agents are the biggest security blindspot, and explains his controversial take on why traditional PM experience is bad founder preparation. Transcript: https://www.news.aakashg.com/p/jack-hirsch-podcast Timestamps: 00:00 Intro 02:02: Wildest AI Cybersecurity Threats 04:27 Moment AI Changed Security 06:32 How AI Agents Change Security Equation 11:14 Most Dangerous AI Threats 14:16 Okta's AI Threat Detection System 18:10 Ads 19:50 Okta's AI Security Playbook Revealed 22:15 T-Shaped Identity Strategy Breakdown 26:42 One Thing Every Company Must Do This Year 31:37 Ads 33:16: How to Handle AI Security Threats 40:09 Building AI-Secure Products at Okta 46:47 Fundamental AI Product Development Principles 01:06:29 Butter.ai Startup Story (2015) 01:19:18 Why Evernote Failed Despite Early Success 01:20:48 Hustling Into PM at Evernote 01:26:51 Personal Identity Protection Guide 1:30:36 Outro Thanks to our sponsors:
1. Amplitude: The market-leader in product analytics: https://amplitude.com/session-replay?utm_campaign=session-replay-launch-2025&utm_source=linkedin&utm_medium=organic-social&utm_content=productgrowthpodcast
1. The AI Evals Course for PMs: Get $1155 off with code ‘ag-evals’: https://maven.com/parlance-labs/evals?promoCode=ag-evlas
1. The AI PM Certificate: The #1 AI PM certificate: https://maven.com/product-faculty/ai-product-management-certification?promoCode=AAKASH550C7
1. Kameleoon: Leading AI experimentation platform: http://www.kameleoon.com/ ---- Key takeaways:
1. Identity is Everything: Over 80% of breaches stem from identity attacks, not device or network vulnerabilities. You cannot get security right without getting identity right - this is the new reality.
1. DPRK Infiltration Operations: North Korean agents are passing full interview processes, getting hired, having laptops shipped to device farms, and operating as inside threats within major organizations.
1. AI Agents = Security Blindspot: Companies deploy AI agents en masse without treating them as identities requiring access management. JP Morgan's CISO called this out as the biggest current threat vector.
1. Help Desk Social Engineering: Attackers use AI voice cloning and deepfakes to impersonate employees calling help desk for password resets, MFA bypasses, and account access - often successfully.
1. Session Security Over Time: Authentication degrades after login. Okta focuses on continuous session monitoring and risk signal sharing between security vendors rather than constant MFA prompts.
1. T-Shaped Identity Strategy: Deep identity security (phishing-resistant auth, lifecycle management, risk sharing) plus broad integration across all enterprise systems - not just SSO and MFA.
1. Cross-App Access Standard: New OAuth standard allows AI agents to inherit user permissions across enterprise apps without individual OAuth dances for thousands of employees.
1. Essential vs Discretionary AI: Essential AI (bot detection, fraud prevention) stays always-on. Discretionary AI (log summaries, access reviews) gives customers opt-out control for compliance.
1. AI Product Principles: Accelerate don't abdicate, solve real problems before prototyping, ignore AI hype cycle. Use AI as thought partner, not replacement for product judgment and domain expertise.
1. Personal Security Stack: Lock credit reports immediately, use password manager with unique passwords, enable passkeys everywhere, lock phone number with carrier PIN to prevent SIM swapping attacks. ---- Where to find Jack: LinkedIn: https://www.linkedin.com/in/jackhirsch/ Okta: https://www.okta.com Where to find Aakash: Twitter: twitter.com/aakashg0 LinkedIn: linkedin.com/in/aagupta/ Newsletter: news.aakashg.com #cybersecurity #ai #productmanagement About Product Growth: The world's largest podcast focused solely on product + growth, with over 187K listeners. Hosted by Aakash Gupta, who spent 16 years in PM, rising to VP of product, this 2x/week show covers product and growth topics in depth. Subscribe and turn on notifications to get more videos like this.

SPEAKERS

Aakash Gupta
host
Host of the Aakash Gupta podcast/channel covering product, growth, and tech.
Jack Hirsch
guest
AI product leader at Okta focused on identity and security.

EPISODE SUMMARY

In this episode of Aakash Gupta, featuring Aakash Gupta and Jack Hirsch, AI Is the Biggest Cyber Threat — Only Okta’s AI Security Playbook can safe you explores okta’s identity-first playbook for AI-era cybersecurity and product building AI is accelerating identity-centric attacks—from DPRK “employees” and help-desk social engineering to phishing kits generated with coding assistants—making identity the primary breach vector.

RELATED EPISODES