Listen to our latest episode, Can IAM handle AI? → https://ibm.biz/Bdpqkb

Does your AI agent talk too much? It’s not just an annoying habit—it’s a security concern. 

On this episode of Security Intelligence, Sridhar Muppidi, Claire Nuñez and Dave Bales join me to discuss Guardio’s research into “agentic blabbering,” and how attacks can use an agent’s reasoning process against it.  

In experiments with the agentic Perplexity Comet browser, Guardio researchers were able to design foolproof phishing websites just by listening to agent’s running monologue as it traversed the web.  

What does it mean for agentic security when sophisticated AI reasoning processes can be weaponized? 

Then, we chat about Microsoft Azure CTO Mark Russinovich’s discovery that Claude Opus can reverse engineer 40-year-old (practically ancient, by software standards) code. Did AI just expand the attack surface to include every compiled binary ever written? 

Plus: Contrast Security CISO David Lindner claims that shift left has failed. Dramatic increases in the exploitation go vulnerable code—confirmed by the IBM Threat Intelligence Index 2026, among many other reports—suggest he might be onto something. But is there more to the story? 

And, finally, we dig into two new pieces of research from IBM X-Force: One about a new piece of AI-generated malware, and another about reframing how we think about authentication.  

All that and more on Security Intelligence. 

00:00 -- Introduction 
1:19 -- Perplexity Comet’s “agentic blabbering” 
13:06 -- AI resurrects old vulnerabilities 
21:28 -- Did shift left fail? 
30:05 -- AI slop and the post-auth perimeter 

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity. 

Read more about “Slopoly” → https://ibm.biz/Bdpqk8

#PerplexityComet #AIagentsecurity #DevOps

IBM Technology

IBM's Security Intelligence podcast covers four cybersecurity topics: Guardio researchers discovered that Perplexity Comet's agentic AI internal monologue ('agentic blabbering') can be intercepted via a Burp Suite sniffer and fed to another AI to craft phishing sites that bypass Comet's detection. Microsoft Azure CTO Mark Russinovich used Claude Opus to find latent vulnerabilities in 40-year-old Apple II code, raising concerns about AI exposing decades of security-through-obscurity. The panel debates whether 'shift left' failed, concluding the philosophy is sound but implementation was poor — security needs to shift everywhere with top-down and bottom-up loops. Finally, IBM X-Force research on 'Sloppily' (likely AI-generated malware) and the 'post-auth perimeter' concept highlights that low-sophistication AI-generated malware lowers the barrier for attackers, and that authenticated API access is the real attack surface organizations must defend.

Perplexity Comet, agentic blabbering, and the shift-left failure