What happens when an AI agent inside your company starts behaving like an insider threat? In part two, Steve Moore picks the thread back up with former FBI operative Eric O'Neill to explore how agentic AI is rewriting cybersecurity, the legal traps that follow a breach, and why the modern CISO must think like a spy hunter.
Eric opens with a sobering reality: ransomware victims who decline to pay are re-attacked at staggering rates. He explains why criminals treat cybercrime as a business, invest weeks in reconnaissance—mapping SharePoint, harvesting file trees, and studying access patterns—and why a botched recovery hands them the same door twice.
The conversation turns to the new insider threat hiding in plain sight: rogue AI agents. Eric shares a real case in which one executive's casual query exposed the next round of layoffs and triggered coordinated lawsuits. They unpack how agents inherit excessive access, how attackers hijack them once inside, and why organizations are now building insider-threat programs to monitor AI behavior.
Eric argues AI is an accelerant on every unresolved problem—weak identity management, entitlement drift, missing asset inventories, and absent data classification. They debate whether IT and security should be unified under the CISO, why the CISO needs a direct line to the board, and the legal landmines that follow a breach, from cyber insurance to the “reasonable steps” standard.
The episode closes with Eric's advice for any new CISO: put “spy hunter” on your resume. Counterintelligence, not perimeter defense, is the discipline that wins today. Tune in for part two of a story-driven conversation on why preparation, mindset, and threat hunting beat any single technology.
Key Topics
• Why ransomware victims who decline to pay get re-attacked
• How attackers map SharePoint, file trees, and access patterns
• The new insider threat: rogue and hijacked AI agents
• A real case of an AI agent exposing an HR layoff list
• Shadow IT and the cost of banning AI outright
• Permission structures and second-level reviews for agent actions
• Why AI exposes gaps in identity, asset, and data classification
• Unifying IT and security under the CISO
• Why the CISO needs a direct line to the board
• Legal traps: cyber insurance, reasonable steps, and missed alerts
• The CISO as counterintelligence officer and spy hunter
Guest Bio
Eric O'Neill is a former FBI counterintelligence operative, attorney, and bestselling author who helped bring down Robert Hanssen—the most damaging spy in FBI history. He is the founder of NeXasure AI and co-founder of The Georgetown Group, and his undercover work was dramatized in the film Breach. Eric is the author of Gray Day and Spies, Lies, and Cybercrime.
Connect with Eric on LinkedIn or at ericoneill.net.
GET A DEMO:
👉 Get a hands-on demo of the Exabeam products: https://www.exabeam.com/dem
🔔 Subscribe for more product demos and cybersecurity insights!
ABOUT EXABEAM:
Exabeam is the leader in behavior intelligence for the agentic enterprise. As organizations deploy digital workers and confront machine-speed adversaries, Exabeam applies agent-powered analytics to understand and govern the behavior of both human and non-human insiders. With integrated Exabeam Nova cybersecurity agents, Exabeam delivers flexible, industry-proven solutions for insider threat coverage of humans and agents and faster, more accurate threat detection, investigation, and response (TDIR). As the pioneer of user and entity behavior analytics (UEBA) and the innovator behind Agent Behavior Analytics (ABA), Exabeam is trusted by more than 3,000 enterprises worldwide to reduce risk, secure the digital workforce, and accelerate security operations. Learn more at www.exabeam.com.
Exabeam: Real Intelligence. Real Security. Real Fast.
CONNECT WITH US:
X: https://x.com/exabeam
LinkedIn: https://www.linkedin.com/company/exabeam/
Blog: https://www.exabeam.com/blog/