This session begins with a true story from Mr. NHI, drawn from hands-on practitioner experience inside a global financial institution. An instance of inappropriate NHI use, well-intentioned, unmanaged, and underestimated, led to a major business-impacting incident. What followed was not a breach in the traditional sense, but the creation of a large-scale NHI governance and control program.

Years later, that incident feels less like an anomaly and more like a warning shot. 

As Vibe Coding tools, Shadow AI, and autonomous Agentic AI proliferate inside organisations, we are quietly redefining what an “insider” really is. Humans no longer act alone - they delegate, automate, and amplify intent through non-human agents, often outside formal controls, visibility, and accountability.

This talk explores how AI agents fundamentally change the insider threat model, why traditional security assumptions are already obsolete, and why the most significant risks ahead may come not from attackers on the outside, but from amplified capability misuse on the inside.