DOP 358: Just-in-Time Access for AI Agents
Show Notes
#358: Production is on fire. You need access to one table you have never touched. So you file an access request, then phone the desk to say you filed it, then Slack them to say you phoned, then walk over to say you Slacked. Twenty-five minutes later the incident has resolved itself and the customer has already left.
That is the setup, and Ofir Stein has lived the other side of it. He is the CTO and co-founder of Apono, and before that he was an engineering leader who felt the same pain every day - not because he hated security, but because he hated being blocked. There is a difference, and the whole conversation turns on it. Put productivity on one side, security risk on the other, and access management in the middle. Tighten one and you starve the other. Nobody wants to be slower and nobody wants to be breached, so the honest answer is there is no clean answer.
Then AI agents show up and break the last assumption standing. Software used to be deterministic - your computer could not decide to do something other than what it was told. LLMs can. They can be socially engineered the way people are. Ofir’s team built a full AWS environment run by AI agents, opened a Discord channel, and invited anyone to try to trick them. People could. That is the new attack surface, and it moves at machine speed - far too fast for the access reviews and approval chains built for humans.
The guardrails everyone is now scrambling to build for agents should have been there for humans all along. Access is the one thing in your stack that never went dynamic. Servers scale up and down, pipelines rebuild everything, and then access is a static policy someone set two weeks ago when security sat with your manager and guessed what you would need. That is the opposite of how the rest of DevOps works. Ofir’s argument is that access should change with context - who you are, whether you are on call, whether there is an open incident - evaluated in real time. For a human that is a faster request. For an AI agent, the decision has to live inside the loop, made by silicon, because no person can approve thousands of operations a minute.
If access is per-operation and every operation is already a specific API call, what is left to scope? If the business context changes by the minute, how do you write guardrails in advance? And once the human is out of the loop, are you not just left with one AI deciding what another AI is allowed to do? Ofir does not pretend that part is solved. What he is sure of is the direction: the doors at the mall open when you walk up and close when you leave, and you never think about them. That is where access is headed - and there is a lot of road between here and there.
Episode Transcript
Share and Download
Guests
Ofir Stein
Ofir Stein is the CTO and Co-Founder of Apono, a modern access security platform built on just-in-time, dynamic privilege access management. Ofir brings over 15 years of experience in infrastructure and security, beginning with his service in the Israeli Air Force before moving into technology roles spanning on-prem, cloud-native, and AI-driven environments.
Apono was founded after Ofir and his co-founder conducted extensive interviews with CISOs and security professionals, surfacing a critical gap: access management represented the primary attack vector for bad actors, yet existing solutions were slow to implement and slow to deliver value. Ofir and his co-founder built Apono to address that directly. He is based in Tel Aviv, Israel.
Hosts
Viktor Farcic
Viktor Farcic is a member of the Google Developer Experts and Docker Captains groups, and published author.
His big passions are DevOps, Containers, Kubernetes, Microservices, Continuous Integration, Delivery and Deployment (CI/CD) and Test-Driven Development (TDD).
He often speaks at community gatherings and conferences.
He has published DevOps Paradox and Test-Driven Java Development.
His random thoughts and tutorials can be found in his blog The DevOps Toolkit.