About this episode
Today's EpisodeHere's what's happening right now:Someone can clone your voice from a few YouTube videos and call your help desk pretending to be you.AI can build a perfect fake of your login page in minutes.This isn't some distant future threat. Jack Hirsch, VP of Product at Okta, sees this happening every day. Okta protects millions of logins and Jack has a front-row seat to how AI is completely changing cyber attacks.And the scary part is most PMs have no idea this is happening to their products.That's why I brought Jack on the show. He breaks down what's really happening and what you need to know as someone building products in the AI era.----Brought to you by:* Amplitude: The market-leader in product analytics* The AI Evals Course for PMs: Get $1155 off with code ‘ag-evals’* The AI PM Certificate: The #1 AI PM certificate* Kameleoon: Leading AI experimentation platform----Key Takeaways1. Identity is Everything: Over 80% of breaches stem from identity attacks, not device or network vulnerabilities. You cannot get security right without getting identity right - this is the new reality.2. DPRK Infiltration Operations: North Korean agents are passing full interview processes, getting hired, having laptops shipped to device farms, and operating as inside threats within major organizations.3. AI Agents = Security Blindspot: Companies deploy AI agents en masse without treating them as identities requiring access management. JP Morgan's CISO called this out as the biggest current threat vector.4. Help Desk Social Engineering: Attackers use AI voice cloning and deepfakes to impersonate employees calling help desk for password resets, MFA bypasses, and account access - often successfully.5. Session Security Over Time: Authentication degrades after login. Okta focuses on continuous session monitoring and risk signal sharing between security vendors rather than constant MFA prompts.6. T-Shaped Identity Strategy: Deep identity security (phishing-resistant auth, lifecycle management, risk sharing) plus broad integration across all enterprise systems - not just SSO and MFA.7. Cross-App Access Standard: New OAuth standard allows AI agents to inherit user permissions across enterprise apps without individual OAuth dances for thousands of employees.8. Essential vs
