Welcome back to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown, supported by Sentilink. I’m James E. Lee, the ITRC’s President, and this is the episode for May 23, 2025.

Earlier this month, I did something I had not done since 2019: I attended the annual geek-fest that is the RSA Conference in San Francisco, which was dominated by discussions on machine identities and data breaches. I spoke on the root causes and impacts of data breaches at a cleverly titled session on “how to cause a data breach.” As it turns out, my host and I stumbled into one of the hot topics of the conference.

Show Notes

Follow on LinkedIn: www.linkedin.com/company/idtheftcenter/
Follow on Twitter: twitter.com/IDTheftCenter

Show Transcript

Welcome back to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown, supported by Sentilink. I’m James E. Lee, the ITRC’s President, and this is the episode for May 23, 2025. Earlier this month, I did something I had not done since 2019: I attended the annual geek-fest that is the RSA Conference in San Francisco, which was dominated by discussions on machine identities and data breaches

Attended by more than 40,000 people from dozens of countries, RSA is one of the world's largest gatherings of cybersecurity and data privacy professionals. I spoke on the root causes and impacts of data breaches at a cleverly titled session on “how to cause a data breach.” As it turns out, my host and I stumbled into one of the hot topics of the conference. 

I’ve been attending RSA for ten years and have never seen a session or vendor booth focused on breaches. This year, breaches were everywhere. There were fliers, PowerPoint slides and banners talking about how to prevent, detect, remediate and recover from security and data breaches. From small start-ups like Breachlock to mighty IBM, breaches were the cool kids at the dance. 

A lot of the focus on breaches also included discussions and solutions centered around identity and identity information, not just about humans, but also about machine identities.  

Just like each of us has unique identities and identifiers, those pieces of personal information that bad actors keep stealing and misusing, so do machines. In fact, IBM and PWC, among other tech groups, claim that the average human identity credential is linked to about 60 machine IDs. In other words, a bad actor who gets their hands on one login and password could access and compromise the information on up to 60 machines. 

With the new kid on the block, agentic AI, that number could grow to 200 machines. That sounds scary. Like any technology, agentic AI is agnostic and can be helpful or harmful depending on who’s using it. 

So, what is agentic AI? Glad you asked. 

Most of us are familiar with generative AI. In many circles and professions, in only a few years, it has become an indispensable tool. However, it’s still in its infancy. It is largely a tool for quickly gathering and assembling information in response to a query. It may be a complex question, but generative AI can only respond to what it’s asked. 

Agentic AI is different. It is the natural extension of generative AI. Agentic AI can answer a question and then complete a task associated with the answer. For example, in a best-case scenario, agentic AI could create your grocery shopping list from recipes you’ve selected, order the groceries, schedule the delivery, and pay the bill – all without you having to do anything other than plan your menu. 

In a worst-case scenario, agentic AI could find a software flaw, write an attack exploit, launch a cyberattack, and download personal information or intellectual property with no human directing it what to do other than search for a known software flaw.  

The good news is that the best minds in cybersecurity are on the case regarding machine identities, data breaches and much more. Tens of thousands of them were in San Francisco with one mission in mind: keeping the bad actors away from our personal information and the system on which we rely every day. 

If you want to learn how to secure your personal or business information or if you’ve been the victim of identity theft, fraud or a scam, speak with an expert ITRC advisor on the phone or via text (888.400.5530), chat live on the web or exchange emails during our normal business hours (Monday-Friday 6 a.m.-5 p.m. PT). Just visit www.idtheftcenter.org to get started.  

Thanks again to Sentilink for supporting this podcast and the ITRC. Please hit the like button for this episode and subscribe where you listen to podcasts. Tune in next week to our sister podcast, the Fruadian Slip, for an answer to the question “Are there really fewer identity crime victims?” Until then, thanks for listening.