Episode 6 | Can an AI Agent Run a Purple Team Exercise in AWS?

Episode 09 | Mythos, GPT-5.4 Cyber, and Opus 4.7

In this episode of All About Identity, Ian Ahl breaks down the latest wave of AI-for-cyber news, from the hype and skepticism around Anthropic’s Mythos to OpenAI’s GPT-5.4 Cyber access program and the reality of what users are actually getting today. Along the way, he looks at what these model releases could mean for exploit discovery, defenders, and attackers alike, while keeping the conversation grounded in the fact that credential theft, phishing, and supply chain attacks still drive a huge amount of real-world compromise. Ian also shares hands-on impressions from OpenAI’s Codex Security workflow, reacts live to the Opus 4.7 release, and puts the model through a network forensics challenge to see how well it handles triage, attack reconstruction, and detection ideas. The episode closes with a broader discussion on where these models are actually useful today, and whether it’s time to build better cyber benchmarks to measure what they can really do.

Episode 08 | Introducing SandyClaw: Dynamic Analysis for Malicious Skills and Prompts

AI agent skill marketplaces are the new software supply chain, and attackers are already exploiting them. In this episode of All About Identity, Ian Ahl walks through real examples of credential-stealing and deceptive skills, explains why static scanning and single-LLM reviews fall short, and introduces SandyClaw, Permiso's dynamic analysis platform for AI agent skills and prompts. Ian breaks down how SandyClaw combines static analysis, runtime detonation, network and file monitoring, and multiple detection engines to determine whether a skill is benign, suspicious, or malicious. He also demos the platform, shows how users can search previously scanned skills or submit their own for analysis, and shares his vision for making SandyClaw the "VirusTotal for skills." Try SandyClaw at sandyclaw.permiso.io [http://sandyclaw.permiso.io].

Episode 07 | Hidden Prompts, Trusted Output: Inside Copilot Summary Abuse

In this episode, Ian Ahl (Permiso CTO) and Andi Ahmeti (Permiso Threat Researcher) walk through new research on how Microsoft Copilot email summaries can be manipulated by attacker-controlled content inside a message. They show how hidden instructions can influence summary output, inject fake security warnings, and make AI-generated summaries feel more trustworthy than the original email. It’s a sharp look at how productivity features can become attack surfaces, and what defenders should be watching next.

Episode 6 | Can an AI Agent Run a Purple Team Exercise in AWS?

In the latest episode of Ahl About Identity, Ian Ahl revisits OpenClaw and shows how his agent, Rufio, has evolved beyond hunting malicious skills into broader security workflows. He breaks down the Rufio Evolution Report, including 135 YARA rules authored, more than 2,000 skills scanned, and 21 confirmed threats. The episode wraps with a practical purple team exercise where Rufio operates inside an AWS research account, revealing detection gaps and an instruction-following miss that complicated attribution.

Episode 05 | OpenClaw, MoltBook, and the Rise of Agent Identity Abuse

Our CTO, Ian Ahl, deployed an AI agent to investigate the OpenClaw ecosystem and it immediately uncovered malicious skills stealing credentials in the wild. We break down how these campaigns work, why skills marketplaces are becoming a new supply chain risk, and what happens when agents hold keys to core business systems. Agents are becoming sysadmins for people, and we are still installing first and asking questions later.