Estimated reading time: 5 minutes
Guardrails Or Chaos
An AI-generated email once caused a real-world mix-up for your host, Martin Hinton. I arrived at the airport expecting a 9 p.m. rebooking, but the airline’s app listed 5 p.m. instead. The airline blamed the confusion on an AI-generated message with the wrong flight information, making the idea of a ‘non-human identity’ feel much more personal.
This story introduces the latest episode of the Cyber Insurance News and Information Podcast, featuring Chris Kelly, President of Delinea, a company that protects both human and machine identities. Hinton and Kelly keep the conversation practical. They focus on insurance, and add some humor, while emphasizing that identity is now the main security control point.
The Big Headline: Identity Runs The Show
Kelly states his main point clearly: “identity [is] the control plane.” He explains that AI increases identity risk for both defenders and attackers. He suggests that security teams should use the current period of careful adoption to address risks before AI activity becomes too fast to keep up with.
Meet Delinea: “We Secure Every Identity”
Delinea’s message is direct: “We secure every identity, both human and machine,” and they include time-limited access and auditing. Kelly points out that there are now far more machine identities than human ones, which increases both insurance challenges and operational risks.
Cloud Native, Not Cloud-ish
Kelly emphasizes that security starts with good architecture. He compares ‘cloud native’ systems to older setups that use virtual machines. He highlights their ‘four and a half nines’ availability, which means downtime drops from minutes each week to just minutes per year.
AI In Cybersecurity vs. Security For AI
The episode clearly separates using AI to improve security tasks, like analyzing large numbers of session recordings, from the challenge of securing AI agents that use real credentials. Kelly explains that AI can quickly find important details. But autonomous agents also create new identity risks that need strong controls.
Get The Cyber Insurance News Upload Delivered
Subscribe to our newsletter!
Deepfakes Get Headlines; Agents Do Damage
Kelly acknowledges that deepfakes are attention-grabbing, but he is more concerned about AI agents with real credentials. These agents can act at machine speed and perform thousands of actions before anyone realizes what’s happening.
SMBs, MSPs, And The Underwriter’s Short List
For smaller companies, Kelly suggests that working with MSPs is a practical way to share expertise. On the insurance side, he lists three controls that cover about 80% of what underwriters look for: storing credentials securely, enforcing multi-factor authentication for privileged access, and recording sessions.
Lightning Round: One Question That Moves Money
Kelly’s top question for executives is straightforward: “Who has access to this?” He also criticizes annual access reviews, saying they are just a comforting routine that comes too late to prevent problems.
Watch The Podcast On YouTube Or Get It At The Links Below
Also Get It Here
The transcript has been checked for accuracy, but confirm elements against the recording. Trust, but verify.
Episode Transcript
Episode FAQ: Chris Kelly (Delinea) On AI Risk, Identity, And Resilience
Chris Kelly is the President of Delinea. He frames today’s AI risk as an identity problem that hits both humans and machines.
Kelly says “identity [is] the control plane,” and AI can boost defenders while “supercharging our attackers.”
He argues AI systems operate through identities and credentials, so attackers win when they steal or misuse access. He calls lost or stolen credentials the top breach driver and warns about “a legitimate service account with admin rights” that nobody reviewed in 18 months.
Kelly’s tagline: “we secure every identity, both human and machine.” He emphasizes right-sized access, time limits, auditing, and removing access when it’s no longer needed.
He says machine identities can outnumber humans dramatically and grow faster than teams can track. He also points to shadow IT and “agentic work” as accelerants.
Kelly doesn’t hedge: “I have never ever, ever heard anyone say they know where all their identities are in their environment.”
He argues cloud-native architecture improves resiliency and speeds delivery without taking systems down for maintenance, enabling rapid innovation.
Martin recounts an airline email he says the company later described as “AI generated,” which incorrectly rebooked his flight and triggered a scramble. Kelly calls it “terrible for you, but great as an example.”
Kelly says deepfakes grab headlines because they’re “sexy, scary,” but he worries more about AI agents with “legitimate credentials acting at machine speed” and executing thousands of actions before anyone notices.
He points SMBs toward managed service providers (MSPs) for pooled expertise and 24/7 coverage they can’t staff on their own.
He pushes continuous verification: don’t just check login—check every action, compare behavior to role, and “block in milliseconds” when it doesn’t match.
Kelly says three controls cover “kind of 80%” of what underwriters measure: vault credentials, enforce MFA on privileged access, and record sessions.
He shares a premium shock story: a company’s policy went from roughly $150K–$300K to $1M after a breach, then to $2–$2.5M after a second breach, and it never returned to baseline even after fixes.
Related Cyber Liability Insurance Posts
- Darktrace Report: Phishing, CVEs, And Cloud Abuse Raise Cyber Risk Stakes
- “Critical Security Gap” Amid Escalating Financial Sector Cybersecurity Threats
- 7 Essential Cyber Insurance Requirements You Can’t Ignore
- AI Risk: Cyber Insurance Ransomware Past Warns of Faster, Bigger AI Pain
- As Cyber Insurance Growth Stalls: Report Shows Europe Key to Rebooting Market
