Cloud Security Office Hours Banner

Friday, May 8, 2026 - Meeting Recap

AI's impact on cybersecurity, Microsoft Red Sun zero-day, HSBC password controversy

- Cloud backup strategies, securing local AI agents, ServiceNow's Armis acquisition

Quick recap. The Cloud Security Office Hours meeting focused primarily on discussions about data backup strategies and security implications of AI agents. The group extensively discussed recent security breaches, including the Instructure/Canvas breach affecting thousands of schools, and explored various backup approaches from traditional tape systems to modern cloud-based solutions. Tyler presented their work on developing a secure sandbox for running AI agents locally, which led to discussions about container security, privilege management, and the challenges of securing AI tools like Claude. The conversation also touched on vendor consolidation in the cybersecurity industry, particularly regarding ServiceNow's acquisition of Armis, and included discussions about pricing models and innovation in the security space.

2026-05AIIndustry NewsVulnerabilities
Show 3 discussion topics

Cloud Security and Backup Strategies

The meeting focused on cloud security and backup strategies, particularly in response to recent cybersecurity incidents. Participants discussed the Canvas/Instructure breach affecting thousands of schools, evolution of ransomware tactics from single-file encryption to triple extortion, and various backup approaches including traditional tape systems, cloud-based solutions, and off-site storage methods. The group explored challenges with implementing effective backup and disaster recovery plans, including testing requirements and maintaining compliance with frameworks like ISO 27001. Key concerns included the complexity of managing physical media, the need for immutability in backups, and the importance of regular testing, with quarterly tests being commonly mentioned as a practical frequency for many organizations.

AI Agent Security Sandbox Discussion

The meeting focused on discussing security implications and sandboxing approaches for running AI agents like Claude locally. Tyler led the discussion on potential solutions including NVIDIA's OpenShell for secure sandboxing and microVMs, while Neil suggested container-based approaches over VMs for development environments. The group explored various security concerns including agent access to credentials and production environments, with Milos sharing information about E2B and Docker alternatives. The conversation concluded with discussions about policy-based prevention methods and the potential for open-sourcing sandboxing solutions, with several participants expressing interest in future collaboration on these security measures.

ServiceNow-Armis Acquisition Discussion

The group discussed ServiceNow's acquisition of Armis and debated the effectiveness of consolidating IT and security platforms. Stryker expressed skepticism about the merger, comparing it to previous failed attempts at combining IT and security functions, while Jay shared insights about ServiceNow's charismatic leadership style and its impact on employees. The conversation then shifted to broader industry topics, including vendor consolidation challenges, particularly focusing on Palo Alto's acquisition history and pricing models, with Neil and Jay sharing experiences about confusing workload-based pricing structures. The discussion concluded with reflections on innovation in cybersecurity and the challenges of space-based data centers, with Jay making a key point about jurisdictional issues in space.

↑ All meeting recaps