BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.com//fwd-cloudsec-2026//talk//HW3YVD
BEGIN:VTIMEZONE
TZID:PST
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T100000Z
TZNAME:PST
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
END:STANDARD
BEGIN:STANDARD
DTSTART:20071104T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:PST
TZOFFSETFROM:-0700
TZOFFSETTO:-0800
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000402T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T110000Z
TZNAME:PDT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T030000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:PDT
TZOFFSETFROM:-0800
TZOFFSETTO:-0700
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-fwd-cloudsec-2026-HW3YVD@pretalx.com
DTSTART;TZID=PST:20260602T090000
DTEND;TZID=PST:20260602T092000
DESCRIPTION:Your threat model hasn’t changed with AI. It seems we have le
 arned nothing in the 12 years since Codespaces was wiped out. It was alway
 s possible for a human to write some truly unhinged scripts\, calling APIs
  faster than a human could click\, which could ruin your day (Or week\, or
  month\, or longer). Now\, AI Agents are creating some truly unhinged scri
 pts which have caused outages at multiple large organizations. AWS has suf
 fered an outage when an AI coding tool decided the right course of action 
 was to delete prod.\n\nWas the AI wrong? Is deleting prod actually a bad t
 hing? (I argue: No.)\n\nRegardless\, the purported solution is to have a 
 “human in the loop” — essentially\, a human whose job it is to revie
 w the actions being taken or proposed and vet them for safety. This is not
  inherently a bad solution\, but it comes with a multitude of risks that n
 eed to be considered. Chief among them\, we are all by our very nature as 
 humans\, prone to doing very stupid things. I once lost someone's birthday
  card just before leaving for their party. I found it\, two days later\, i
 n the refrigerator. It is one of the defining characteristics of the human
  condition: Even the smartest individuals among us are capable of being st
 upid. Pair this with AI\, and you have a recipe for disaster.\n\nIn this t
 alk\, I will cover the risks and how to think about them\, leveraging lear
 nings from another industry which uses complicated computer systems: aviat
 ion. I’ll discuss how to avoid becoming “[Children of the Magenta Line
 ](https://www.youtube.com/watch?v=5ESJH1NLMLs)”\, a phrase from a classi
 c 1997 training session by American Airline’s chief pilot\, given two ye
 ars after the AA965 crash where a flight crew dutifully followed the magen
 ta line on their navigation screens into a mountain. In the security indus
 try\, we are in danger of repeating the same human-computer interface mist
 akes that have been identified and mitigation strategies developed in othe
 r automation-heavy industries. Thankfully\, in our industry\, our mistakes
  tend to have less immediately tragic consequences\; but that doesn’t me
 an we should be complacent and make them anyway.
DTSTAMP:20260502T124115Z
LOCATION:Room 1
SUMMARY:Artificial Intelligence 🤝 Natural Stupidity - Brandon Sherman 👾
URL:https://pretalx.com/fwd-cloudsec-2026/talk/HW3YVD/
END:VEVENT
END:VCALENDAR