Can you social engineer an AI? Plus: AI worms and the nonhuman identity problem

If you just ask an AI nicely enough, you can get it to hand over the keys to a total stranger’s Instagram account. But people can be tricked, too. So what’s the difference? Is there any?

This week on IBM’s Security Intelligence, Jeff Crume, Claire Nunez and Nick Bradley join host Matt Kosinski to dig into what happens when social engineering meets AI. We cover the Meta/Instagram prompt injection attack, a new self-replicating AI worm out of the University of Toronto that can reason its way through a network and the Sophos State of Identity Security 2026 report, which found that nonhuman identities (NHIs) are responsible for a sizable chunk of identity-based data breaches.

Are AI agents more gullible than humans? Is the AI worm a genuine leap forward for attackers, or just another proof-of-concept? And why are so few organizations bothering to audit and rotate their nonhuman credentials?

All that and more on Security Intelligence.

The opinions expressed in this podcast are solely those of the participants and do not necessarily reflect the views of IBM or any other organization or entity.

Follow the Security Intelligence podcast on your preferred platform: https://www.ibm.com/think/podcasts/security-intelligence