What would you do if your AI agent deleted your production database — because it decided that was the logical thing to do? That’s not a hypothetical. It happened. And according to Joshua Bregler, it happened because someone gave an AI agent the same admin privileges they’d never hand to a new hire.
Joshua is an application security leader at McKinsey, working at the intersection of AppSec, AI adoption, and risk. He spends his days helping some of the world’s largest organizations figure out what to do when a shiny new AI tool shows up at their door — and what to do when they’ve already let the wrong one in.
In this conversation, Joshua shares front-line stories from enterprise AI deployments gone wrong, breaks down the guardrail and access control decisions that teams consistently get wrong, and makes a case that’s both simple and easy to miss: the right way to manage an AI agent is a lot like the right way to manage a junior developer. The fundamentals don’t change. We just haven’t learned how to apply them here yet.
Topics Covered
01:20 - Why AI adoption fails when humans are removed from the loop entirely
02:30 - Real-world use cases: When AI fabricates data, and it admits it on the spot
04:30 - AI given admin privileges, and why it deleted the production database
06:00 - The three themes: human-in-the-loop, guardrails, and access control
07:00 - Treating AI like a junior developer: prompt guardrails, library restrictions, and code review that holds
09:30 - The old methods are still the right ones, we just need to apply them to AI
10:30 - Why ignoring business logic creates vulnerabilities that don’t surface for weeks
12:00 - What good AI adoption actually looks like: small, purposeful agents over monolithic platforms
13:00 - Why an unused AI agent is an attack surface waiting to be activated
14:45 - Test, test, and retest: the only real advice for AI-powered compliance tooling
16:00 - An example where an AI-generated compliance report could be a huge liability trap
17:20 - The ROI question every executive asks first, and why the answer is always “it depends”
20:00 - “In the end, it’s all risk:” money, lawsuits, reputational capital, and institutional knowledge
21:30 - What questions companies are (and aren’t) asking about AI adoption
24:20 - Managing AI identities: why blanket permissions don’t work, and granular access is harder than it sounds
27:00 - The AI agent inventory: from Excel spreadsheets to dashboards
28:30 - Don’t ignore the frameworks: OWASP Application Security Verification Standard, OWASP AI Top 10, and why they apply more than you think
About Joshua Bregler
Joshua Bregler is a cybersecurity executive with deep expertise in application security, cloud architecture, and mission-critical systems. He currently serves as the Application Security Leader at McKinsey & Company, where he builds and scales firmwide application security capabilities, enabling secure product development and enterprise resilience.
Before joining McKinsey, Joshua was a Principal Security Architect at Amazon Web Services, where he supported the U.S. Department of Defense and the Intelligence Community. In that role, he led secure cloud transformation initiatives, architected high-assurance systems, and partnered with national security stakeholders to advance zero-trust security models across classified and critical workloads.
Joshua holds an MBA from Johns Hopkins University and is a U.S. Marine Corps veteran, bringing a mission-first mindset and disciplined leadership style to every engagement. His career reflects more than two decades of advancing cybersecurity strategy, designing secure digital ecosystems, and guiding organizations through complex technical and regulatory environments.
Connect with our guest Joshua Bregler: LinkedIn
