Most security teams are still thinking about this problem the same way: a human attacker on the outside, trying to get in. That threat model is already running behind the actual risk.

Here is what is happening in enterprise environments right now. Companies have built networks of automated software workers :systems that communicate with each other, make decisions, access financial platforms, query internal data, send communications, and execute transactions, continuously, with minimal human oversight. These are not single tools sitting in a corner. They are ecosystems. And ecosystems have entry points.

The threat this session addresses does not look like a breach. No perimeter gets crossed. No password gets stolen. An adversary or an adversary's own automated system, presents itself as a legitimate participant in your workflow. It passes your authentication checks. It operates inside your normal guardrails. And from that position, it quietly steers decisions, redirects outputs, and pulls information outward at a speed and scale no human attacker could sustain.

I’m calling them Ghost Employees.

This talk walks through three real attack scenarios in plain language: a ghost participant injected into a financial services workflow that systematically tilts credit decisions in favor of fraud; an infiltrator inside a corporate research pipeline that routes proprietary work to an outside destination as it is produced; and a compromised security monitoring workflow that is quietly trained to look away from specific attack signatures.

None of these require you to understand the underlying technology. All of them are active risks in production environments today.

The second half of the session gives security leaders a concrete starting framework for building trust boundaries inside automated workflows borrowed from the same zero-trust principles already familiar to this audience, applied to a layer that currently has none. You do not need to rebuild your systems. You need to know where the unlocked doors are.

You will leave with a clear map of where your exposure sits and the language to walk your board through it in under ten minutes.

Note: This talk has not been presented at any prior event