The AI PM's Guide to Security - with Okta's VP of PM & AI, Jack Hirsch

Listen to this episode from Product Growth Podcast on Spotify. Today's EpisodeHere's what's happening right now:Someone can clone your voice from a few YouTube videos and call your help desk pretending to be you.AI can build a perfect fake of your login page in minutes.This isn't some distant future threat. Jack Hirsch, VP of Product at Okta, sees this happening every day. Okta protects millions of logins and Jack has a front-row seat to how AI is completely changing cyber attacks.And the scary part is most PMs have no idea this is happening to their products.That's why I brought Jack on the show. He breaks down what's really happening and what you need to know as someone building products in the AI era.----Brought to you by:* Amplitude: The market-leader in product analytics* The AI Evals Course for PMs: Get $1155 off with code ‘ag-evals’* The AI PM Certificate: The #1 AI PM certificate* Kameleoon: Leading AI experimentation platform----Key Takeaways1. Identity is Everything: Over 80% of breaches stem from identity attacks, not device or network vulnerabilities. You cannot get security right without getting identity right - this is the new reality.2. DPRK Infiltration Operations: North Korean agents are passing full interview processes, getting hired, having laptops shipped to device farms, and operating as inside threats within major organizations.3. AI Agents = Security Blindspot: Companies deploy AI agents en masse without treating them as identities requiring access management. JP Morgan's CISO called this out as the biggest current threat vector.4. Help Desk Social Engineering: Attackers use AI voice cloning and deepfakes to impersonate employees calling help desk for password resets, MFA bypasses, and account access - often successfully.5. Session Security Over Time: Authentication degrades after login. Okta focuses on continuous session monitoring and risk signal sharing between security vendors rather than constant MFA prompts.6. T-Shaped Identity Strategy: Deep identity security (phishing-resistant auth, lifecycle management, risk sharing) plus broad integration across all enterprise systems - not just SSO and MFA.7. Cross-App Access Standard: New OAuth standard allows AI agents to inherit user permissions across enterprise apps without individual OAuth dances for thousands of employees.8. Essential vs Discretionary AI: Essential AI (bot detection, fraud prevention) stays always-on. Discretionary AI (log summaries, access reviews) gives customers opt-out control for compliance.9. AI Product Principles: Accelerate don't abdicate, solve real problems before prototyping, ignore AI hype cycle. Use AI as thought partner, not replacement for product judgment and domain expertise.10. Personal Security Stack: Lock credit reports immediately, use password manager with unique passwords, enable passkeys everywhere, lock phone number with carrier PIN to prevent SIM swapping attacks.----Related ContentPodcasts:How to Get a Product Leadership JobHow He Became a Series C VP of Product in 10 Years“Product Management isn’t going to exist in 5 years” - 2x CPONewsletters:The Product Leadership Job SearchThe Product Leader’s Ultimate Guide to Process ChangesProduct Leadership Interviews (GPM, Director, VP): How to Succeed----P.S. More than 85% of you aren't subscribed yet. If you can subscribe on YouTube, follow on Apple & Spotify, my commitment to you is that we'll continue making this content better.----If you want to advertise, email productgrowthppp at gmail. To hear more, visit www.news.aakashg.com