Intellyx BrainBlog for Straiker, in The New Stack
AI agents are creating new attack surfaces for enterprise security as hackers exploit MCP servers and trusted agent workflows to steal data.
The moment employees started using AI tools with real company data, the game changed. Productivity jumped, but so did the risk. Every prompt became a potential path for exposing sensitive information.
Security and risk management teams established usage policies for early GenAI apps on employee devices, and in a sense, compliance was enforceable. The security analyst only had to watch traffic between the endpoint and a centralized LLM-style chat app. GenAI wasn’t going anywhere, so to shut it down, just monitor for sensitive data, and then block the app or cut its DNS at the firewall.
Now, a new generation of agentic AI is proliferating through companies large and small. The potential ROI of using autonomous agents is extremely appealing to boardrooms and bosses, especially for departments that are shorthanded or perform labor-intensive cognitive work. And no field in IT has a shorter talent bench right now than cybersecurity, with 4.8 million jobs unfilled globally.
We want agents to work for us. Not just to handle redundant tasks and everyday communication on our behalf, but also for researching and brainstorming new concepts with our teams, and helping us execute complex workflows and solve critical problems. Agents can give us powerful new capabilities, but they also open up new attack vectors that the cybersecurity community never considered until now.
You see, agents are eager to please their users. And this can make them unknowing accomplices in the spy game.
Trusting our home team of agents
Agentic AI adoption within enterprises has been accelerating at an unprecedented rate over the last two years, especially compared with previous disruptive megatrends such as GenAI, containerization, and cloud computing. Agents have evolved along an increasing slope of complexity and access to company data and systems, but all forms of agents continue to improve in capability today.
Support Agents such as ChatGPT and Gemini could answer natural-language questions and assist in interrogating company data to find answers. These agents are often trained using a RAG …
Read the whole article on The New Stack here: https://thenewstack.io/agentic-ai-spy-game/
