Content About Stocktwits
AI: An update on AI Agent Security Risks. RTZ #717

AI: An update on AI Agent Security Risks. RTZ #717

Author
Michael Parekh AI: Reset to Zero
3 weeks ago
4 MIN READ

I’ve discussed the accelerating roles for AI Agents for businesses and consumers in this AI Tech Wave, a fair bit in recent months. And the unique set of challenges ahead in this ‘Bot vs Bot’ world.

And how our current Internet is not at all built and/or optimized for these ‘AI Agent Bots’. Even though leading software companies are racing ahead to sell AI Agent wares. Not to mention figuring out how AI Agents can transform shopping online.

And managing the mind-bending challenges of managing ‘AI Virtual Agent Employees’. And of course it’s all coming to a head with industry concerns over the security risks of them all. So an update is needed on the issue of AI Agent security bugs discussed last year.

Axios outlines it all well in “New cybersecurity risk: AI agents going rogue”:

“The cybersecurity industry is rushing to confront a new identity crisis — not for people, but for AI agents that act autonomously and now need to be managed like employees.”

“Why it matters: Without proper guardrails, agents could, at the very least, cause incidental data breaches, misuse login credentials, and leak sensitive information.”

“The big picture: Just as companies start to embrace AI agents for critical tasks, security vendors are scrambling to build guardrails around them, warning that every agent must have a credentialed identity — or it risks undermining trust, compliance and control.”

  • “Even without AI agents, hackers have already proven to be pretty good at hacking employee accounts through stolen and reused passwords.”

  • “You can’t treat them like a human identity and think that multifactor authentication applies in the same way because humans click things, they can type things in, they can type codes,” David Bradbury, chief security officer at Okta, told Axios.”

  • “Agents require a new way of thinking: They need the same “elevated, high trust” that human accounts receive but in a new way, Bradbury said.”

Part of the new set of challenges surround AI agent ‘identities’:

“Driving the news: Securing AI agents’ identities was a major theme of last week’s RSA Conference in San Francisco.”

  • “1Password introduced two security tools right before the conference tailored to both AI agent developers and IT managers to help make securing agents’ identities easier.”

  • “Other identity security providers, including Okta and OwnID, also released products for securing AI identities earlier this year.”

    Can we stop AI hallucinations? And do we even want to?

“By the numbers: Deloitte predicts that 25% of companies that use generative AI will launch agentic AI pilots this year. Half will launch pilots by 2027, Deloitte says.”

It all goes deep into the AI Tech Stack.

“State of play: Security pros are already used to securing so-called nonhuman identities.”

  • “Bot accounts, file servers, VPN gateways and any other machine-based entities require their own version of a username and password.”

  • “IT teams also have needed to closely monitor which company files and systems these tools have access to and constantly rotate out their passwords.”

And it’s a global challenge:

“Between the lines: Securing the identities of AI agents doesn’t require much additional innovation. But the stakes are higher since those agents could be given free rein on a company’s network.”

  • “They work 24/7, without sleeping and at very quick speeds,” Jeff Shiner, CEO of 1Password, told Axios. An agent “acts and reasons, and as a result of that, you need to understand what it’s doing.”

  • “Kevin Bocek, senior vice president of innovation at CyberArk, told Axios that security teams should create a kill switch for any agents operating on their networks.”

  • “If that agent should happen to have a bad day, or its many copies happen to have a bad day, then it’s simple,” Bocek said. “I can say, ‘You know what, these agents are no longer authorized.'”

We are barely scratching the surface of the known and unknown elements of scaling AI Agents. Both in businesses and to billions of consumers.

Expect fairly turbulent weather ahead in this AI Tech Wave. Stay tuned.

(NOTE: The discussions here are for information purposes only, and not meant as investment advice at any time. Thanks for joining us here)





Want the latest?

Sign up for Michael Parekh's Newsletter below:


Subscribe Here

More like this

BROWSE ALL ARTICLES