Agentic AI Threat
Threat IntelligenceDefinition
Security risks arising from autonomous AI agents that can plan, call APIs, execute code, browse the web, and take multi-step actions — creating novel attack surfaces for privilege escalation, unintended resource access, and chain-of-thought manipulation.
Technical Details
Agentic AI systems operate with persistent memory, tool access, and the ability to spawn sub-agents, dramatically expanding the blast radius of a successful attack. Key risks include: over-privileged tool access, prompt injection via environmental inputs, uncontrolled resource consumption, irreversible side effects (deleting data, sending emails), and confused deputy attacks when agents act on behalf of users.
Practical Usage
Enterprise teams deploying AI agents for code review, infrastructure management, or customer workflows must apply least-privilege principles to agent tool permissions, implement human-in-the-loop checkpoints for irreversible actions, log all agent actions for audit, and sandbox agent execution environments.
Examples
- An AI coding agent given filesystem and shell access is prompt-injected to exfiltrate source code via a Git push.
- An AI customer service agent with CRM write access is manipulated to modify records for users it was not authorized to edit.
- A financial AI agent executes a series of trades based on a compromised market data feed.