As the integration of Agentic AI into various business processes accelerates, experts are raising alarms about the potential vulnerabilities associated with these intelligent systems. Agentic AI, designed to perform tasks autonomously, exhibits a notable weakness: its inability to differentiate between the text it processes and the instructions it follows. This limitation presents serious dangers, requiring a deeper look into the effects this has on companies, as well as their safety.
The Open Web Application Security Project (OWASP) has outlined 15 distinct threats specifically pertaining to Agentic AI. The most recent user surveys indicate only 20% of users saying their in-house developed AI agents never caused unintended actions to occur. Worryingly though, 26% didn’t know that their agents would suddenly need internet access. Further, 23% of respondents said their AI agents leaked sensitive access credentials. Additionally, 16% encountered fraudulent transactions conducted by these agents.
Leading Agentic AI expert Donnchadh Casey underscores the importance of offering direction to Agentic AI. He states, “If not given the right guidance, agentic AI will achieve a goal in whatever way it can. That creates a lot of risk.” This feeling makes it all the more crucial to put in place accountability mechanisms to minimize real dangers resulting from AI actions.
Agentic AI Either AI is agentic and acts with intent and purpose. It operates like a human brain, constantly using many tools, databases, and various forms of communication to get the job done. Within this complexity lies the challenge of making sure that its knowledge base stays secure. As Shreyans Mehta observes, protecting an agent’s knowledge base is crucial because, “It is the first source of truth. If an agent operates on the wrong knowledge, it might erroneously delete an entire system that it was meant to repair. That’s why it’s so important to get it right when using that data.
As a result, memory poisoning has recently come to the fore as a pivotal threat to Agentic AI. This happens when an attacker is able to directly influence the agent’s knowledge base, resulting in changed decisions and actions. The risk is dramatically amplified with the emergence of “zombie” Agentic AI agents. These legacy systems are able to operate within a business’s infrastructure like a wolf in sheep’s clothing, putting all other systems at risk.
Gartner has predicted that by 2028 Agentic AI will account for up to 15% of daily work decisions. That change will deeply alter how we plan to execute our day-to-day work. As our reliance on these systems continues to increase, so does the demand for proper safeguards to be in place. To guard against this possibility, Casey proposes deploying “agent bodyguards,” specialized layers of AI that would be responsible for watching over Agentic AI’s operations. He explains, “We’re looking at deploying what we call ‘agent bodyguards’ with every agent, whose mission is to make sure that its agent delivers on its task and doesn’t take actions that are contrary to the broader requirements of the organization.”
Experts cautioned lawmakers that if Agentic AI is treated simply like the tools they currently are, it’s a recipe for grave unintended consequences. David Sancho highlights the fundamental misunderstanding surrounding these systems, stating, “We’re talking artificial intelligence, but chatbots are really stupid.” This alarming trend highlights the need for strong regulatory protections.
The potential for unintended actions is alarming. Survey results show broader Agentic AI agents exhibiting all these bad behaviors. Twenty-six percent of respondents experienced unanticipated usage spikes on their networks. At the same time, 16% reported rogue orders, putting organizations at risk of security violations and functional disasters.
To mitigate these risks, Casey calls for strong access controls similar to what is required of a human employee. He asserts, “You need to make sure you do the same thing as you do with a human: cut off all access to systems. Let’s make sure we walk them out of the building, take their badge off them.”