The AI security crisis no one is preparing for
Jacob Ideskog, CTO of Curity, warns of a growing security crisis due to the widespread use of AI agents in organizations. These agents often have broad access without sufficient security controls, exposing systems and sensitive data to risks such as data leaks and unauthorized access.
Ideskog compares this to past rapid adoption of APIs and cloud computing, where security was initially overlooked, creating vulnerabilities. The main threats with AI agents include:
Command injection: attackers manipulating agent behavior with malicious inputs.
Data leaks: agents inadvertently exposing sensitive information.
Exploitation via crafted inputs: inputs designed to manipulate agent behavior.
To mitigate these risks, Ideskog recommends enforcing least privilege, input/output filtering, continuous monitoring, security testing before deployment, developing AI-specific threat models, and training security teams for these new challenges.