AI agents are one of the most widely deployed types of GenAI initiative in organisations today. There are many good reasons for their popularity, but they can also pose a real threat to IT security.

That’s why CISOs need to be keeping a close eye on every AI agent deployed in their organisation. These might be outward-facing agents, such as chatbots designed to help customers track their orders or consult their purchase histories. Or, they might be internal agents that are designed for specific tasks – such as walking new recruits through an onboarding process, or helping financial staff spot anomalies that could indicate fraudulent activity.

Thanks to recent advances in AI, and natural language processing (NLP) in particular, these agents have become extremely adept at responding to user messages in ways that closely mimic human conversation. But in order to perform at their best and provide highly tailored and accurate responses, they must not only handle personal information and other sensitive data, but also be closely integrated with internal company systems, those of external partners, third-party data sources, not to mention the wider internet.

Whichever way you look at it, all this makes AI agents an organisational vulnerability hotspot.

Managing emerging risks So how might AI agents pose a risk to your organisation? For a start, they might inadvertently be given access, during their development, to internal data that they simply shouldn’t be sharing. Instead, they should only have access to essential data and share it with those authorised to see it, across secure communication channels and with comprehensive data management mechanisms in place. Additionally, agents could be based on underlying AI and machine learning models containing vulnerabilities. If exploited by hackers, these could lead to remote code execution and unauthorised data access. In other words, vulnerable agents might be lured into interactions with hackers in ways that lead to profound risks. The responses delivered by an agent, for example, could be manipulated by malicious inputs that interfere with its behaviour. A prompt injection of this kind can direct the underlying language model to ignore previous rules and directions and adopt new, harmful ones. Similarly, malicious inputs might also be used by hackers to launch attacks on underlying databases and web services. The message to my fellow CISOs and security professionals should be clear: rigorous assessment and real-time monitoring is as essential to AI and GenAI initiatives, especially agents handling interactions with customers, employees and partners, as it is to any other form of corporate IT.