
Beware Of Agentic AI's Heel Turn As Corporate Security Villain
As fast as generative artificial intelligence and large language models (LLMs) like ChatGPT have permeated business, academia and personal communications, the next phase of AI advancement is poised to just as quickly become part of the engine driving everything from customer service and supply chain management to healthcare and cybersecurity.
Agentic AI brings autonomy to AI systems, building on AI techniques to make decisions, take action and pursue goals independently, or at least with minimal human supervision. Where generative AI can write a report for you based on the prompts you give it, agentic AI can decide when to write the report, what to say in it and to whom to say it. And, it might not even require asking for your permission first.
The technology in its current form is still nascent, but it is being heralded as the next great leap in autonomous systems, boldly performing next-phase functions where previous AI systems could not tread, such as dynamically reconfiguring supply chains in response to natural or manmade emergencies or proactively ensuring that complex IT systems avoid downtime.
Gartner has forecast that by 2028, 33% of enterprise software applications will include agentic AI (in 2024, it was less than 1%), making it possible for 15% of all day-to-day work decisions to be made autonomously.
However, the great promise of agentic AI doesn't come without significant caveats. Its capabilities and autonomy present a potent enterprise threat vector beyond the realm of garden-variety security concerns. Giving self-optimizing, proactive AI systems the keys to perform independent actions can lead to adversarial behaviors, amplified biases that can cause systemic vulnerabilities and questions of accountability in the event of AI-orchestrated breaches or disruptions.
Enterprises need to assert AI governance and ensure that developers are equipped to maintain oversight, with the security skills to safely prompt and review AI-assisted code and commits.
A report by the Open Worldwide Application Security Project (OWASP) points out that agentic AI introduces new or 'agentic variations' of existing threats, some of them resulting from new components in the application architecture for agentic AI.
Among those threats are memory poisoning and tool misuse resulting from the integration of agent memory and tools. Other risks associated with tool misuse include remote code execution (RCE) and code attacks, which can arise from code generation, creating new attack vectors.
Other threats can arise when user identities are involved. For example, a new bug, referred to as a 'confused deputy' vulnerability, has been uncovered involving user identities embedded inside integrated tools and APIs. It can happen when an agentic AI, acting as a deputy to a human user, has higher privileges than the user it is working with at the time. The agent can then be fooled into taking unauthorized actions on behalf of the user. And if an agent doesn't have proper privilege isolation, it may not be able to distinguish between legitimate requests from its lower-privilege users and those that are part of an attack.
To stop this (as well as to prevent hijacking via prompt injections, identity spoofing and impersonation), organizations should be sure to reduce agent privileges when operating on behalf of a user. OWASP also recommends several other key steps, including ways to prevent memory poisoning, AI knowledge corruption and the manipulation of AI agent reasoning.
Meanwhile, enterprises must also be on guard against the rapidly mounting threat from attacks fueled by agentic AI. A report by Palo Alto Networks' Unit 42 detailed how agentic AI can be used to increase 'the speed, scale and sophistication of attacks' that have already been greatly accelerated by AI.
For example, they found that the mean time to exfiltrate (MTTE) data after an attacker gains access to a system dropped from an average of nine days in 2021 to two days in 2024. In one of five cases, MTTE happened in less than an hour. Unit 42 simulated a ransomware attack using AI at every stage of the process. They transitioned from initial compromise to data exfiltration in 25 minutes, representing a 100-fold increase in speed compared to a typical attack.
Agentic AI, with its ability to autonomously perform complex, multi-step operations and adapt its tactics during an attack, will only intensify offensive operations—possibly conducting entire attack campaigns with minimal human intervention in the near future.
Despite the speed, power and sophistication that agentic AI can bring to cyberattacks, enterprises aren't necessarily overmatched. Agentic AI may eventually lead to new styles of attacks, but currently, it appears that it will mostly turbocharge existing, known attacks. Organizations can, as OWASP advises, tighten identity controls and take other steps to prevent memory poisoning and AI corruption. They can also fight fire with fire, using agentic AI to enhance network monitoring and analysis of specific threats.
The foundations of good security need to be bolstered. And in the current environment, that begins with protecting software through secure coding practices performed by proactive developers with verified security expertise. They need to continue their ongoing education programs to effectively apply security best practices at the beginning of the software development lifecycle. People also need new guidance on how to use agentic AI tools safely. Developers with the proficiency to both prompt and review code output are also crucial to ensuring the safe and secure use of agentic AI.
Organizations that do not prioritize uplifting and continuous measurement of developer security skills will find themselves in a precarious position, fighting against a deluge of AI-generated code that is not being utilized with the critical thinking and hands-on threat assessment required to deem it safe, and ultimately realize the productivity gains these tools offer. Security programs must modernize at the breakneck pace at which code is now being delivered.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Hashtags

Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles


Bloomberg
17 minutes ago
- Bloomberg
Bank of France Says Industry to Drive Steady Quarterly Growth
France 's economy is set to grow in the third quarter at a pace similar to the previous three months, driven by manufacturing and services, the country's central bank said Monday in its monthly business survey. The Bank of France predicted gross domestic product will increase around 0.3% after business leaders reported higher activity in the transportation equipment, aerospace and automotive sectors at the start of the period.


CNET
19 minutes ago
- CNET
Save Up to $250 and Get Free Gifts With OnePlus' Back-to-School Sale
It's back-to-school season and there's no question that today's educational system requires tech to get by. From making it easier to take notes, do homework or research, having the right gear is helpful. If you're a fan of the Android, you know that Samsung and Google are some of the best brands out there. However, OnePlus gear isn't to be overlooked. They too have stellar cameras, top-notch security features and exciting AI features. OnePlus' back-to-school deals last from August 11 to September 1. These deals are great for anyone trying to keep an eye on their budget or who might have tariff concerns. OnePlus also offers discounts with trade-ins, free gifts with select purchases and free shipping on any order above $100. We've rounded up some of their deals by category. Plus, students get up to an extra 10% off. OnePlus Back-to- School deals OnePlus 13 (256GB): $750 The OnePlus 13 smartphone offers a 50MP back camera, 12GBRAM and 256GB SSD. The phone is equipped with a NanoStack battery, lets you capture videos in 4K resolution and is both IP68 and IP69 waterproof. Your purchase also includes one free gift, and you choose from a leather case or a pair of OnePlus Buds 3. Need more storage space? You can grab the 512GB version of this phone for $150 off, which brings it down to $850. Plus, OnePlus has a trade-in program that lets you save up to an extra $100 off. Details Save $150 $750 at OnePlus Close OnePlus Watch 3 (46mm): $320 The OnePlus Watch 3 and won our CNET staff over thanks to its long battery life, tough titanium alloy bezel and wellness trackers so you can keep better tabs of your health. It's now $30 off and you can score up to an extra $50 off if you have an eligible device to trade in. Plus, students save an extra 10% off the sale price. Details Save $30 $320 at OnePlus Close OnePlus Buds Pro 3: $150 If you need an alternative to pricey AirPods or Beats earbuds, then OnePlus Buds Pro 3 are a solid have dual drivers, stellar sound and noise canceling up to 50 decibels so you can focus. Your purchase includes a USB-C charging cable and ear tips so you can get the best possible fit. Details Save $30 $150 at OnePlus Close OnePad Pad 3: $650 The OnePlus Pad 3 is the latest tablet OnePlus has to offer. It's equipped with the Snapdragon 8 Elite CPU for speedy and reliable performance, 3.4K resolution and it's only 5.97mm wide, making it ultra-slim and easy to carry. Plus, you can choose one free gift with your purchase. Choices include the OnePad 3 Folio case or the OnePlus Stylo 2. Students can get an extra 10% off. Details Save $50 $650 at OnePlus Close More OnePlus Back-to-School deals OnePlus has a few more deals up their sleeve, and you have until September 1 to consider your options. OnePlus has a 15-day return policy and offers discounts on bundles with certain purchases. Looking for back-to-school deals but not sure if any of these are for you? Check out our list of the best back-to-school gear and gadgets so you can find what works for you. Why this deal matters OnePlus offers fantastic Android gear with all of the trimmings: clear cameras, beautiful display, AI features and waterproof build so you can get your work done anywhere. On top of discounts of up to $250, students can save up to 10% off and anyone with a device to trade in might qualify for extra savings on certain purchases.


Entrepreneur
19 minutes ago
- Entrepreneur
Autonomous Agents Are Revolutionizing Software As We Know It
Autonomous agents are the new product strategy for SaaS. Opinions expressed by Entrepreneur contributors are their own. Let's be honest, most SaaS updates today are still "smarter features." Better dashboards, improved AI summaries and predictive filters that shave off seconds from workflows. They're helpful, but … they're still passive. However, most of these features still depend on users knowing what to do. Autonomous agents change this equation. Let's explore why autonomous agents are becoming the new operating layer of SaaS. Related: From Co-Pilot to Co-Worker: Where the AI Assistant Journey is Headed to Next Autonomous agents: The new growth layer for SaaS Autonomous agents are systems that decide and act instead of simply responding to user actions. They're software entities designed to interpret goals, make decisions and take action on their own. Instead of "How can we help users complete tasks faster?" We ask, "What tasks can the product handle on its own?" Smarter features are reactive. They rely on user input to trigger a defined outcome. A predictive tag sorter remains inactive until you manually upload or categorize new data. Recommendation engine generates suggestions only after you've provided enough browsing behavior to inform its model. Automated test scripts validate expected behavior, but often fail when faced with unexpected inputs or dynamic UI changes. CI pipeline trigger runs tests on schedule or commit, but doesn't monitor environmental factors or adapt based on risk levels. Autonomous agents operate like collaborative teammates, navigating complexity and ambiguity on your behalf. They can: Analyze a backlog, identify dependencies and sequence upcoming releases Monitor user behavior, detect churn risk and initiate personalized retention flows Orchestrate test automation across environments, handle failures and self-optimize coverage This represents decision intelligence built into next-generation software, not just feature intelligence. Related: Insights on the Impact of AI in the Vertical SaaS industry Where agents are already changing SaaS DNA Autonomous agents are already embedding themselves across the software stack: DevOps platforms: Deployment agents monitor post-release metrics and trigger rollbacks before issues escalate. Customer success systems: Retention agents proactively trigger support playbooks when churn risk is detected. Marketing tools: Budget optimization agents dynamically shift ad spend across platforms based on performance, requiring no manual approval. They're goal-driven decision makers with embedded memory, context awareness and execution autonomy. Why autonomous agents drive product adoption When SaaS products integrate autonomous agents, they help with user stickiness and adoption beyond what was previously possible: 4x uplift in code deployment: Noibu accelerated its code deployment frequency by 4x using LambdaTest's autonomous agenting testing, streamlining releases and enabling quicker, high-quality updates. 45% faster time-to-value: Agentic automations have shaved onboarding time by up to 45%, accelerating value realization and reducing early user drop-off. Improved user engagement : Products integrating autonomous agents report 60–80% faster workflows, with agents that automate repetitive tasks seeing higher regular usage frequency and improved retention. Active user growth (DAU/MAU): DAU/MAU growth reflects increased stickiness; agents that automate repetitive tasks see higher regular usage frequency. Higher customer satisfaction scores (CSAT & NPS): 55% of SaaS users say that personalization powered by agents influences their decision to remain active; 60% are more likely to recommend agent-enabled products. Why SaaS needs to make this leap now Markets are shifting. AI-native companies are launching with agent-first frameworks. User expectations are evolving. Gen Z and millennial teams want outcomes, not toolkits. Investor narratives are increasingly focused on intelligent automation and productivity expansion. Autonomous agents represent a fundamental strategy that redefines user expectations from software. SaaS founders and product leaders who embed agents into their platforms will build intelligent collaborators to take on complete responsibility and execute with purpose in the near future. Related: What You Need to Know About 'AI Agents' and Why We Are One Step Closer to The Jetsons Think beyond smarter features Smarter features help users work better. Autonomous agents let them stop working on what doesn't matter. This goes beyond bots, automation scripts or background tasks. It's about building SaaS platforms that actively participate in solving problems without constant instruction. The future winners in SaaS will build software that thinks, decides and acts as a true partner in getting work done, rather than just offering faster filters or better dashboards. Autonomous agents represent the next evolution in software. The transformation has already begun.