As more companies deploy AI agents to carry out complex tasks within internal systems and move toward automation, some security researchers have warned that these agents expand the attack surface from simple prompts to full enterprise systems, posing a serious threat to organisations. This raises the question of whether AI agents will become the new “insider threat.”
“AI agents are not inherently malicious. They are designed, built, and put in place to help companies, not to cause harm. However, they are relentless. These agents are incredibly effective at achieving their objectives and finding ways to accomplish the outcomes they are assigned,” John Scimone, President and Chief Security Officer, Dell, told indianexpress.com in an interview at the Dell Technologies World conference currently underway in Las Vegas.
“Through that persistent and relentless focus on achieving those goals, unintended consequences and behaviours can emerge if agentic implementations are not properly governed and safeguarded,” he added.
AI agents can browse the web, read and write files, call external APIs, and query databases. However, large language models (LLMs) suffer from an unresolved flaw: prompt injection. Since LLMs do not clearly separate data from instructions, meaning that any data, such as the content of a web page, an email, or a log entry, can effectively be interpreted as instructions. The risk that follows is that attackers can manipulate AI agents from within trusted systems using the agent’s own identity.
Gartner says that fewer than 5 per cent of enterprise applications used task-specific AI agents in 2025. In 2026, that number is expected to increase by 800 per cent. The analyst firm also estimates that more than 40 per cent of enterprise applications will use AI agents in 2026.
John Scimone, President and Chief Security Officer at Dell, speaks about the risks posed by autonomous AI agents during Dell Technologies World in Las Vegas.(Image credit: Anuj Bhatia/ The Indian Express)
“What we have seen internally and with our customers, and with so many organisations we’re partnering with across the globe that are really leaning into this space, is that they are saying: we believe in this technology, and we believe in the benefits it can bring. When you adopt a secure-by-design, secure-by-default approach and put security best practices in place, you can do this securely and resiliently. In fact, you can achieve more security and resiliency than you could with legacy architectures and traditional infrastructure implementations,” Scimone said.
Emerging internal threat
As AI agents are given greater access to corporate networks and more tasks are allocated to them, the problem arises when they run 24/7 within the network and, with their expanded capabilities, become subject to risks and threats.
Story continues below this ad
Wendi Whitmore, Chief Security Intelligence Officer, Palo Alto Networks, identifies autonomous AI agents as a major emerging internal threat.
In 2025, security researchers showed that a prompt-injection attack exposed Salesforce’s CRM platform to potential data theft. Salesforce quickly released patches to prevent AI agents from retrieving CRM records and sending them to external attackers. This vulnerability, dubbed “ForcedLeak,” illustrates how AI agents without human oversight can be abused.
In another case in 2025, security researchers found a vulnerability in OpenAI’s Codex CLI coding agent that could allow attackers to execute malicious commands on a developer’s machine by embedding harmful instructions in shared project files. This could lead to local system compromise, credential theft, code tampering, and potential downstream enterprise breaches, effectively turning the AI assistant into an attack entry point.
Security experts warn that AI agents with broad system access could expand the enterprise attack surface.(Image credit: Anuj Bhatia/ The Indian Express)
Not only do traditional security measures no longer work in the age of agentic AI, but a possible solution could be to treat AI agents like humans. It is important to understand that when a human logs into a system, they undergo identity verification, their actions are logged and monitored, and anomalous behaviour triggers alerts. Similarly, AI agents should also be governed with equivalent controls: a verified agent identity, full logging of their actions and decisions, behavioural monitoring, and complete session tracking.
Story continues below this ad
“As we go across that continuum of trade-offs between risk and reward with agentic AI, what we see is that every company is going to have a different right answer. But the common right answer is having a process by which you govern thoughtfully. You tie it to your business strategy, and you tie it to your regulatory compliance requirements,” Scimone said.
“It’s really important that as we establish the principles for risk management, the principles for the governance that we are trying to achieve, that we have a way to actually technically instantiate it. It’s not just about policy, but the actual technology architectures are established to enforce it and ensure that the agents behave as we design them to behave,” he added.
