I’ve been thinking about AI agents a lot lately. Not the chatbots that answer customer service questions – those are old news. I’m talking about autonomous agents that can browse the web, write code, access databases, and make decisions without a human in the loop.
They’re being deployed everywhere. And most organisations have no idea what they’ve just let through the front door.
The Problem Nobody’s Talking About
Here’s the thing about AI agents: they’re essentially interns with root access. They can do amazing things, but they can also do amazing damage if something goes wrong.
Think about it. You give an AI agent access to your codebase, your customer database, your internal tools. It’s productive, sure. But what happens when someone tricks it into sharing that data? Or when it accidentally deletes something important? Or when it gets manipulated through prompt injection into doing something you never intended?
This isn’t hypothetical. Research from NTT DATA this week highlighted that enterprises are deploying AI agents faster than they can secure them. The gap between capability and security is growing, not shrinking.
What I’m Worried About
Prompt injection. Someone puts malicious instructions in a document, email, or webpage that your AI agent processes. The agent follows those instructions instead of yours. It sounds like science fiction, but it’s happening right now.
Data exfiltration. Your AI agent has access to sensitive information. A well-crafted query can trick it into sharing that information in its responses. The agent isn’t being malicious – it’s just doing what it was asked.
Shadow AI. Your marketing team signed up for an AI tool without telling IT. That tool now has access to your customer data, and nobody’s monitoring what it’s doing with it.
What You Can Do
Start with least privilege. Give AI agents only the access they need for their specific task. Not general access to everything. Not “we’ll figure it out later.” Specific access for specific tasks.
Log everything. If you can’t see what your AI agents are doing, you can’t protect against what they’re doing. Every action, every query, every response – log it.
Test for prompt injection. Red-team your AI deployments. Try to trick them. If you can do it, someone else definitely can too.
Establish governance now. Don’t wait for a breach to figure out your AI policies. Who can deploy agents? What access can they have? What happens when something goes wrong? Answer these questions before you need to.
The Window Is Closing
AI agents are getting more capable every week. The security gaps we have today are going to be the attack vectors of tomorrow. We need to close them now, while we still can.
The organisations that establish strong AI governance today will be the ones still standing when the attacks come. And they will come.
Related Reading