Survey: AI Agents Are Now Biggest Threat to Cybersecurity
A survey of 200 North American security leaders published finds nearly two-thirds (63%) now feel the biggest internal security threat is their employees unknowingly giving artificial intelligence (AI) agents access to sensitive data.
Conducted by OpinionRoute on behalf of 1Password, the survey also finds half (50%) acknowledge their organization has already experienced a confirmed or suspected cyber incident caused by AI or AI agents in the last six months.
Only 21% of security leaders say they have full visibility into all AI tool utilization, and nearly one-third (32%) believe up to half (50%) of their employees are using unauthorized AI tools. In total, only 2.5% of organizations believe they have full visibility into the AI applications and the level of data they can access.
Well over half (54%) describe their enforcement of AI governance policies as being weak. A similar percentage (56%) estimates that the gap that exists between governed AI agents and tools versus those that are unmanaged in their organization is anywhere between 26% and 50%, the survey finds.
Dave Lewis, Global Advisory CISO for 1Password, said many cybersecurity professionals now recognize it’s only a matter of time before there is a cataclysmic incident involving AI tools, applications and services. Many end users are now routinely pasting sensitive data into chat interfaces without reading the fine print of the user licensing agreement. Much of that data will be used to train the next iteration of an AI model, which makes it likely that sensitive data will show up as AI output in ways no one can predict, noted Lewis.
Unfortunately, cybersecurity concerns are once again being ignored in the mad rush to adopt AI, he added. Cybercriminals are becoming more adept at mastering prompt engineering to access data despite whatever guardrails may have been put in place, said Lewis. Cybercriminals are also targeting what will soon be millions of autonomous AI agents that, if compromised, will provide them with an ability to compromise an entire process, he noted.
In fact, vulnerabilities in AI tools are rapidly being discovered. For example, a vulnerability in Microsoft 365 Copilot, dubbed EchoLeak, allows cyber attackers to exfiltrate sensitive data from Copilot’s context window when interacting with a large language model (LLM) without phishing and minimal user interaction. The attack chain, dubbed LLM Scope Violation, as a result, bypasses measures meant to thwart prompt injection attacks.
Cybersecurity teams will clearly need to find ways to make sure that end users are accessing AI technologies that have been vetted for security flaws. It’s not possible at this point to put the proverbial AI genie back in the bottle. However, end users can be encouraged to refrain from using shadow AI tools that are much more likely to be targeted and compromised, especially if there are no meaningful access controls in place, said Lewis.
In the meantime, cybersecurity teams should, while hoping for the best, start to prepare for the worst. It’s already probable that sensitive data has found its way into an LLM somewhere. The only thing to be seen now is how that data might one day show up, as luck would have it, in the worst way possible.
