Video Interviews 

The Prompt Injection Peril and Why AI Agents Are Your Network’s Newest Vulnerability

Avatar photo by Alan Shimel on March 12, 2026

As enterprises race to embed AI agents into everyday workflows, a new and still poorly understood threat is moving from research papers into production risk: indirect prompt injection. In this conversation, Amit Chita, field CTO at Mend.io, explains why organizations building AI-powered applications need to stop treating prompt security as an edge case and start treating it as a core application security requirement.

The central problem is simple to describe and difficult to control. Modern AI systems do not operate only on the prompts users type into a chat window. They also rely on hidden system prompts, tool instructions, prior conversation context and external data sources pulled in from the web or internal systems. That layered prompt stack creates opportunity for attackers. A malicious webpage, document or third-party source can feed instructions to an AI agent that override intended behavior, manipulate outputs or trigger dangerous actions. Once these agents are connected to tools that can search the internet, send email, alter files or modify databases, the risk moves far beyond bad answers and into real operational harm.

Chita argues that this is not a future problem. It is already becoming the easiest path into organizations that are rapidly deploying AI assistants without fully understanding the security consequences. Even limited adoption can be enough to create exposure, because attackers will always target the weakest point in an environment. That makes AI governance a practical necessity, not a theoretical exercise.

The discussion also highlights why securing AI systems requires a layered approach. No single control solves prompt injection. Model-level safeguards, runtime guardrails, careful system prompt design, restricted tool permissions and tighter controls around sensitive data all have a role to play. As organizations give AI agents more autonomy, the challenge becomes increasingly urgent: We are granting software the ability to act like a worker, without the accountability, judgment or legal responsibility that comes with a human employee. That tension may define the next phase of AI security.

Alan Shimel , , ,
Avatar photo

Alan Shimel

Throughout his career spanning over 25 years in the IT industry, Alan Shimel has been at the forefront of leading technology change. From hosting and infrastructure, to security and now DevOps, Shimel is an industry leader whose opinions and views are widely sought after.

Alan’s entrepreneurial ventures have seen him found or co-found several technology related companies including TriStar Web, StillSecure, The CISO Group, MediaOps, Inc., DevOps.com and the DevOps Institute. He has also helped several companies grow from startup to public entities and beyond. He has held a variety of executive roles around Business and Corporate Development, Sales, Marketing, Product and Strategy.

Alan is also the founder of the Security Bloggers Network, the Security Bloggers Meetups and awards which run at various Security conferences and Security Boulevard.

Most recently Shimel saw the impact that DevOps and related technologies were going to have on the Software Development Lifecycle and the entire IT stack. He founded DevOps.com and then the DevOps Institute. DevOps.com is the leading destination for all things DevOps, as well as the producers of multiple DevOps events called DevOps Connect. DevOps Connect produces DevSecOps and Rugged DevOps tracks and events at leading security conferences such as RSA Conference, InfoSec Europe and InfoSec World. The DevOps Institute is the leading provider of DevOps education, training and certification.

Alan has a BA in Government and Politics from St Johns University, a JD from New York Law School and a lifetime of business experience. His legal education, long experience in the field, and New York street smarts combine to form a unique personality that is always in demand to appear at conferences and events.

alan has 170 posts and counting.See all posts by alan