Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
This article is part of Venturebeat’s special number, “Cyber Standing PlayBook: walk the new threat period.” Read more Here is a special issue.
Generative AI violates interesting safety questions and these security issues increased because the enterprises moved to the world of agency.
When AI agents include workflows, they should be able to access sensitive information and documents to do their job – to make a significant risk for many Security-minded businesses.
“The rising use of many agent systems will present new attack vectors and vainability that can be exploited if not ensured from the beginning,” said Nicole Carignine, Strategic Cybergian AI VP Darktrace. “However, the effects and losses of these weaknesses can be even larger due to increased contact points and the interfaces of many agent systems.”
Why AI Agents Create Such High Security Risk
AI agents – Or Mukhtar AI, who performed the actions on behalf of users, was extremely popular in the last few months. Ideally, they can connect to tedious workflows and can use something to make recommendations to accept human workers, as simple as finding information based on internal documents.
However, the enterprise provides an interesting problem for security professionals: Accidentally access information that allows you to open personal data or opening or sending personal information. The issue of agents, accuracy and accountability, which performs more responsibilities of employees, is due to the possibility of potentially security and compliance groups.
Chris Betz, Ciso BoringThe expanded generation (dwarf), which is delivered to Centurebeat and the use of agent, said “an interesting and interesting angle” in terms of security.
“Organizations, which standard sharing in organizations should be found, because an agent will be found to support an agent’s mission, it is necessary to think that an agent will be found,” he said. “If you exceed the documents, you should think about the standard share policy in your organization.”
Security experts should then ask whether the agents were considered digital workers or programs. How long should the agents have access? How should they be determined?
AI Agent Weaknesses
Gener AI became aware of more enterprises Potential vulnerabilitiesHowever, agents can open them into more issues.
“The appointments we see will be a weakness in many agent systems that affect an agent behavior such as attacks, information poisoning, urgent injection or social engineering,” he said. Carignan.
Enterprises should pay attention to what the agents can get to ensure that information security is strong.
The betz drew attention to many Security issues The entrance to the surrounding human worker extends to agents. Therefore, “people fall down to make sure that people are entering the right things and only the right things.” He added that when the agency came to work flow, with a large number of steps, “Each of these stages is an opportunity for hackers.”
Agents give identity
Answer agents can be given specific entry identities.
A world, which is a world that is due to the cause of problems with the cause of problems in the days, a world that is responsible for the identity of this agent, as well as the identity of our organization, “Jason Clinton, model supplier Ciso Anthropical.
Determination of human workers is something that has been a very long time. There are concrete work; There is an email address they used to access accounts and track by IT managers; They have a physical laptop with accounts that can be locked. They get individual permission to access some data.
A change in access and identification of such an employee can be placed in agents.
Both Betz and Clinton believe that the enterprise leaders of this process can make it possible for users to re-think. Even the organizations may have overhauled work flows.
“Using the agent’s workflow, the ways used for the ways used for each step are used for each step, just as part of the data, but the information he needs,” said betz.
He added that the agent of the workflow “It can help to touch some concerns about the extreme majority, because the companies should think of what information information is obtained. Clinton added that in a workflow developed around a certain set of operation, “, you do not need to be a step to get the same information in the same need.”
Old fashion audit is not enough
Enterprises can also search for agent platforms that allow agents to draw. For example, Don Schuerman, which is a workflow automation provider, CTO PegaHe said that the company’s agent’s agent was assisting the agent’s security.
“Our platform is already used to check the work of people, so we can check every step of an agent,” said Schuerman Venturebeat.
The newest product of Pega, AgentxAllows human users to move to a screen reflecting an agent’s steps. Users can see where the agent is the agent and its special actions along the workflow schedule.
Inspections, time and personality are not the perfect solutions for security problems provided by AI agents. But when the enterprises begin to investigate and place the potential of agents, more target answers may come because the AI experience continues.
