AI agents in business create new risks & urgent security needs

Radware has released new research analysing the cybersecurity risks linked to the growing adoption of agentic artificial intelligence (AI) systems in enterprise environments.

The report, titled 'The Internet of Agents: The Next Threat Surface,' examines how AI agents driven by large language models (LLMs) are being integrated into business operations. These systems differ from standard chatbots by acting autonomously, executing tasks, and collaborating with other digital agents using protocols such as the Model Context Protocol (MCP) and Agent-to-Agent (A2A).

Expanded attack surface

Organisations are increasingly deploying LLM-powered AI agents into customer service, development, and operational workflows. Unlike traditional software, these agents are capable of reasoning, executing commands, and initiating actions autonomously across enterprise networks.

The report notes that as these agents interact with business systems, they establish complex transitive chains of access to sensitive resources. This can complicate tracking and securing business processes with existing cybersecurity measures. According to Radware, these pathways present "complex pathways into sensitive enterprise resources that are difficult to track or secure with existing defences."

New protocols and exposures

The adoption of protocols such as MCP and A2A enables enhanced interoperability and scalability for AI agents across different business processes, but this also introduces new risks. The report highlights threats such as prompt injection, tool poisoning, lateral compromise, and malicious handshakes, which take advantage of these emerging protocols.

Prompt injection attacks, in particular, are identified as a growing risk. By embedding covert instructions in content like emails or web pages, attackers can manipulate AI agents to exfiltrate data or initiate unauthorised actions - often without any indication to the end user. The research states: "Adversaries can embed hidden instructions in emails, web pages, or documents. When an AI agent processes that content, it may unwittingly exfiltrate data or trigger unauthorized actions - without the user ever clicking a link or approving a request."

Lower barriers to cybercrime

The report observes that new "dark AI ecosystems" are emerging, which lower the technical barriers to cybercrime. Black-hat platforms such as XanthoroxAI provide access to offensive AI tools that automate previously manual attacks, including malware creation and phishing campaigns. These tools, offered on a subscription basis, enable less-experienced attackers to develop and deploy exploits more easily.

Radware's analysis also shows that AI accelerates the weaponisation of new vulnerabilities. The report references research demonstrating that GPT-4 can develop working exploits for recently disclosed vulnerabilities more rapidly than experienced human researchers, reducing the window for IT teams to patch vulnerable systems before attackers strike.

Changing digital landscape

The emergence of the so-called 'Internet of Agents' is likened to previous digital shifts, such as the rise of the Internet of Things. In this new ecosystem, autonomous digital actors with memory, reasoning, and action capabilities are increasingly interconnected, resulting in greater operational efficiency but also expanded risk exposure.

Radware's report argues that organisations must adjust their security models to account for the new roles played by AI agents in the enterprise. With these systems acting as decision-makers, intermediaries, and operational partners, the need for effective governance and security oversight is heightened.

"We are not entering an AI future - we are already living in it," said [Insert Radware Spokesperson]. "The agentic ecosystem is expanding rapidly across industries, but without strong security and oversight, these systems risk becoming conduits for cybercrime. The businesses that succeed will be those capable of delivering trustworthy, secure AI experiences."

Security recommendations

The report sets out a series of recommendations for enterprises to protect against the unique risks posed by autonomous AI agents. These include:

• Treating LLMs and AI agents as privileged actors, subject to strict governance and access controls.
• Integrating red-teaming and prompt evaluation exercises into software development lifecycles.
• Evaluating protocols such as MCP and A2A as security-critical interfaces, rather than mere productivity tools.
• Monitoring dark AI ecosystems to stay aware of how adversaries are adapting and exploiting new tools.
• Investing in detection, sandboxing, and behavioural monitoring technologies tailored for autonomous AI systems.
• Recognising that AI-powered defensive capabilities will play an increasingly important role in combating AI-driven threats.

The report concludes by noting that AI agents represent a significant technology shift for businesses. Although these systems hold potential for efficiency and economic growth, they also introduce risks that enterprises must urgently address as the boundaries between helpful tools and security threats continue to blur.