The rapid proliferation of Autonomous Artificial Intelligence agents on the Internet, corporate networks, and user applications leads to serious security vulnerabilities. Ronghui Gu, CEO of blockchain-based security audit firm CertiK, states that the security debt in this area is gradually growing and turning into a disaster.
Security Weaknesses in Artificial Intelligence Agents
Although companies have recently marketed these smart software as miracles of efficiency, serious risks are emerging in the background. Running this new generation of autonomous and unsupervised software agents without isolation forms the basis of major security problems.
In his statement to CoinDesk, Gu said that users opened their sensitive files, system passwords and financial account access to these agents; He particularly emphasized that this situation opens the door to abuse, manipulation and fraud.
Once users give permission, the agent can read the local file system, call external applications, trigger workflows, and interact with the financial infrastructure. If these environments are not isolated, the network and personal data become completely vulnerable to attacks that may come from inside or outside.
The Dangers of the False Trust Model
According to Gu, the main problem of current artificial intelligence agents is based on an incorrect trust model. Many open source applications are developed with the assumption that they are safe from external threats because they run natively or integrate with chat applications such as WhatsApp. However, the facts show the exact opposite of this belief.
When agents are granted special permissions, they can become the biggest insider threat. Especially when local memory access and the right to manage account information are given, phishing and data theft may be possible.
Common Vulnerabilities and Mini Dictionary
CertiK’s current analysis found hundreds of critical vulnerabilities in the building blocks of this rapidly growing market. The report particularly drew attention to unpatched open source software vulnerabilities (CVE) and uncontrolled module limits that lead to credential leaks.
Mini dictionary: Prompt injection is the name given to leaking externally visible harmful instructions to artificial intelligence agents with commands containing natural language. With this method, the attacker can insert secret instructions through an innocuous email, PDF, or web page and change the actions the agent initiates.
Automatic Attacks are on the Rise
Gu adds that attacks against autonomous agents are now much faster and shorter. According to CertiK’s data, a large number of automated fraud activities have been detected that only work on-chain for a few minutes or hours and then disappear.
These attacks specifically target other algorithmic trading bots and autonomous agent systems. Attackers are performing machine-based financial infiltrations against machines before human intervention occurs.
Next Generation Threats and Security Recommendations
Some of the attacks can change the agent’s behavior with instructions hidden in natural language, without writing any specific malicious code. Therefore, traditional antivirus software fails to detect these types of attacks.
Your malicious add-ons or malicious installers that are not visible in the image can change the agent’s task using natural language, and existing antiviruses remain unprotected against this threat.
Finally, Ronghui Gu states that the software industry should abandon the trust-based approach and move to an architecture known as “Zero Trust”, where every command and plug-in is constantly verified.
