"To be able to fulfill their purpose of performing tasks on a user's behalf, AI agents need access to large amounts of sensitive information, including things like bank details and passwords. However, this creates a large new "attack surface," that cybercriminals or spy agencies could use to steal sensitive personal or company information.AI agents are especially vulnerable to prompt injection attacks, where malicious websites hide instructions that trick the AI into executing harmful actions."
""The way an agent works is that it completes complex tasks on your behalf, and it does that by accessing many sources of data," she said in an interview on the sidelines of the Slush technology conference in Helsinki, Finland, last week. "It would need access to your Signal contacts and your Signal messages...that access is an attack vector and that really nullifies our reason for being.""
AI agents require access to extensive sensitive user data to perform tasks on behalf of users, including bank details, passwords, contacts, and messages. Such access creates a large new attack surface that cybercriminals or state actors could exploit to steal personal or corporate information. Agents are vulnerable to prompt injection attacks where malicious web content hides instructions that cause harmful actions. Browser-style agents that read and act on web content could enable account takeover, data exfiltration, clipboard overwrites, email theft, and redirection to phishing sites. Operating-system-level integration of agents can expose encrypted communications.
Read at Fortune
Unable to calculate read time
Collection
[
|
...
]