# Infosec2025: Concern Grows Over Agentic AI Security Risks
As organizations increasingly adopt agentic AI systems, concerns are rising about the accompanying security risks. Experts have highlighted that these AI tools, which can operate autonomously and connect with one another without human oversight, pose significant threats.
Understanding Agentic AI
Agentic AI, or AI agents, function with a high degree of autonomy. These systems can choose their own AI models, transfer data or results to other AI tools, and even make decisions without human intervention. This level of autonomy accelerates their operation compared to traditional systems based on large language models (LLMs), as they require no human prompts to function.
Despite their advantages, issues arise when organizations chain multiple AI components together, such as generative AI tools or chatbots, without implementing sufficient checks. This can lead to situations where AI agents make autonomous decisions, which is already occurring in IT processes like coding and system configuration.
Risks of Rapid AI Deployment
The rapid evolution of agentic AI raises the concern that the pace of deployment may outstrip the development of security controls. According to research by consulting firm EY, only 31% of organizations believe their AI implementations are fully mature, indicating a lag in AI governance relative to innovation.
Agentic AI can amplify the risks already associated with LLMs, as these systems are susceptible to issues such as prompt injection, data poisoning, bias, and inaccuracies. The risks can be exacerbated when one agent passes erroneous or manipulated data to another, leading to substantial cumulative errors.
The Need for Enhanced Security Measures
Dr. Andrea Isoni, chief AI officer at AI Technologies, emphasizes the need for an intermediate AI security layer, particularly when information is being ingested from external sources. She warns that as reliance on AI technologies increases, they become vulnerable points that can be exploited.
The rapid development of agentic AI necessitates that security teams act swiftly to identify potential risks. Research indicates that 76% of companies are already utilizing or planning to implement agentic AI within the year, yet only 56% report being moderately or fully aware of the associated risks.
AI Implementation as a Continuous Process
Cathy Cobey, EY’s global responsible AI leader, highlights that implementing AI is not a one-time event but an ongoing journey. Organizations must continuously align their AI governance and security controls with investments in AI functionalities.
Breaches and Security Risks
Rudy Lai, director of security for AI at Snyk, notes that the rapid adoption of agentic AI is compelling organizations to strengthen their security policies and controls. The use of agents in code development, for example, raises questions about the security of the code generated by AI.
Lai emphasizes the importance of testing agent-generated code and providing proper guardrails for AI agents. While agentic AI can enhance operational efficiency and improve customer service, its deployment requires careful consideration of the risks involved.
API Security and Integration Challenges
Eric Schwake, director of cybersecurity strategy at Salt Security, underscores that the security of APIs linking AI tools is crucial. These interfaces are not merely technical connectors; they are essential pathways through which AI agents access data, execute tasks, and integrate across platforms. Without robust API security, even sophisticated AI systems can become vulnerabilities rather than assets.
As Lai points out, the security risks associated with agentic AI systems stem not only from individual components but also from the interactions between them. Implementing AI red teaming and utilizing tools like AI bills of materials can help organizations assess and document the technologies in use and the dependencies within their applications.
In conclusion, the landscape of AI technology is rapidly evolving, and with it comes a pressing need for organizations to address the security implications of agentic AI. To safeguard their operations and data, companies must adopt proactive measures to enhance their AI governance and security frameworks.
