Microsoft highlighted the risks associated with AI agents in a new security report.
Apart from tech, the manufacturing industry is witnessing the fastest adoption of AI agents
Photo Credit: Reuters
Microsoft has highlighted several risks with artificial intelligence (AI) agents in its latest security report. The most interesting insight is about “AI double agents,” which are basically agents with excessive privileges but not enough safeguards. This makes them vulnerable to prompt engineering attacks by bad actors, and turns them into “double agents.” With these tools becoming increasingly popular in the enterprise space, the cybersecurity report highlights the security gaps that businesses must address to protect their sensitive data.
The Redmond-based tech giant published findings from its first-party telemetry and research in the latest Cyber Pulse Report. This report focuses on the rise in adoption of AI agents and the security risks that emerge from that. “Recent Microsoft data indicates that these human-agent teams are growing and becoming widely adopted globally,” the company said in a blog post.
Adding to this, the report claims that more than 80 percent of the Fortune 500 companies are currently deploying AI agents built with low-code or no-code tools. Microsoft says this is a concerning trend as agents built using vibe coding will lack the fundamental security protocols required for an enterprise environment.
In the report, the tech giant mentions that AI agents require protection by increasing observability, governance, and Zero Trust principles-based security measures. Zero trust is essentially a security framework which is built on the principle of "never trust, always verify," assuming no user or device, inside or outside the network, is trustworthy by default.
One interesting trend the report mentions is the concept of AI double agents. Microsoft says the AI agents being developed by companies today have excessive privileges, which poses a security threat. “Bad actors might exploit agents' access and privileges, turning them into unintended 'double agents.' Like human employees, an agent with too much access—or the wrong instructions—can become a vulnerability, the post added.
Explaining the risk, the tech giant said that researchers have documented how agents can be misled by deceptive interface elements, such as following harmful instructions added to regular content. Another risk discovered by researchers is redirecting agents via manipulated task framing.
Citing a multinational survey of more than 1,700 data security professionals commissioned by Microsoft from Hypothesis Groups, the report claimed that 29 percent of employees are using AI agents for work tasks that are not sanctioned by IT teams.
“This is the heart of a cyber risk dilemma. AI agents are bringing new opportunities to the workplace and are becoming woven into internal operations. But an agent's risky behaviour can amplify threats from within and create new failure modes for organisations unprepared to manage them,” the report said.
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.