AI Agents are here. So are the threats.


Agentic applications are programs that leverage AI agents — software designed to autonomously collect data and take actions toward specific objectives — to drive their functionality. As AI agents are becoming more widely adopted in real-world applications, understanding their security implications is critical.

This article investigates ways attackers can target agentic applications, presenting nine concrete attack scenarios that result in outcomes such as information leakage, credential theft, tool exploitation and remote code execution. To assess how widely applicable these risks are, we implemented two functionally identical applications using different open-source agent frameworks — CrewAI and AutoGen — and executed the same attacks on both. Palo Alto findings show that most vulnerabilities and attack vectors are largely framework-agnostic, arising from insecure design patterns, misconfigurations and unsafe tool integrations, rather than flaws in the frameworks themselves.

Read more…
Source: Palo Alto Unit 42


Sign up for our Newsletter
The latest news and insights delivered right to your inbox.


Related:

  • Two Zero-Day Exploits Found After Someone Uploaded ‘Unarmed’ PoC to VirusTotal

    July 2, 2018

    Security researchers at Microsoft have unveiled details of two critical and important zero-day vulnerabilities that had recently been discovered after someone uploaded a malicious PDF file to VirusTotal, and get patched before being used in the wild. In late March, researchers at ESET found a malicious PDF file on VirusTotal, which they shared with the security team ...

  • RAMpage Attack Explained – Exploiting RowHammer On Android Again!

    June 29, 2018

    A team of security researchers has discovered a new set of techniques that could allow hackers to bypass all kind of present mitigations put in place to prevent DMA-based Rowhammer attacks against Android devices. Dubbed RAMpage, the new technique (CVE-2018-9442) could re-enable an unprivileged Android app running on the victim’s device to take advantage from the previously ...

  • Researchers warn SCADA systems are still hopelessly insecure

    June 18, 2018

    BSides Industrial control systems could be exposed not just to remote hackers, but to local attacks and physical manipulation as well. A presentation at last week’s BSides conference by researchers from INSINIA explained how a device planted on a factory floor can identify and list networks, and trigger controllers to stop processes or production lines. Read more… Source: The ...

  • Chinese Hackers Carried Out Country-Level Watering Hole Attack

    June 14, 2018

    Cybersecurity researchers have uncovered an espionage campaign that has targeted a national data center of an unnamed central Asian country in order to conduct watering hole attacks. The campaign is believed to be active covertly since fall 2017 but was spotted in March by security researchers from Kaspersky Labs, who have attributed these attacks to a ...

  • Cyber security: Nation-state cyber attacks threaten everyone, warns ex-GCHQ boss

    June 8, 2018

    The dynamics of cyber warfare have changed so dramatically that nation-state attacks are now a problem everyone needs to face up to, the former head of the UK’s intelligence agency has warned. “Five years ago we were aware of nation-state attacks but we would’ve seen them as something that only a nation-state needs to worry about. Today they’re ...

  • Researchers Warn of Microsoft Zero-Day RCE Bug

    June 1, 2018

    Researchers have discovered a medium-severity Windows vulnerability that enables remote attackers to execute arbitrary code – and Microsoft hasn’t issued a patch yet. The flaw, which was first discovered by Dmitri Kaslov of Telspace Systems, exists within the handling of error objects in JScript, according to a Tuesday advisory by Trend Micro’s Zero Day Initiative group. Read more… Source: ...