AI agents have featured in some of the most intriguing recent product launches, but cybersecurity experts have mixed feelings about the technology.
Data from SailPoint found that 96% of tech professionals view AI agents as a growing security threat. Yet, nearly all respondents indicated they plan to expand their use of agentic AI in the coming year.
The top concern voiced by respondents was the agents’ access to protected data, followed by the risk of unintended actions. The third-most reported concern was the possibility that an AI agent could share sensitive data without permission.
Data and Privacy
All these issues have been present in generative AI platforms, where models have frequently reached inaccurate or false conclusions. Due to the persistent black box issue, analysts are often unable to determine why AI made the wrong decision.
Additionally, privacy has been a constant concern for AI models that require vast amounts of data. While most of the well-established gen AI platforms—such as ChatGPT—are built to protect sensitive data, AI agents often require access to private information to carry out their tasks, including financial details.
In this light, a troubling finding from the SailPoint study was that just under a quarter of respondents reported their AI agents had been manipulated into divulging access credentials.
Furthermore, 80% of respondents said they had discovered their companies’ AI agents performing unintended actions, such as accessing systems without permission, disseminating protected data, and retrieving inappropriate content.
The Age of Agentic Commerce
Despite these concerns, the age of agentic commerce is advancing. Visa and Mastercard have unveiled platforms designed to transform AI agents into personal shoppers, enabling them to search for items and make purchases with minimal user interaction.
PayPal quickly followed these launches by partnering with Perplexity to integrate its payments directly in the AI platform’s chat.
Given the powerful potential of AI agents, many more initiatives are likely to emerge across multiple industries, including cybersecurity. However, organizations must constantly prioritize privacy and security in these initiatives.
This sentiment was echoed in the SailPoint study, where 92% of respondents stated that governing AI agents is essential to enterprise security.