Enterprises Are Not Prepared For A World Of Malicious Ai Agents

5 days ago

Follow ZDNET: Add america arsenic a preferred source on Google.

ZDNET's cardinal takeaways

Identity guidance is surgery erstwhile it comes to AI agents.
AI agents grow nan threat aboveground of organizations.
Part of nan solution will beryllium AI agents automating security.

As enterprises statesman implementing artificial intelligence agents, elder executives are connected alert astir nan technology's risks but besides unprepared, according to Nikesh Arora, main executive of cybersecurity elephantine Palo Alto Networks.

"There is opening to beryllium a realization that arsenic we commencement to deploy AI, we're going to request security," said Arora to a media briefing successful which I participated.

"And I deliberation nan astir magnitude of consternation is astir nan supplier part," he said, "because customers are concerned that if they don't person visibility to nan agents, if they don't understand what credentials agents have, it's going to beryllium nan Wild West successful their endeavor platforms."

Also: The champion VPN services (and really to take nan correct 1 for you)

AI agents are commonly defined arsenic artificial intelligence programs that person been granted entree to resources outer to nan ample connection exemplary itself, enabling a programme to transportation retired a broader assortment of actions. The attack could beryllium a chatbot, specified arsenic ChatGPT, that has entree to a firm database via a method like retrieval-augmented generation (RAG).

An supplier could require a much analyzable arrangement, specified arsenic nan bot invoking a wide array of usability calls to various programs simultaneously via, for example, the Model Context Protocol standard. The AI models tin past invoke non-AI programs and orchestrate their cognition successful concert. All commercialized package packages are adding agentic functions that automate immoderate of nan activity a personification would traditionally execute manually.

The thrust of nan problem is that nan AI agents will person entree to firm systems and delicate accusation successful galore of nan aforesaid ways arsenic quality workers, but nan exertion to negociate that entree -- including verifying nan personality of an AI agent, and verifying nan things they person privileged entree to -- is poorly organized for nan accelerated description of nan workforce via agents.

Although location is consternation, organizations don't yet afloat grasp nan enormity of securing agents, said Arora.

Also: Even nan champion AI agents are thwarted by this protocol - what tin beryllium done

"It requires tons of infrastructure investment, it requires tons of planning. And that's what worries me, is that our enterprises are still nether nan illusion that they are highly secure."

The problem is made much acute, said Arora, by nan truth that bad actors are ramping up efforts to usage agents to infiltrate systems and exfiltrate data, expanding nan number of entities that must beryllium verified aliases rejected for access.

Identity guidance is broken

The deficiency of preparedness stems from nan underdevelopment of techniques for identifying, authenticating, and granting access, said Arora. Most users successful an statement are not regularly tracked, he said.

"Today, nan manufacture is good covered successful nan privileged entree side," said Arora, referring to techniques known arsenic privileged entree guidance (PAM), which keeps way of a subset of users who are granted nan top number of permissions. That process, however, leaves a large spread crossed nan remainder of nan workforce.

Also: RAG tin make AI models riskier and little reliable, caller investigation shows

"We cognize what those group are doing, but we person nary thought what nan remainder of those 90% of our labor are doing," said Arora, "because it's excessively costly to way each worker today."

Expanding nan threat surface

Arora suggested that nan attack is insufficient arsenic agents grow nan threat aboveground by being utilized to grip much tasks. Because "an [AI] supplier is besides a privileged entree user, and besides a regular personification astatine immoderate constituent successful time," past immoderate supplier erstwhile created whitethorn summation entree to "the crown jewels" of an statement astatine immoderate constituent during nan people of their functioning.

As machines summation privileged access, "Ideally, I want to cognize each of my non-human identities, and beryllium capable to find them successful 1 spot and trace them."

Also: AI usage is stalling retired astatine activity from deficiency of acquisition and support

Current "dashboards" of personality systems are not engineered to way nan breadth of agents gaining entree to this aliases that system, said Arora.

"An supplier needs nan expertise to act. The expertise to enactment requires you to person immoderate entree to actions successful immoderate benignant of power pane," he explained. "Those actions coming are not easy configured successful nan manufacture connected a cross-vendor basis. So, orchestration platforms are nan spot wherever these actions are really configured."

The threat is heightened by nation-states scaling up cyberattacks and by different parties seeking to discuss privileged users' credentials.

"We are seeing smishing attacks, and high-stakes credential attacks crossed nan full organization of an enterprise," said Arora, referring to "phishing via matter message." These automatically generated texts purpose to lure smartphone users into disclosing delicate information, specified arsenic societal information numbers, to escalate an onslaught connected an statement by impersonating privileged users.

Palo Alto's research has identified 194,000 net domains being utilized to propagate smishing attacks.

Agents to find agents

Arora's transportation to clients for dealing pinch this rumor is twofold. First, his institution is integrating nan devices gained done this year's acquisition of personality guidance patient CyberArk. Palo Alto has ne'er sold immoderate personality guidance products, but Arora believes his patient tin unify what is simply a fragmented postulation of tools.

"I deliberation pinch nan halfway and corpus of CyberArk, we are going to beryllium capable to grow their capabilities past conscionable nan privileged users crossed nan full endeavor and beryllium capable to supply a cohesive level for identity," said Arora.

"With nan presence of agentic AI […] nan opportunity is now ripe for our customers to return a look astatine it and say, 'How galore personality systems do I have? How are each my credentials managed crossed nan cloud, crossed accumulation workloads, crossed nan privilege space, crossed nan IAM [identity and entree management] space?'"

The 2nd prong of a solution, he said, is to usage much agentic exertion successful nan information products, to automate immoderate of nan tasks associated pinch a main accusation information serviceman and their teams.

"As we commencement talking astir agentic AI, we commencement talking astir agents aliases automated workflows doing much and much of nan work," he said.

Also: Is your institution spending large connected caller tech? Here are 5 ways to beryllium it's paying off

To that end, Arora is pitching a caller offering, Cortex AgentiX, which employs automation trained connected "1.2 cardinal real-world playbook executions" of cyber threats. The various supplier components tin automatically hunt for "emerging adversary techniques," nan institution said. The devices tin analyse computing endpoints, specified arsenic PCs aliases email systems, to stitchery forensic information aft attacks for information operations halfway (SOC) analysts to make a quality determination astir really to proceed pinch remediation.

"We're taking what is simply a task that is manually impossible," Arora said of nan AgentiX techniques.

"You can't process terabytes of information manually and spell fig retired what nan problem is and lick nan problem," he said. "So, SOC analysts are now going to walk their clip looking astatine nan analyzable problems, saying, 'How do I lick nan problem?' And they'll person each nan information that they request to lick nan problem."

Arora was speedy to adhd that Palo Alto's products will still mostly impact approvals by SOC analysts.

"Most of our agents will person humans successful nan mediate wherever our customers will beryllium capable to spot nan activity that is done by nan agent, corroborate it, and past spell distant and return nan action," he said.

Over time, Arora said that greater autonomy whitethorn beryllium granted to AI agents to grip security: "As we get amended astatine it, we're going to let our customers to say, 'Okay, I've done this 5 times pinch maine watching it [the AI agent], it's doing it right, I'm going to o.k. it, let it to enactment connected my behalf.'"