This article is part of the VentureBeat special issue, “Cyber Resilience Script: A New Age of Driving Threats.” ”Read more from it Special Issue is here.
Generated AI raises interesting security issues, and as businesses enter the world of proxy, these security issues increase.
When AI agents enter workflows, they must be able to access sensitive data and files to get the job done – making it a significant risk for many A secure enterprise.
“The increasing use of multi-agent systems will introduce new attack vectors and vulnerabilities that could potentially be if they are not properly protected from the beginning,” said Nicole Carignan, vice president of Strategic Network AI at Strategic Network AI. Being used.” Darktrace. “However, the impact and harm of these vulnerabilities may be greater because of the increase in connection points and interface volumes of multi-agent systems.”
Why AI agents pose such high security risks
Artificial Intelligence Agent -or automatic ai that performs actions on behalf of users – has become extremely popular in the past few months. Ideally, they can be inserted into a tedious workflow and can perform any task, from the simplicity of finding information based on internal documents to making suggestions for human employees.
But they bring an interesting problem to enterprise security professionals: They have to access the data that makes it valid without accidentally opening or sending private messages to others. As agents perform tasks that more employees do, issues of accuracy and accountability will come into play, potentially becoming a headache for security and compliance teams.
Chris Betz, CISO AWStells VentureBeat that the Retrieval Effect Generation (RAG) and proxy use cases are “a fascinating and interesting perspective in terms of security”.
“Organizations will need to consider what the default sharing looks like in an organization, because agents will find it by searching for any search that supports their mission,” Betz said. “And, if you mask the files, you need to consider the default sharing policy in your organization.”
The security professional then must ask that the agent should be considered as a digital employee or software. How much access should the proxy have? How should they be determined?
AI proxy vulnerability
The AI generation makes many businesses more aware Potential vulnerabilitiesbut agents can open them to more problems.
“The attacks we are seeing today affecting a single agency system, such as data poisoning, rapid injection or social engineering to influence agency behavior, can all be vulnerability in multi-agency systems,” Carignan said.
Businesses must pay attention to the agents that they can access to to ensure data security remains strong.
Bates pointed out a lot Security Question Access to human employees around can be extended to agents. So it “studys down to making sure people have access to the right things, only the right things.” He added that when performing a proxy workflow with multiple steps, “every stage is an opportunity” for hackers.
Give the agent an identity
One answer might be to issue a specific access identity to the agent.
A world about the cause of the problem in the past few days is a world where we need to think more about the identity of an agent and the identity of the persons that agents demand from each other in our organization. Jason Clinton (Jason Clinton), CISO of model provider Human.
Determining human employees is something that businesses have been doing for a long time. They have specific jobs; they have an email address for logging in to the account and tracked by the IT administrator; they have a physical laptop that can lock the account. They have personal permission to access some data.
This variant of employee access and identification can be deployed to the agent.
Both Betz and Clinton believe this process can prompt business leaders to rethink how they provide information access to users. It may even lead to an overhaul workflow of the organization.
“Using a proxy workflow actually gives you an opportunity to bind the use cases at each step along the way to the required data as part of the rag, but only the required data,” Betz said.
He added that the agent workflow “can help address some of the concerns about oversharing” because companies must consider what data are being accessed to complete the operation. In a workflow designed around a specific set of operations, Clinton added, “there is no reason to require a step to access the same data required for Step 7.”
Old-fashioned review is not enough
Businesses can also look for proxy platforms that allow them to peek into their proxy work. For example, Don Schuerman, Chief Technology Officer of Work Flow Automation Provider Pegahe said his company can help keep the agent safe by telling user agents what they are doing.
“Our platform has been used to audit the work humans are doing, so we can also review every step the agent is doing,” Schulman told VentureBeat.
Pega’s latest products, AgentXallowing human users to switch to the screen, outlining the steps performed by the agent. Users can view the location of the workflow timeline where the agent is located and read its specific actions.
Audits, schedules and identities are not the perfect solution to security issues raised by AI agents. But as businesses explore the potential of agents and start deploying them, more targeted answers may emerge as AI experiments continue.
