AI

As agentic AI systems grow increasingly complex, it becomes clear that this class of applications relies on a multi-layered architecture. Trying to chart such architecture reveals several security risks that could plague each layer. This article investigates the possible scenarios and offers actionable insights to secure each layer and combat such threats.

As open-source AI models become foundational to digital infrastructure, hidden backdoors and tampered supply chains pose a growing, under-recognized threat that traditional security tools can fail to detect.

Email-based cyber threats are growing more sophisticated, with attackers increasingly using tactics like QR code phishing, known malware variants, and AI-powered impersonation to bypass traditional defenses and target users, data, and systems.

Our latest research provides a framework for understanding agentic AI systems, outlines their core characteristics, and examines the security implications surrounding their use.

To conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.

How can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.

In the third part of our series we demonstrate how risk intensifies in multi-modal AI agents, where hidden instructions embedded within innocuous-looking images or documents can trigger sensitive data exfiltration without any user interaction.

Our research examines vulnerabilities that affect Large Language Model (LLM) powered agents with code execution, document upload, and internet access capabilities. This is the second part of a series diving into the critical vulnerabilities in AI agents.

This introductory post kicks off a blog series on AI agent vulnerabilities, outlining key security risks like prompt injection and code execution, and sets the stage for future parts, which will dive deeper into issues such as code execution flaws, data exfiltration, and database access threats.