Why are agentic AI systems a security risk?

Autonomous agents are multiplying with few guardrails

Recent academic and industry studies have found that many agentic systems — AIs designed to take multi-step actions on behalf of users — are being deployed with scant public information about how they were safety-tested. Researchers documented that developers rarely publish thorough safety disclosures, and reviewers found agent deployments that can act outside narrow, intended bounds.

This is consequential because agentic systems can perform real-world effects: installing software, traversing APIs, moving funds in simulated environments, or orchestrating other tools. When an agent is trained or configured poorly, or when its safety assumptions aren’t documented, it can be hijacked, misused, or simply make dangerous decisions at machine speed.

Primary risks

• Unchecked automation: Agents can execute chains of actions that multiply small errors into large failures.
• Opaqueness: Lack of clear safety testing and disclosure leaves users and defenders uncertain how much to trust an agent.
• Abuse vectors: Malicious actors can adapt widely available agent code to perform large-scale intrusion, misinformation, or supply-chain attacks.

What organizations should do

• Demand transparency: Require vendors to publish testing protocols and red-team results for agents they deploy.
• Keep humans in the loop: Gate high-impact actions behind explicit approvals and monitoring.
• Harden infrastructure: Treat agent-driven access as high-risk, with strict credentials, least-privilege rules, and anomaly detection.

Without stronger industry standards and clearer safety practices, agentic AI will remain a growing source of security exposure for companies, cloud providers, and everyday users.