Home / Technology / AI Agents Bypass Security: The Unseen Attack Surface
AI Agents Bypass Security: The Unseen Attack Surface
17 Mar
Summary
- Attackers exploit AI agents by hiding instructions in forwarded emails.
- Current security stacks fail to detect threats embedded in normal agent tasks.
- Three major attack surfaces remain invisible to existing defenses.
New security gaps are emerging with the widespread adoption of AI agents, particularly OpenClaw. Attackers are leveraging forwarded emails to hide malicious instructions, which agents execute through sanctioned API calls, evading detection by firewalls and EDR systems. This has led to the identification of three major attack surfaces that current security infrastructure cannot see.
The first critical gap is runtime semantic exfiltration, where malicious behavior is encoded in meaning rather than binary patterns. This allows agents to appear normal while exfiltrating data. The second is cross-agent context leakage, where a prompt injection in one agent can poison the entire workflow. Researchers demonstrated how attacker-controlled instructions can be appended to workspace files, becoming sleeper payloads.
The third gap involves agent-to-agent trust chains lacking mutual authentication. A compromised agent can inherit trust from others in a workflow, allowing it to issue instructions across the chain. This poses a significant risk, as even agents on personal devices can threaten organizational security by accessing corporate credentials. In response, the industry has developed new tools, including architectural rewrites and hardened agent environments, alongside a proposed skills specification for explicit capability declarations.
