Cybersecurity experts warn AI agents can be hijacked via query injection, enabling hackers to misuse them for unauthorised tasks and data access.
NEW YORK: Cybersecurity experts warn that artificial intelligence agents could be hijacked to perform hackers’ malicious work.
AI agents use chatbots to automate human tasks like booking flights or managing calendars.
Their plain-language operation enables even non-technical users to cause harm.
“We’re entering an era where cybersecurity is no longer about protecting users from bad actors with a highly technical skillset,” AI startup Perplexity stated.
“For the first time in decades, we’re seeing new and novel attack vectors that can come from anywhere.”
Injection attacks previously required sophisticated hidden computer code to cause damage.
As AI evolves from generating content to independently browsing the internet, hijacking risks through malicious prompts have increased.
“People need to understand there are specific dangers using AI in the security sense,” said NeuralTrust software engineer Marti Jorda Roca.
Meta identifies this query injection threat as a “vulnerability” while OpenAI’s CISO Dane Stuckey calls it “an unresolved security issue.”
Both companies are investing billions in AI as usage and capabilities expand rapidly.
Query injection can manipulate user prompts like “book me a hotel reservation” into malicious commands like “wire $100 to this account.”
Malicious prompts can hide online where AI agents encounter compromised data containing hidden hacker commands.
Check Point’s Eli Smadja considers query injection the “number one security problem” for large language models powering AI assistants.
Major AI companies have implemented defenses and published guidelines to prevent such attacks.
Microsoft integrated tools detecting malicious commands based on instruction origins.
OpenAI alerts users when agents visit sensitive sites and blocks unsupervised actions.
Security professionals recommend requiring user approval before AI agents perform critical tasks like data exports or bank access.
“One huge mistake that I see happening a lot is to give the same AI agent all the power to do everything,” Smadja noted.
Cybersecurity researcher Johann Rehberger warns that attacks are rapidly improving.
“They only get better,” Rehberger said of evolving hacker tactics.
Balancing security with usability remains challenging since users want AI convenience without constant monitoring.
Rehberger believes AI agents aren’t mature enough for important missions or sensitive data.
“I don’t think we are in a position where you can have an agentic AI go off for a long time and safely do a certain task,” the researcher stated.
“It just goes off track.” – AFP
