Why enterprise AI agents could become the ultimate insider threat - ZDNET

The growing autonomy of enterprise AI agents is positioning them as a major insider threat, fundamentally changing the landscape of corporate cybersecurity. Historically, insider threats were primarily human-driven, but the emergence of AI agents with sophisticated capabilities introduces a new dimension to this risk. According to Verizon's 2025 Data Breach Investigations Report (DBIR), a notable percentage of employees were already using non-corporate emails with generative AI systems, inadvertently exposing sensitive company data to public cloud platforms. The Open Worldwide Application Security Project (OWASP) has identified critical security concerns associated with autonomous AI systems. These include 'prompt injection,' where attackers manipulate an AI agent's instructions to execute unintended or malicious tasks, and 'insecure output handling,' which can lead to unsafe actions in subsequent systems if not properly validated. The article emphasizes that these AI agents will often require extensive privileges within corporate networks, making them highly attractive targets for cyberattacks. Given their speed and operational scale, a single misconfigured or compromised AI agent can rapidly cascade errors or malicious actions across an entire organization. In response to these escalating risks, companies like Microsoft are developing solutions such as Agent 365, designed as a centralized platform for governing and securing AI agents. The overarching recommendation is for enterprises to approach AI agents with the same, or even greater, level of scrutiny and robust security measures typically applied to human employees, focusing on comprehensive identity management and control frameworks.