Unit 42 outlines the risks of AI ecosystems and allowing AI agents excessive privileges. Learn how to keep your security strategy up to date with these latest trends.

Unit42 is a cybersecurity research team known for its  analysis of cyber threats, malware, and cyber attack trends. Through research reports, threat intelligence briefings, and data analysis, Unit42 offers insights into emerging cyber threats and adversary tactics. Readers can learn about threat detection methodologies, vulnerability trends, and cyber attack attribution to enhance their cybersecurity posture and protect their organizations from advanced cyber threats.

Unit 42

AI agents introduce significant security tradeoffs as they gain privileges to act autonomously on behalf of users and organizations. Two primary attack pathways are identified: targeting the open-source AI ecosystem (model file attacks with hidden malicious payloads, and MCP rug pull attacks) and targeting internal AI agents (prompt injection, data exfiltration, multi-step fraud). Defensive recommendations include scanning model files in isolated environments, preferring remote MCP servers from trusted providers, implementing both soft guardrails (prompt injection detection) and hard controls (least-privilege permissions, domain whitelisting), detailed logging of agent actions, and treating agents as potentially rogue actors. Organizations are advised to standardize on a single AI ecosystem, revisit security policies every eight weeks given the pace of AI evolution, and apply the same governance rigor to AI supply chains as to any critical system.

Navigating Security Tradeoffs of AI Agents

The Strategic Tradeoff Every Enterprise Must Decide