Adversaries infiltrated legitimate AI tools at over 90 organizations in 2025, stealing credentials and cryptocurrency. These compromised tools could only read data, lacking the ability to rewrite firewall rules. However, the new autonomous SOC agents currently being released have the capability to rewrite infrastructure, marking a significant escalation in potential threats. While this new level of autonomy has not yet been exploited on a large scale, the rapid development of AI systems is outpacing the establishment of governance measures to prevent such attacks.
A compromised SOC agent now has the ability to manipulate firewall rules, modify IAM policies, and isolate endpoints using its own privileged credentials, all while operating within approved API calls that may be classified as legitimate activity by EDR systems. This allows adversaries to operate without direct network access, as the compromised agent can carry out their malicious actions on their behalf.
The introduction of autonomous security solutions such as Cisco’s AgenticOps for Security and Ivanti’s Continuous Compliance and Neurons AI self-service agent signifies the industry’s recognition of the need to combat AI-accelerated threats. These tools provide autonomous firewall remediation, compliance capabilities, policy enforcement, and data context validation, all essential components for safeguarding against AI-enabled adversaries.
As the landscape of AI threats evolves, the industry is facing challenges in securing AI systems from malicious actors. AI-enabled adversaries have increased their operations by 89% year-over-year, highlighting the urgency for organizations to enhance their security measures. Malicious actors have already exploited vulnerabilities in AI workflows by deploying malicious server clones to intercept sensitive data, posing a significant risk to organizations.
The governance framework surrounding autonomous agents is crucial for mitigating these risks. The OWASP Top 10 for Agentic Applications outlines key attack categories that autonomous SOC agents may introduce, such as Agent Goal Hijacking, Tool Misuse, and Identity and Privilege Abuse. Without proper governance measures in place, organizations are vulnerable to unauthorized actions and potential breaches.
To address these challenges, organizations must prioritize governance and implement stringent controls to safeguard against AI-enabled threats. Continuous Compliance and the Neurons AI self-service agent from Ivanti offer automated enforcement frameworks and policy validation to ensure compliance with regulatory requirements and protect against unauthorized activities. By integrating governance into AI systems, organizations can reduce operational overhead and improve security posture.
In conclusion, the rapid advancement of AI technology presents both opportunities and challenges for organizations. By prioritizing governance, implementing robust security measures, and conducting regular audits, organizations can effectively defend against AI-accelerated threats and secure their AI systems from potential breaches. The industry must work together to address these challenges and stay ahead of evolving threat landscapes.
