Microsoft and ServiceNow's exploitable agents reveal a growing - and preventable - AI security crisis (www.zdnet.com)

Recent cybersecurity concerns have emerged surrounding the vulnerabilities of AI agents, particularly involving Microsoft and ServiceNow, which revealed a significant risk for corporate networks. Jonathan Wall, CEO of Runloop, emphasized that once deployed, AI agents with extensive access can enable lateral movement, allowing malicious actors to gain elevated privileges and potentially access sensitive data. Google’s cybersecurity leaders also warned that the rise of autonomous "shadow agents" could lead to uncontrolled pipelines for sensitive data, posing serious compliance risks. The discovery of a severe vulnerability named "BodySnatcher" within ServiceNow's platform exemplifies this crisis. It allowed an unauthenticated attacker to impersonate an administrator using merely an email address, granting them unrestricted access to sensitive information across an organization. Meanwhile, a separate issue in Microsoft’s Copilot Studio showcased the risks associated with the "Connected Agents" feature, which, while designed to facilitate collaboration, could be exploited to gain unauthorized access to privileged agents. Both incidents underline the evolving threat landscape of agentic AI, highlighting the urgent need for improved security measures, such as adopting a principle of least privilege to mitigate risks and prevent future exploits.