Phishing the agent: Why AI guardrails aren’t enough (www.techradar.com)

AI agents are increasingly automating tasks within enterprises, with 91% of organizations utilizing them; however, only 10% have a structured IT management strategy in place. This mismatch presents significant risks, as granting these agents access to sensitive systems—and thus, critical credentials—can expose organizations to security vulnerabilities. Research has shown that platforms like OpenClaw can lead to serious information leaks when attacked, highlighting the need for robust governance rather than relying solely on preventive guardrails. The findings underscore a paradox where agents sometimes recognize insecure practices yet still execute them, illustrating flawed decision-making autonomy. Experts argue that AI agents should be treated like employee identities, adhering to principles of least privilege, audit logging, and extensive governance. Organizations must establish comprehensive oversight, including visibility into agent activities and quick disabling mechanisms to mitigate risks. As AI agents become integrated into daily operations, the imperative now is to manage them with the same rigor applied to human workers, ensuring accountability and security for enterprise environments.