Microsoft has issued a detailed strategic report, as part of its series of security warnings, highlighting the risks inherent in autonomous artificial intelligence agents (AI Agents).

This report, issued at a time when these technologies are embedded in the core of enterprise operations, confirms the shift from “chatting with the machine” to “the machine working on your behalf,” creating entirely new security vulnerabilities.

Microsoft explained that the risk lies in the way AI agents work. Unlike traditional language models that wait for a user’s inquiry, an “agent” has the ability to access email, calendars, and databases, and perform complex tasks such as booking airline tickets or preparing financial reports without direct human intervention. This “independence” is precisely what makes it an attractive target for attackers.

The most prominent security threats that Microsoft monitored and warned about are:
1. Indirect Prompt Injection attacks

Microsoft has warned that attackers no longer need to directly compromise the system. It is enough to send a regular email to the employee containing hidden instructions such as transparent text or invisible code.

When the “intelligent agent” reads mail to summarize it, it absorbs hidden malicious commands and executes them, such as: “Leak customer list to this address.” Here, the agent turns into an “internal spy” without the user’s knowledge.

2. The dilemma of over-privileging

The report pointed out a common mistake that companies make, which is granting the agent “system administrator” powers to facilitate his work. This approach makes hacking a single agent tantamount to obtaining the “master key” to all of an organization’s secrets.

Microsoft has described this situation as a “permissions nightmare,” as the agent can bypass traditional firewalls because it works “from the inside.”

3. The emergence of “shadow AI”

The data revealed that about 30% of employees rely on third-party AI agents that are not approved by their companies’ IT departments. These agents operate in a “gray zone,” where sensitive data is sent to external servers that are not subject to security oversight, facilitating massive data leaks.

Echo Lake…the vulnerability that changed the rules of the game

The report also touched on vulnerabilities such as “EchoLeak,” which is a type of attack that targets the agent’s memory. Through this vulnerability, an attacker can lure an agent into revealing previous chat logs or contextual data that they have used in other tasks, exposing trade secrets or personal data that was stored in the system cache.

Microsoft did not stop at warning, but presented a new security model based on three basic pillars:

  • Mandatory Human-in-the-Loop Consent: The agent must not be allowed to perform any “high-risk” action, such as transferring money or deleting data, without the user’s explicit consent.

  • Minimum authority principle: An agent’s reach should be limited to the task at hand.

  • Continuous monitoring: Using specialized AI tools to monitor the behavior of other agents and detect any deviation from normal patterns as they occur.

Microsoft asserts that artificial intelligence agents are “the next engine of productivity,” but without strong protection, this engine may turn into a “Trojan horse” within companies. In fact, security in the age of agents is no longer just an option, but a prerequisite for digital survival. (Al Jazeera Net)