Cyber SecurityAI & Technology

Cybersecurity best practices with agentic AI adoption

By Andy Syrewicze, Principal Security Advocate (MSP) at Hornetsecurity by Proofpoint

Agentic artificial intelligence (AI) is an advanced AI that makes decisions and performs actions as though it was another fully-fledged member of the team, often with little human governance. AI agents use autonomous reasoning for complex tasks such as writing code, managing events, or resolving customer enquiries.  

To function efficiently, organisations often opt for the path of least resistance and widely elevate agent access and permissions to data so they can perform at full capacity, autonomy and speed with minimal resistance. But granting agentic AI unrestrained access can be a double-edged sword for businesses, and it’s a vulnerability that threat actors are learning to exploit.   

The Weaponisation of Agentic AI  

Agentic AI systems are being weaponised to lower the barrier to entry for cyber attackers. When attackers target agentic systems that lack proper controls, they no longer need to trick employees to gain access to internal intelligence; they only need to manipulate the AI through a prompt injection attack. 

Attackers can use several methods to carry out these attacks. For example, one might send a target user seemingly helpful AI instructions while posing as a trusted authority or co-worker. A well-intentioned employee may then ask an AI to answer what seems like a simple enquiry. However, depending on the attacker’s instructions, the AI agent may instead be tricked into reading manipulated webpages to generate its response.  

These pages can contain hidden instructions, such as white text on a white background, that the AI still reads. Such prompt injections are often malicious and may be used to extract internal data and send it to a remote server controlled by the attacker. 

 

Figure 1: Example Prompt Injection Attack Flow 

Best Defence Against Prompt Injection Attacks 

For AI agents, it’s best to limit their access to only the tools and data that they need to complete the designed task. Doing so will prevent them from attacks like the manipulated webpage / prompt injection example above. In short, defining (and following) a system of least privileged access is best practice here.  

To limit access, use AI tools and agents that are programmed to take information from trusted sources only. This reduces the risk of reading data from corrupted websites and thus stopping that particular style of prompt-injection attack.  

Agentic AI and the Rise of Ransomware 3.0  

In a 2026 cybersecurity landscape report, 61% of CISOs reported that AI had directly increased the risk of ransomware attacks. The lack of clear governance and data controls of AI adoption enabled the emergence of ‘Ransomware 3.0’, which is a type of ransomware that’s backed by the manipulation of AI.  

In this type of attack, Ransomware 3.0 goes beyond simply locking systems down. AI-powered tools help attackers automate phishing, accelerate credential theft, and move across endpoints at a scale that was unthinkable a few years ago. But the more dangerous evolution is what happens to the data itself.   

Rather than just encrypting it, attackers are now subtly corrupting or falsifying records to undermine trust in the data entirely. For security leaders, this isn’t just another spike in incidents; it’s a structural change in how ransomware threatens your business. 

With agentic AI, the ransomware moves beyond simple prompts by threat actors. Once weaponised, the AI can ‘think’ its way through complex systems to extract information at the request of a threat actor. While least privileged permissions are a vital first step, AI agent monitoring is a necessary precaution to see if the behaviour of a particular agent drifts from business rules or policies.  

AI Identity and Zero-Trust-Based Security for Cyber Preparedness 

To operate safely, organisations must adopt a Zero Trust-based cyber resiliency strategy that treats every AI agent as a high-risk workload identity. In practice, this requires implementing strong, non-phishable machine authentication, strict least-privilege access, and constant monitoring to protect the integrity of the data an agent can access. 

Identity security is also becoming the frontline of AI resilience. In 2026, we’ll continue to see the exploitation of weak identity and access management. While multi-factor authentication (MFA) has consistently provided stronger authentication over the last decade, attackers are evolving alongside these defences. It is now standard for phishing kits to bypass traditional MFA through token thefts, allowing them to access everything the user can.  

In response, organisations should accelerate mandatory adoption of phishing-resistant MFA technology like FIDO2 and Passkeys, appointing them as the only sign-in method, to prevent these attacks. It’s a further move towards trust architectures designed to withstand the scale and automation of AI-driven attacks. 

The ongoing adoption of AI is redefining what ‘trust’ means inside every business. Security, governance, and regulations must converge into the fundamental layer that enables responsible AI integration at workplaces. Organisations that modernise these layers will be able to scale AI with confidence, while those that treat AI as an add-on risk will amplify existing vulnerabilities in the near future. 

Author

Related Articles

Back to top button