惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

aimingoo的专栏
aimingoo的专栏
Google DeepMind News
Google DeepMind News
S
SegmentFault 最新的问题
Project Zero
Project Zero
D
DataBreaches.Net
I
InfoQ
L
Lohrmann on Cybersecurity
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
酷 壳 – CoolShell
酷 壳 – CoolShell
Stack Overflow Blog
Stack Overflow Blog
The Register - Security
The Register - Security
Recorded Future
Recorded Future
Vercel News
Vercel News
博客园 - 司徒正美
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
I
Intezer
The Hacker News
The Hacker News
F
Fortinet All Blogs
Microsoft Azure Blog
Microsoft Azure Blog
P
Proofpoint News Feed
Help Net Security
Help Net Security
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Scott Helme
Scott Helme
T
Threatpost
爱范儿
爱范儿
N
Netflix TechBlog - Medium
D
Docker
云风的 BLOG
云风的 BLOG
C
Cisco Blogs
K
Kaspersky official blog
H
Help Net Security
S
Secure Thoughts
T
Threat Research - Cisco Blogs
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
S
Security @ Cisco Blogs
Cyberwarzone
Cyberwarzone
N
News and Events Feed by Topic
G
Google Developers Blog
Forbes - Security
Forbes - Security
博客园 - 三生石上(FineUI控件)
博客园 - 叶小钗
B
Blog
Google DeepMind News
Google DeepMind News
Recent Announcements
Recent Announcements
Simon Willison's Weblog
Simon Willison's Weblog
S
Securelist
P
Privacy International News Feed
Spread Privacy
Spread Privacy
The Last Watchdog
The Last Watchdog

Forbes - Innovation

Why Do Humans Have Fingerprints? Hint: It’s Not What You Think Booking.com Confirms Data Breach, Reservation PIN Codes Changed Why Major News Sites Are Blocking The Internet Archive’s Wayback Machine iPhone Fold Release Date: New Report Details Frustrating Apple News Comet Tracker: How To See Pan-STARRS And Three Planets On Wednesday NYT Mini Crossword Today: Tuesday, April 14 Hints And Answers Today’s NYT Strands Hints, Spangram, Answers: Tuesday, April 14 (It’s A Little Unclear) Today’s Wordle #1760 Hints And Answer For Tuesday, April 14 Most Of The Microplastics In Urban Air Come From Tires Today’s Wordle #1759 Hints And Answer For Monday, April 13 NYT Mini Crossword Today: Monday, April 13 Hints And Answers NYT Pips Today: Hints, Answers And Walkthrough For Monday, April 13 The YC Chief Who Codes 10,000 Lines A Day Has A Simple Secret Samsung Expands One UI 8.5 Beta To More Galaxy Owners Why You Should Stop Using Your iPhone If It’s On This List Chamath Says Firms That Treat AI As A Strategy Hand Rivals Their Edge 3 Unexpected Habits Of Secure Couples, By A Psychologist The First Lamp That Folds Your Clothes Samsung’s Disappointing Price Update For Galaxy Phone Buyers 3 Subtle Signs Someone Is Falling In Love With You, By A Psychologist Do Mantis Shrimp See More Colors Than Humans? A Biologist Explains NYT Connections Answers Explained For Monday, April 13 (#1,037) NYT Connections Hints Today: Monday, April 13 Clues And Answers (#1,037) LEGO Luigi & Mach 8 (72050) Review: 2026’s Best Set Yet? Marc Andreessen Says AI Productivity Will Trigger A Hiring Boom 3D Printing Is The Ultimate Hack To Reduce Household Spending Apple iPhone Fold: Striking Design Revealed In Leaked Photos Apple Smart Glasses: New Leak Reveals A Major Design Twist To Beat Meta Tested: The AI Coming To The Rivian R2 Quordle Hints Today: Monday, April 13 Clues And Answers Companies And H-1B Employees Endure Immigration Waits At Consulates 3 Easy Ways To Turn Anxiety Into Sustained Focus, By A Psychologist Here’s The Most Affordable Humanoid Robot You Can Buy Now UFC 327 Results: 5 Biggest Takeaways From A Wild Night In Miami UFC 327 Results, Bonus Winners, Highlights And Reactions Dana White Announces Huge New Fight For UFC White House Today’s NYT Strands Hints, Spangram, Answers: Sunday, April 12 (Get Ready) Tesla ‘Model 2’ Rises From The Ashes Today’s Wordle #1758 Hints And Answer For Sunday, April 12 NYT Pips Today: Hints, Answers And Walkthrough For Sunday, April 12 Tyson Fury Vs. Arslanbek Mahkmudov Results: Highlights and Reaction NYT Mini Crossword Today: Sunday, April 12 Hints And Answers How Shadow AI Culture Is Destroying Your Business Venture Capital Funds That Market Like Startups Win More Deals Conor Benn Vs. Regis Prograis Results: Highlights and Reaction Samsung’s Disappointing Price Update For Galaxy Phone Buyers Artemis Reached The Moon. The Grid Can Reach The 21st Century A Biologist Explains How Archerfish Shoot Down Prey. Hint: Their Aim Rivals Human Throwing Is It Time For Apple To Forget About The MacBook Air NYT Connections Hints Today: Sunday, April 12 Clues And Answers (#1036) Trump’s 2027 Budget To Reshape U.S. Environmental And Energy Policy CDC Delays Reporting Of COVID-19 Vaccine Benefits—Here’s What To Know Oura Has Designed A Solution To A Big Smart Ring Problem Netflix’s Best New Show Has A Near-Perfect 95% Rotten Tomatoes Score Coachella 2026 Is Being Taken Over By Creator Streams Quordle Hints Today: Sunday, April 12 Clues And Answers This Startup Wants To Use AI To Help Digitize History How To Get The Best Shield In ‘Crimson Desert’ Microsoft Venom Attack Targets C-Suite Executives ‘Maul: Shadow Lord’ Sets Even More Star Wars Rotten Tomatoes Records 3 Ways Happy Couples Argue Differently, By A Psychologist Success For Leapmotor Might Have Negatives For Stellantis New Names Surface As Potential Rogue And Wonder Woman In The MCU And DCU 4 Reasons Artemis Mission Matters Even If You Think It Is Wasteful Fast ‘Crimson Desert’ Patch Adds New Moves, Shield Hiding And One Great Feature Why Do Humans Blush? An Evolutionary Biologist Explains The Signal We Can’t Control Apple iPhone Fold: Striking Design Revealed In Leaked Photos Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update iOS 26.4.1 Release: Crucial iPhone Feature Update Arrives, But No Security Fix Fury vs. Makhmudov Full Card, Ring Walk Times and How to Watch Can’t Stand Liquid Glass? This New Hidden iPhone Setting Is A Game-Changer Test-Driving The 2026 Changan Deepal S05: Italian Style Made In China NSA Warning—Reboot Your Internet Router Now Ways That Human-AI Collaboration Slides People Into ‘AI Brain Fry’ And Cognitive Downturns Stop Using These Networks—Google, NSA And TSA Warn NASA Changes Moon Plan: Landing Now Depends On SpaceX Or Blue Origin Samsung Expands One UI 8.5 Beta To More Galaxy Owners The Evolution Of Programmable Hardware At Xilinx NYT Mini Today: Saturday, April 11 Hints And Answers Today’s NYT Strands Hints, Spangram, Answers: Saturday, April 11 (You’re Putting Me On) Splashdown! NASA’s Artemis II Returns To Earth After Moon Mission Attention Is All You Need. The Human Kind Is Still The One That Counts Today’s Wordle #1757 Hints And Answer For Saturday, April 11 NYT Pips Today: Hints, Answers And Walkthrough For Saturday, April 11 Android Circuit: Galaxy S27 Pro Emerges, Honor 600 Pre-Order Offers, Pixel 11 Display Leaks Apple Loop: iPhone 18 Pro Leak, Urgent iOS Update, MacBook Neo Issues Morgan Stanley Has Mostly Positive Outlook On Tesla Robotaxi, FSD V15 Running Out Of AI Tokens Faster Than Ever? Here’s Why CoreWeave Shares Pop 13% After Anthropic Deal ‘Euphoria’ Season 3’s Rotten Tomatoes Score Crashes, Has Lost Key Player People Don’t Agree On What AI Can Do, But They Don’t Even Use The Same Product ‘Overwhelming’—Google Issues Gemini Update For Gmail Users NYT Connections Hints Today: Saturday, April 11 Clues And Answers (#1035) Quordle Hints Today: Saturday, April 11 Clues And Answers The Costly Dream Of Space-Based AI Infrastructure Can You See The Watcher In This ‘Daredevil: Born Again’ Shot? Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update You Just Watched The Backdoor Pilot For ‘The Pitt: Night Shift’ Are Nicotine Pouches Like Zyn And VELO Safe To Use? A Doctor Answers Human Resources (HR) Is The Key To AI Success Per WalkMe ( SAP)
​AI Is Moving Into Production Workflows, And So Are The Risks
Austin Gadient · 2026-05-05 · via Forbes - Innovation

Austin Gadient is CTO & cofounder of Vali Cyber. Vali’s product ZeroLock protects hypervisors and Linux from cyber attacks.

getty

​Enterprises are adopting AI in two places at once: across business teams (marketing, HR, finance, legal and others) and inside engineering workflows that connect to code repositories, CI/CD systems and cloud tooling. The result is not just more AI usage—it is more AI usage tied directly to operational systems.

That connection is what changes the risk discussion. As the chief technology officer of a company that offers cybersecurity solutions, I've noticed a startling development in this space: When AI tools evolve from assisting humans to initiating steps on their behalf—running scripts, calling APIs and triggering downstream processes—the security concern shifts from “bad answers” to execution risk. The critical issue becomes whether AI-driven workflows can operate close to production with valid credentials and approved tooling. That proximity can turn routine automation into a high-impact access path. ​​

Why This Is Different From Traditional AI Risk

Classic AI risk conversations tend to focus on data: leakage, mishandling sensitive inputs or generating incorrect output. Those still matter, but they are not the primary concern in environments where the workflow can take actions. The more consequential risk is that an AI-enabled system can be placed inside trusted processes—where it can reach sensitive systems, run code and interact with privileged interfaces.

In that world, the “attack surface” is not only the model. It is the entire set of integrations: tool connectors, automation permissions, identity tokens and execution environments. If an attacker can influence what the workflow does, they can potentially achieve results through legitimate pathways, rather than deploying overtly malicious software. ​​

Where AI-Enabled Workflows Break Down

There are a few weaknesses to keep an eye on here. One problem I've observed involves prompt injection, where instructions are manipulated so the system performs an unsafe action or reveals sensitive information. A related issue along these lines is indirect prompt injection, where harmful instructions are hidden inside content the system is expected to process—documents, tickets, web pages or other inputs—so the workflow follows malicious guidance while appearing to operate “normally.”

Another set of weaknesses involves permissioned action. If a workflow can misuse tools within its allowed scope, if decision-making is over-trusted during autonomous execution or if high-impact steps are not gated with validation, attackers do not need advanced malware. They can win by controlling the order and selection of actions the workflow takes. ​

Why Agents Are Such Attractive Targets In Practice

Orchestration agents centralize access by design. They commonly touch source code, infrastructure tooling, APIs, internal documents and cloud resources. Many also run continuously and hold broad privileges because they are expected to be “helpful” across many tasks.

That’s why the risk is less about whether an attacker “compromises the model” and more about whether they can steer a workflow that already has reach. In a virtualized environment, that reach can translate into privileged operations inside virtual machines and easier movement across workloads. ​

How Attackers Look For Leverage Around AI

As organizations wire AI into real tools, attackers have more places to apply pressure.

A common leverage point is the software supply chain—libraries, plugins, dependencies and other artifacts that influence what tools install and execute. If automation can fetch dependencies or run code with minimal friction, each integration effectively expands what the organization “trusts” by default.

A second leverage point involves credential exposure through normal workflows. AI-assisted development and operations can accidentally move secrets through logs, code or automation steps—or can access API tokens during execution. If an attacker can cause a workflow to retrieve or use a secret as part of an approved process, the activity can look legitimate, even when the outcome is harmful.

A third leverage point is runtime exploitation. When environments are misconfigured or vulnerabilities exist, AI-enabled execution can become a pathway to exploit conditions in runtime systems. For many security teams, the primary concern has shifted: The risk is no longer the model's output, but the workflow's ability to execute actions with approved access

Why Virtualization Raises The Stakes

Virtualization centralizes operational value. Many organizations run major portions of their business as virtual machines managed through centralized tooling and shared infrastructure. That concentration is why virtualization is efficient—and also why the blast radius can be large when a privileged workflow is abused.

AI adoption can amplify this by accelerating automated execution, increasing the number of workflows that operate with elevated privileges and expanding the use of infrastructure APIs and tokens. Even if attackers never “target the hypervisor” directly, the combination of privileged automation plus centralized infrastructure can make deeper compromise easier once persistence is established inside virtual machines. ​

What A Practical Defense Posture Looks Like

A defensible posture starts by governing what AI systems are permitted to do, not only what they can access. Organizations should explicitly define where autonomous execution is allowed, which tools an agent may invoke and what privilege boundaries must not be crossed without approval.

From there, reduce your blast radius by tightening credential scope, narrowing permissions for agent-connected identities and limiting access to management interfaces in virtualized environments. If an attacker succeeds in steering one workflow, the goal is to ensure that success does not automatically translate into broad control.

Finally, monitoring needs to capture context, not just activity. When high-impact actions can be executed via legitimate channels, defenders need to know which workflow initiated the action, which identity was used, what tool was invoked and what sequence of steps led to the change. ​

Final Thoughts

As AI agents become more integrated into operational workflows, they create new pathways to sensitive systems precisely because they are designed to be trusted and capable. The key question is not whether AI will attack your virtual infrastructure, but whether enterprises will place guardrails around AI-enabled execution before automation becomes an easy way for attackers to turn valid access into outsized impact. ​


Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?