惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
Cisco Blogs
爱范儿
爱范儿
有赞技术团队
有赞技术团队
博客园 - 【当耐特】
Jina AI
Jina AI
Project Zero
Project Zero
宝玉的分享
宝玉的分享
Martin Fowler
Martin Fowler
WordPress大学
WordPress大学
Simon Willison's Weblog
Simon Willison's Weblog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Tenable Blog
F
Fortinet All Blogs
大猫的无限游戏
大猫的无限游戏
Last Week in AI
Last Week in AI
月光博客
月光博客
雷峰网
雷峰网
G
Google Developers Blog
V
V2EX
T
Tor Project blog
罗磊的独立博客
Schneier on Security
Schneier on Security
Know Your Adversary
Know Your Adversary
W
WeLiveSecurity
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
P
Privacy International News Feed
S
Securelist
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
P
Proofpoint News Feed
Blog — PlanetScale
Blog — PlanetScale
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
小众软件
小众软件
Scott Helme
Scott Helme
I
Intezer
T
Threat Research - Cisco Blogs
The GitHub Blog
The GitHub Blog
N
Netflix TechBlog - Medium
C
CERT Recently Published Vulnerability Notes
Security Archives - TechRepublic
Security Archives - TechRepublic
酷 壳 – CoolShell
酷 壳 – CoolShell
L
LINUX DO - 最新话题
N
News | PayPal Newsroom
L
Lohrmann on Cybersecurity
T
Troy Hunt's Blog
Google DeepMind News
Google DeepMind News
P
Proofpoint News Feed
人人都是产品经理
人人都是产品经理
Latest news
Latest news
AWS News Blog
AWS News Blog
Apple Machine Learning Research
Apple Machine Learning Research

Forbes - Innovation

Why Do Humans Have Fingerprints? Hint: It’s Not What You Think Booking.com Confirms Data Breach, Reservation PIN Codes Changed Why Major News Sites Are Blocking The Internet Archive’s Wayback Machine iPhone Fold Release Date: New Report Details Frustrating Apple News Comet Tracker: How To See Pan-STARRS And Three Planets On Wednesday NYT Mini Crossword Today: Tuesday, April 14 Hints And Answers Today’s NYT Strands Hints, Spangram, Answers: Tuesday, April 14 (It’s A Little Unclear) Today’s Wordle #1760 Hints And Answer For Tuesday, April 14 Most Of The Microplastics In Urban Air Come From Tires Today’s Wordle #1759 Hints And Answer For Monday, April 13 NYT Mini Crossword Today: Monday, April 13 Hints And Answers NYT Pips Today: Hints, Answers And Walkthrough For Monday, April 13 The YC Chief Who Codes 10,000 Lines A Day Has A Simple Secret Samsung Expands One UI 8.5 Beta To More Galaxy Owners Why You Should Stop Using Your iPhone If It’s On This List Chamath Says Firms That Treat AI As A Strategy Hand Rivals Their Edge 3 Unexpected Habits Of Secure Couples, By A Psychologist The First Lamp That Folds Your Clothes Samsung’s Disappointing Price Update For Galaxy Phone Buyers 3 Subtle Signs Someone Is Falling In Love With You, By A Psychologist Do Mantis Shrimp See More Colors Than Humans? A Biologist Explains NYT Connections Answers Explained For Monday, April 13 (#1,037) NYT Connections Hints Today: Monday, April 13 Clues And Answers (#1,037) LEGO Luigi & Mach 8 (72050) Review: 2026’s Best Set Yet? Marc Andreessen Says AI Productivity Will Trigger A Hiring Boom 3D Printing Is The Ultimate Hack To Reduce Household Spending Apple iPhone Fold: Striking Design Revealed In Leaked Photos Apple Smart Glasses: New Leak Reveals A Major Design Twist To Beat Meta Tested: The AI Coming To The Rivian R2 Quordle Hints Today: Monday, April 13 Clues And Answers Companies And H-1B Employees Endure Immigration Waits At Consulates 3 Easy Ways To Turn Anxiety Into Sustained Focus, By A Psychologist Here’s The Most Affordable Humanoid Robot You Can Buy Now UFC 327 Results: 5 Biggest Takeaways From A Wild Night In Miami UFC 327 Results, Bonus Winners, Highlights And Reactions Dana White Announces Huge New Fight For UFC White House Today’s NYT Strands Hints, Spangram, Answers: Sunday, April 12 (Get Ready) Tesla ‘Model 2’ Rises From The Ashes Today’s Wordle #1758 Hints And Answer For Sunday, April 12 NYT Pips Today: Hints, Answers And Walkthrough For Sunday, April 12 Tyson Fury Vs. Arslanbek Mahkmudov Results: Highlights and Reaction NYT Mini Crossword Today: Sunday, April 12 Hints And Answers How Shadow AI Culture Is Destroying Your Business Venture Capital Funds That Market Like Startups Win More Deals Conor Benn Vs. Regis Prograis Results: Highlights and Reaction Samsung’s Disappointing Price Update For Galaxy Phone Buyers Artemis Reached The Moon. The Grid Can Reach The 21st Century A Biologist Explains How Archerfish Shoot Down Prey. Hint: Their Aim Rivals Human Throwing Is It Time For Apple To Forget About The MacBook Air NYT Connections Hints Today: Sunday, April 12 Clues And Answers (#1036) Trump’s 2027 Budget To Reshape U.S. Environmental And Energy Policy CDC Delays Reporting Of COVID-19 Vaccine Benefits—Here’s What To Know Oura Has Designed A Solution To A Big Smart Ring Problem Netflix’s Best New Show Has A Near-Perfect 95% Rotten Tomatoes Score Coachella 2026 Is Being Taken Over By Creator Streams Quordle Hints Today: Sunday, April 12 Clues And Answers This Startup Wants To Use AI To Help Digitize History How To Get The Best Shield In ‘Crimson Desert’ Microsoft Venom Attack Targets C-Suite Executives ‘Maul: Shadow Lord’ Sets Even More Star Wars Rotten Tomatoes Records 3 Ways Happy Couples Argue Differently, By A Psychologist Success For Leapmotor Might Have Negatives For Stellantis New Names Surface As Potential Rogue And Wonder Woman In The MCU And DCU 4 Reasons Artemis Mission Matters Even If You Think It Is Wasteful Fast ‘Crimson Desert’ Patch Adds New Moves, Shield Hiding And One Great Feature Why Do Humans Blush? An Evolutionary Biologist Explains The Signal We Can’t Control Apple iPhone Fold: Striking Design Revealed In Leaked Photos Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update iOS 26.4.1 Release: Crucial iPhone Feature Update Arrives, But No Security Fix Fury vs. Makhmudov Full Card, Ring Walk Times and How to Watch Can’t Stand Liquid Glass? This New Hidden iPhone Setting Is A Game-Changer Test-Driving The 2026 Changan Deepal S05: Italian Style Made In China NSA Warning—Reboot Your Internet Router Now Ways That Human-AI Collaboration Slides People Into ‘AI Brain Fry’ And Cognitive Downturns Stop Using These Networks—Google, NSA And TSA Warn NASA Changes Moon Plan: Landing Now Depends On SpaceX Or Blue Origin Samsung Expands One UI 8.5 Beta To More Galaxy Owners The Evolution Of Programmable Hardware At Xilinx NYT Mini Today: Saturday, April 11 Hints And Answers Today’s NYT Strands Hints, Spangram, Answers: Saturday, April 11 (You’re Putting Me On) Splashdown! NASA’s Artemis II Returns To Earth After Moon Mission Attention Is All You Need. The Human Kind Is Still The One That Counts Today’s Wordle #1757 Hints And Answer For Saturday, April 11 NYT Pips Today: Hints, Answers And Walkthrough For Saturday, April 11 Android Circuit: Galaxy S27 Pro Emerges, Honor 600 Pre-Order Offers, Pixel 11 Display Leaks Apple Loop: iPhone 18 Pro Leak, Urgent iOS Update, MacBook Neo Issues Morgan Stanley Has Mostly Positive Outlook On Tesla Robotaxi, FSD V15 Running Out Of AI Tokens Faster Than Ever? Here’s Why CoreWeave Shares Pop 13% After Anthropic Deal ‘Euphoria’ Season 3’s Rotten Tomatoes Score Crashes, Has Lost Key Player People Don’t Agree On What AI Can Do, But They Don’t Even Use The Same Product ‘Overwhelming’—Google Issues Gemini Update For Gmail Users NYT Connections Hints Today: Saturday, April 11 Clues And Answers (#1035) Quordle Hints Today: Saturday, April 11 Clues And Answers The Costly Dream Of Space-Based AI Infrastructure Can You See The Watcher In This ‘Daredevil: Born Again’ Shot? Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update You Just Watched The Backdoor Pilot For ‘The Pitt: Night Shift’ Are Nicotine Pouches Like Zyn And VELO Safe To Use? A Doctor Answers Human Resources (HR) Is The Key To AI Success Per WalkMe ( SAP)
What To Do When Your AI Agents Have Permissions You Never Approved
Vineet Arora · 2026-05-14 · via Forbes - Innovation

Vineet Arora, CTO & Co-Founder, WinWire, with 30+ years in IT Consulting helping CxOs drive Business Transformation thru AgenticAI Solutions

AI agent robot

getty

Gartner’s latest projection puts it plainly: "By 2028, 25% of all enterprise generative AI (GenAI) applications will experience at least five minor security incidents per year, up from 9% in 2025​." And by 2029, 15% will face at least one major incident, up from 3% in 2025. Numbers like that land differently when you have seen what an incident looks like.

​Last year, researchers at Aim Labs disclosed EchoLeak, a zero-click vulnerability in Microsoft 365 Copilot. A crafted email, without links or attachments, could cause the agent to follow hidden instructions and expose sensitive data within its access scope. Microsoft patched the issue before any known real-world exploitation.

​A few months later, Noma Labs disclosed ForcedLeak, a critical vulnerability in Salesforce Agentforce, where malicious instructions embedded in Web-to-Lead form fields could be executed by AI agents, enabling the exfiltration of sensitive CRM data.​

In both cases, the defenders got lucky that the researchers found the flaw first.

The second category of incident is already live in production. In developer tooling, there are emerging reports of agent misexecution. For example, a documented issue involving Google’s Gemini CLI describes unintended file operations that resulted in data loss, with the system later acknowledging failure. In another widely reported incident, an AI coding agent from Replit deleted a production database during a development workflow, prompting a public apology from the company’s CEO.​

The OWASP Foundation responded by releasing its first Top 10 for Agentic Applications, cataloging the 10 highest-impact threats specific to autonomous AI systems. It reads less like a traditional vulnerability report and more like a reckoning with what happens when software can plan, decide and act on our behalf without anyone rethinking how we secure it.

I spend most of my time working with enterprises that are building and governing agentic systems. The question I get asked most often is whether existing security tools can handle this. Traditional controls were designed to catch bad actors, not well-intentioned systems operating beyond their intended scope. If the risk lives in permissions, memory, tools and what agents decide to do on their own, security must be part of how the thing gets built.

How Platform Design Shapes Agent Risk

Each of the 10 OWASP risks maps to a design constraint that either exists before the agent ever reaches production or does not. That distinction separates the agents that should be deployed.

Start with what the agent can reach. Agents should be built from predefined actions, vetted connectors and scoped capabilities, not assembled from an open plugin marketplace where an unvetted component enters the execution chain. Administrators govern which connectors are available. Custom logic runs in sandboxed environments. That single design decision addresses unexpected code execution (ASI05), tool misuse and exploitation (ASI02) and agentic supply chain vulnerability (ASI04) through architecture, rather than through policy documents sitting in a SharePoint folder nobody reads.

Identity is where most agentic deployments get it wrong. I have watched it happen. An agent that inherits a service account’s broad permissions can access anything that account touches. The better pattern is for agents to operate under the end user’s directory permissions by default, so a compromised agent can only access what that specific user can access. That constraint limits the blast radius of agent goal hijack (ASI01) and identity and privilege abuse (ASI03) before anyone writes a security policy.

Memory is the other risk, one that rarely surfaces in procurement conversations. Agents that retain context across sessions give attackers a persistent foothold. If session memory does not carry over between conversations and there is no shared global memory store, memory and context poisoning (ASI06) has nowhere to live.

Multiagent connections should require explicit configuration rather than automatic trust inheritance, which closes the door on insecure inter-agent communication (ASI07) by default, not by exception.

Containment handles what is left. Agents that cannot rewrite their own logic without going through a full republish cycle are the structural answer to rogue agents (ASI10). Monitoring and quotas function as circuit breakers against cascading failures (ASI08). For the highest-stakes actions, human-in-the-loop configurations require explicit confirmation before execution. That is not a feature toggle. It is the only reliable defense against the kind of human-agent trust exploitation (ASI09) that lets a finance manager approve a fraudulent payment because the copilot said it was urgent.

Architecture only gets you halfway. A well-designed agent still needs watching once it hits production. Good design reduces risk at the start. Visibility is what catches the risk that accumulates after.

Bridging The Governance Gap

At one enterprise we recently worked with, the finance, sales and customer experience teams had each deployed AI agents independently: different tools, no shared governance and no audit trail connecting any of them. The fix was unglamorous. It involved a tenant-wide control plane with role-based access, centralized policy enforcement and audit logging that worked across every agent regardless of how it was built or who built it. For the first time, leadership had a single view of agent activity across the business, and IT could answer the question, “How many agents do we have?”

A control plane of that kind is now emerging across the major enterprise platforms. Whether you standardize on one vendor’s fleet-management layer or build a multi-platform inventory yourself, the requirement is the same. You need a single place to observe, govern and secure every agent in the tenant, with detailed logging, risk reporting and audit trails across the entire fleet.

The Question Before The Question

The OWASP Agentic Top 10 makes something clear that the industry has been slow to acknowledge: Agents amplify existing vulnerabilities. The document’s authors put it directly: "Deploying agentic behavior where it is not needed expands the attack surface without adding value." They call it the principle of "least agency."

The conversation about agentic security should not start with which threats to mitigate. It should start with whether you need an agent at all and, if you do, whether the platform you are building on treats security as part of the architecture or as an afterthought. That is the question worth answering before the next deployment, not after the first incident.


Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?