Earlier this month, I spoke at the Gartner Security & Risk Management Summit about a blind spot most security programs are still not accounting for – how attackers are circumventing AI security programs by using legacy infrastructure to hijack AI agents.
AI adoption is moving faster than security programs can account for. Roughly 71% of organizations are piloting AI agents across their enterprise applications, and 31% have already moved them into production workflows.
For this reason, organizations are legitimately pouring resources into securing AI workloads against model poisoning, prompt injection, data leakage, and other emerging threats. Yet this focus misses everything underneath the AI layer. Because an unpatched server, a misconfigured Active Directory permission, or a cached credential on a developer’s machine are exposures that give attackers a direct route to everything your AI agents depend on – knowledge bases, cloud storage, Lambda functions, SaaS integrations, and the credentials that connect them.Â
This means that threat actors don’t really need to attack your AI head-on – they just need to reach what it connects to. In this article, I’ll walk through how legacy infrastructure becomes the attack path into AI agent environments and what security teams can do to block those paths.
AI Agents Use What They Inherit
Despite their novelty and power, in some ways AI agents operate like other assets in your environment. They authenticate through existing identity providers, store data in existing cloud buckets, execute tasks through existing Lambda functions, and inherit permissions from existing IAM roles. Every one of those dependencies carries whatever security debt the organization had before the AI deployment started.
What’s more, most organizations are inadvertently compounding that debt. According to Infosecurity Magazine, 70% of organizations grant their AI systems more privileged access than a human in the same role. Not surprisingly, this comes with a painful price tag. Organizations with over-privileged AI reported a 76% incident rate, compared to just 17% for those enforcing least privilege.Â
All of those connections – identity providers, cloud buckets, Lambda functions, IAM roles – run through the infrastructure your teams have managed for years: Active Directory, cloud IAM, service accounts, stored credentials. Yet none of it was designed with AI agents in mind, and most of it was provisioned long before the first agent went into production. The result is that an attacker who finds their way in through any of those layers doesn’t need to touch the AI. The agent’s own permissions do the work for them.
How a CVE from 2025 Hijacks an AI Agent in 2026
The diagram below shows a typical enterprise AI agent architecture. A customer success team uses an AI-powered Co-Pilot – hosted on AWS Bedrock – to query customer data exported from Salesforce into an S3 bucket. The Co-Pilot executes tasks through Lambda…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
