AI developers race to secure new agent models against prompt injection attacks. (Photo: AFP/Getty Images)
By Daisy Okiring
NAIROBI, Kenya: As artificial intelligence (AI) continues to reshape industries, cybersecurity experts warn that the next frontier of AI — autonomous agents — could create an entirely new breed of digital threats.
These AI agents, built to carry out online tasks such as booking flights, sending emails, or managing calendars, are becoming increasingly powerful. But experts say their autonomy also makes them vulnerable to hijacking by hackers who could exploit them to steal data or perform harmful actions.
A new era of cyber risk
AI agents differ from traditional chatbots. Instead of just generating text or images, they can act independently, following natural language instructions to execute real-world digital tasks.
According to AI startup Perplexity, this shift marks the start of “an era where cybersecurity is no longer just about protecting users from highly skilled hackers.” In a recent report, the company warned that the new tools “open novel attack vectors that can come from anywhere.”
Read More: British ex-soldier faces extradition in Agnes Wanjiru murder case
These threats, known as prompt injection attacks, involve inserting malicious commands into data or text that an AI model processes. A hacker might, for instance, trick an AI assistant into transferring money or revealing private information — all by manipulating the input it receives.
From code to conversation
Traditionally, cyberattacks required advanced coding skills to exploit software vulnerabilities. But AI has simplified the process. A prompt that looks harmless to a user can secretly instruct the AI to perform unintended actions.
“People need to understand there are specific dangers in using AI in security-sensitive tasks,” said Marti Jorda Roca, a software engineer at NeuralTrust, a firm focused on large language model security.
Major tech companies are taking the issue seriously. Meta has labeled this risk a “query injection vulnerability,” while OpenAI’s chief information security officer Dane Stuckey has called it “an unresolved security issue.” Both companies are investing heavily in safety research as AI adoption accelerates worldwide.
Read More: Why JD Vance’s Kenyan visit was cancelled
How AI can be tricked
Prompt injection can occur in real time. For example, a user might instruct an AI agent to “book a hotel room,” but if the system encounters a malicious webpage, the command could be altered to “transfer money to this account.”
These attacks can also hide within online content. If an AI agent scans data from compromised websites, embedded hidden prompts can override its behavior — allowing hackers to control it remotely.
Eli Smadja, a cybersecurity researcher at Check Point, described prompt injection as “the number one security problem” for AI models that power agents and virtual assistants. “The more autonomous these systems become, the greater the risk,” he told AFP.
Big tech’s defense efforts
To counter the threat, major AI developers are building new layers of protection. Microsoft has introduced tools to detect suspicious commands based on their origin and behavior. OpenAI now alerts users when their AI agents access sensitive websites and requires human confirmation before they proceed.
Some experts advocate even stricter safeguards. They suggest limiting the power of AI agents by requiring user approval before executing tasks like exporting files or accessing bank accounts.
“One huge mistake I see happening is giving the same AI agent all the power to do everything,” Smadja said. “That’s like giving a stranger your house keys and hoping for the best.”
Balancing safety and convenience
The rise of AI agents raises a critical tension between convenience and security. Users expect these systems to handle complex tasks seamlessly, yet constant safety checks can make them less efficient.
Cybersecurity researcher Johann Rehberger, known online as “Wunderwuzzi,” said attacks are evolving faster than defenses. “They only get better,” he said, referring to hackers’ tactics. “We are not yet at a point where an AI agent can safely perform sensitive tasks without human oversight.”
Rehberger emphasized that AI autonomy must grow alongside stronger monitoring systems. “I don’t think we’re ready to let AI run independently for long periods,” he said. “The risk of things going off track is still too high.”
AI’s rapid adoption outpacing safeguards
The rise of generative AI tools like ChatGPT and Google Gemini has accelerated the push for autonomous agents. Companies see them as key to improving productivity and user experience. But the cybersecurity community warns that innovation is moving faster than regulation or awareness.
A recent World Economic Forum report found that 75 percent of cybersecurity professionals believe AI will significantly increase the frequency and sophistication of attacks by 2026. Yet only a fraction of companies have implemented policies for AI safety or ethics.
Governments are also scrambling to respond. The European Union’s AI Act includes provisions requiring developers to disclose data sources and safety measures, while the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged firms to adopt “zero-trust” principles for AI systems.
The human factor
Ultimately, experts agree that human oversight remains the most effective defense. Training users to recognize risky AI behavior, monitoring how systems interact with external data, and setting clear limits on autonomy are essential steps.
“AI is powerful, but it’s not infallible,” said NeuralTrust’s Marti Jorda Roca. “We need to remember that these systems learn from human data — and that means they can inherit human flaws.”
While AI agents promise greater efficiency, they also expand the attack surface for hackers in ways the world has never seen before. As companies race to deploy them, experts warn that security must come first — or the tools designed to make life easier could become hackers’ most dangerous allies.
About the Author
