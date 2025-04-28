What are the security risks of AI agents?

So, what are the risks of AI agents? There are a number of ways of thinking about it, but there are two that are primarily technical and one that’s social. Let’s take a look.

Data leaks

A potentially more serious risk is leaking data. AI agents depend on accessing different sources of information. They need to interface with various services and collect and share data where necessary in order to carry out the tasks with which it has been prompted.

This seemingly fluid movement across a problem might be one of the benefits of AI agents, but fluidity is often antithetical to security. Think about it: even at a very basic level, security is really about setting limits about who or what has access to certain things.

An AI agent that is crossing organizational boundaries, or even operating inside and outside an organization is moving data in ways that aren’t easy to track. Even something as simple as booking travel could have some risk: what employee or organization information is being shared? And where?

A lack of accountability

Cutting across the key technical risks of AI agents, though, is their inherent lack of accountability. We can think about accountability in two distinct but important ways: first in managing work and second in a product liability sense.

Task accountability

Accountability in tasks or managing work is relatively simple but also critical. If you ask a human to complete a task — a travel agent to book you a holiday, say, or a team mate to perform maintenance on a faltering part of a system — accountability is clear: they either did it or they didn’t. If they didn’t you can hold them to account: find out why they didn’t do it, work out what went wrong, escalate if necessary. While that can feel tricky from an interpersonal perspective, it’s still straightforward and clear.

The same can’t be said of AI agents — in some senses they ostensibly remove accountability from humans. In other words, there’s no regulating force to ensure that they perform the right actions and, just as importantly, there’s no easy way to make them accountable or find out what went wrong and why if a mistake is made. So, while employing agents might seem frictionless and seamless, without necessary mechanisms for accountability in place, there can be some difficult downstream consequences.

Product liability

A similar issue is the question of legal liability: when something goes wrong or an agent fails to accomplish a task as expected, who is at fault? Unfortunately, at present there’s little legislation that really tackles this issue. While things like the EU AI Act attempt to make organizations accountable for the way AI and data is used, it's not clear how some of the latest regulation will tackle these questions when it comes to the latest changes in technology.

Indeed, at the moment, there’s a lot of legal energy being put into placing liability on human actors. That’s what’s happening in autonomous driving, an area where AI agents are making decisions that have a direct impact on human safety.

While that might look like good news from a corporate perspective, this could have adverse mid-term consequences. Think about it this way: if liability when interacting with these systems falls to human users, that will undermine trust. In turn, that may make wider adoption much more difficult than the market currently expects it to be.