AI-based agent sources of safety exploits are not new. Open Worldwide App Published by Security Project (OwASP) paper This model and app examine all types of agents AI safety issues with specific focus on model and application architecture and how many agents can cooperate and interact. This reviewed how users of various general-purpose agents framework such as Langchen, Kuwai and Autogapt should improve their infrastructure and data better. Like many other Owasp projects, its attention is on how the application development software can first include better security in the life cycle.
Andy Swan in Gray Swan Aye led a team to publish an academic paper AI agent on security challenges. In March, he raised 22 Frontier AI agents in 44 realistic deployment scenarios, resulting in an overview of the impacts of about two million early injection attacks. More than 60,000 attacks were successful, “suggesting that additional rescue against adversities was required. The effort was used to evaluate high-effects of attacks to create an agent red teaming benchmark and framework.” The results revealed deep and recurring failures: agents often violated clear policies, failed to oppose adverse inputs, and demonstrated high -risk functions in domains such as finance, healthcare and customer aid. “These attacks proved to be highly transferable and normal, which affect the model regardless of size, ability or defense strategies.”
A part of the challenge to assemble the effective red team into their infrastructure is that when it comes to working with the agent AI, the events are discovered and reduced. “From the perspective of an event management, there are some common elements among agents and historical attacks, in the context of whether the data needs to be protected,” an agent AI researcher, Dresser Advisory’s Miles Suyer told the CSO. “But General AI stores data not in rows and columns but in chunks and can be difficult to expose.” In addition, the time is of the essence: “The time between vulnerability and exploitation is rapidly shortened to the agent AI,” Bar-L Tayori, the head of AI security in Mend.IO, tells the CSO.
