The Risks of AI Agents as High-Privilege Users That Never Pause
Published
Question: As AI agents become more autonomous, what new security risks do you foresee emerging, and how should engineers begin preparing for them?
Vincent Danen, Vice President, Product Security at Red Hat
The shift from passive LLMs to autonomous agents is fundamentally changing the security landscape because it merges the control and the data planes in ways we’ve never had to defend before.
We are moving past simple prompt injection into a world of unintended agency. When an agent can interact with databases or cloud infrastructure, it becomes a high-privileged user that never sleeps.
However, the most immediate change is the speed of discovery. We’ve already seen a major turning point with the release of Mythos Preview. These AI models are draining the reservoir of undiscovered bugs by surfacing the flaws in core software.
This technology accelerates the discovery of issues, but at a scale and frequency that a traditional human team has ever had to manage or match. This collapses the gap between a bug being found and a bug being exploited, making agency a double-edged sword.
To prepare, engineers should treat AI agents as untrusted third-party software. This means adopting a risk-based approach to the architecture:
- We should be leveraging image-based, hardened, and immutable foundations like those based on fedora-bootc.
- By running agents on read-only file systems, you ensure that even if an agent’s logic is compromised, the host remains intact and cannot be changed.
- We should already be using the strict principle of least privilege by implementing short-lived, limited access tokens.
- An agent designed to analyze data should never have the permissions to change a production environment without human checking the work.
- We have to shift from static scanning to runtime detection.
- Security teams need to monitor agent behavior as it happens —catching unauthorized API calls immediately, rather than waiting to read the logs later.
Ultimately, this is about reducing risk and maintaining integrity through defense in depth. These shouldn’t be unfamiliar concepts, but in an agent-powered world, we must act much faster.
While AI finds bugs, human expertise is what prioritizes and resolves the risks that actually impact the business. Limit access, trust no one, defend in layers; those principles are as true today as they will be tomorrow.
Related
