At the Security Summit 2026 forum held on May 22nd, Mr. Mai Xuan Cuong - Director of the Information Security Services Center, Viettel Cyber Security, stated that the most dangerous difference between AI Agents and traditional LLMs lies in their ability to interact directly with the system.
While conventional LLMs only receive commands and return text, AI Agents have the ability to execute shell commands (interact with the operating system via the command line), manipulate file systems for reading and writing, automatically send emails, call APIs, and control browsers. This upgrade inadvertently opens up a wider range of attack possibilities, going far beyond the scope of typical disinformation campaigns.
AI Agents are becoming a new target for cybercriminals.
According to cybersecurity experts, it is this ability to "act" that makes AI Agents a new target for cybercriminals.
One of the biggest risks is the leakage of enterprise data. To operate effectively, AI agents often have to process large amounts of internal information such as source code, documents, and emails. If this data is sent to third-party cloud AI platforms, the risk of confidential information being exposed increases.
There have been recorded cases of Samsung employees leaking new source code via ChatGPT, or Meta employees inadvertently leaking data by following instructions from internal AI.
In addition to the risk of data leaks, experts also warn about "indirect prompt injection." Hackers can embed malicious instructions into emails, websites, or documents to trick AI agents into performing unintended actions, such as accessing internal data or sending information to the hacker.
There was a case where an attacker hid Morse code in a message to bypass the system, allowing the cryptocurrency agent Grok-Bankrbot to execute an unauthorized money transfer, resulting in a loss of $150,000.
Another risk stems from the ecosystem of extensions for AI agents. Many employees within businesses install extensions from the community to expand the functionality of the AI, but hackers can exploit this channel to spread malware. Once granted system access, these fake plugins can steal data, tokens, or create backdoors on the device.
According to Mr. Cuong, the "Shadow AI" trend is also emerging as employees independently install AI agents on their work computers without going through the IT department. This makes it difficult for businesses to control access and increases the risk of system security breaches.
Furthermore, AI can misinterpret user intentions, leading to the execution of commands that could cause significant damage to businesses. For example, an AI agent might perform the wrong operation or accidentally delete important data if granted excessive permissions.
To mitigate risks, organizations are advised to build a multi-layered security model instead of relying solely on traditional antivirus software and to develop a suitable implementation roadmap.
Businesses need to build a multi-layered security model.
The first step a business needs to take is threat detection. Businesses can use endpoints and web proxy traffic (intermediate servers connecting devices to the Internet) to aggregate and identify threats.
Next, we need to set up an AI gateway, making it the single control point for all AI access. This gateway will control the transmission of data to the public cloud.
Subsequently, businesses need to implement an additional layer of specialized control (Guardrail) on their AI gateway and other AI applications to identify malicious commands, prevent data leaks, and detect unauthorized access or exploitation of the system.
The next step is to establish reinforcements for the AI Agent. The monitoring system at the endpoint must be configured to track unusual "autonomous behavior." The AI Agent should be operated in an isolated environment with minimal access to limit the risk of spreading if an incident occurs. Finally, regular system monitoring is essential.
"AI security governance is not a one-time deployment, but a continuous monitoring process," Mr. Cuong stated.
AI security management will become a mandatory requirement during the period of rapid AI agent development. If businesses are not prepared to establish Zero Trust security models and rigorous monitoring, empowering AI agents to act is like handing over the system keys to an employee who, while highly skilled, is very susceptible to manipulation.
Source: https://doanhnghiepvn.vn/cong-nghe/doanh-nghiep-can-lam-gi-de-tranh-bi-ai-agent-phan-chu/20260523080712445
![[Image] Hanoi's urban life under the challenge of a "scorching hot" environment](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2026/05/25/1779706979265_nang-nong-t5-2026-minh-duy-7-4636-jpg.webp)
![[Image] Close-up view of the interchange connecting the two expressways and Long Thanh Airport.](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2026/05/25/1779703378210_ndo_br_z7863716673926-224453a31600126cce10622af6290afd-4549-jpg.webp)
Comment (0)