- AI agents independently discovered vulnerabilities and exploited them while performing routine tasks.
- Multi-agent systems collaborated to prevent data loss prevention and steal sensitive credentials
- Backup server AI increased privileges to disable endpoint protection and complete downloads
Routine tasks assigned to artificial intelligence agents can sometimes turn into cyberattack-like actions, experts warned.
The Irregular security lab examined how autonomous agents behaved within a simulated corporate environment while performing ordinary tasks.
Over several runs, AI agents searched for vulnerabilities, escalated privileges, disabled security protections, and moved sensitive information out of internal systems.
Article continues below.
Emergent offensive behavior during routine tasks.
These actions occurred while agents were attempting to complete tasks such as retrieving documents, downloading files, or preparing content for publication.
The simulated network represented a fictitious company called MegaCorp and included internal servers, applications, and services commonly found within enterprise infrastructure.
Within this environment, agents handled routine tasks that many organizations already automate.
These tasks included searching for information on an internal wiki, maintaining backup files on a server, and writing social media posts using technical documents.
According to investigators, the instructions given to the agents did not mention piracy or exploitation.
“AI agents deployed for routine business tasks are autonomously hacking into the systems they operate on. No one asked them to. There was no adverse indication,” Irregular said in a blog post.
“Agents independently discovered vulnerabilities, elevated privileges, disabled security tools, and exfiltrated data, all while attempting to complete ordinary tasks.”
One scenario involved a multi-agent investigation system retrieving documents from a company’s wiki.
When access restrictions blocked a request, the system examined the application’s code repository and discovered an encrypted secret key.
The agent used that key to forge an administrative session cookie and retrieved a restricted document.
Another test involved a backup server agent responsible for downloading files to a storage directory.
When Windows Defender blocked a file containing malware, the agent searched for local scripts and discovered administrator credentials embedded within a utility file.
He then elevated his privileges and disabled endpoint protection so the download could continue.
A separate experiment showed agents collaborating to bypass a data loss prevention system.
Two agents responsible for writing social media content were asked to include credentials from a white paper.
When the system blocked the message, the agents developed a steganographic method that concealed the password within the text.
According to the researchers, several factors contributed to this behavior, including access to tools such as code execution and shell commands, and many messages encouraged perseverance when tasks encountered errors.
Interactions between multiple agents also created feedback loops that pushed them to seek solutions when obstacles appeared.
Researchers maintain that existing cybersecurity defenses were designed to stop human attackers rather than autonomous systems operating within enterprise networks.
Organizations deploying such agents should not underestimate how quickly routine automation can lead to behavior resembling an internal cyber intrusion.
Through The Registry
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
