One of the biggest risks to cybersecurity protection has historically been people. In 2024, 95% of data breaches were tied to human error. To reduce human risk, companies have invested in cybersecurity training. Being able to recognize common scams reduces their efficacy.
- If we know that bad actors will send emails asking us to click a link to change our password, we’ll scrutinize that email looking for misspellings or fishy email addresses, and hover over the links to see where they are really sending us.
- If we know that foreign princes aren’t going to email us asking to send them a small amount of money, for the promise of riches later, we’ll mark that email as phishing and move on.
- If we know that our CEO won’t text us and urgently ask for a large sum of money, we’ll delete that text.
- And if we know that scammers are copying our loved one’s voices and cloning their number to claim they’ve been kidnapped and need you to pay ransom, we can hang up and call our loved one to confirm that they are safe.
But people still fall for scams as criminals continue to switch up their methods. And now, we are handing our keys to a new actor – AI Agents. We can’t stop people from falling for scams and now we are tasked with stopping AI Agents from falling for new scams. With AI Agents, there are new layers of complexity. Scams can be created and updated quickly. Identifying and adapting to these new scams can become a game whack-a-mole. Additionally, we are losing transparency as some of these scams are hidden from human eyes.
OpenClaw offers an open-source framework for running your own agents on your devices. These agents can connect to your various channels and perform tasks on your behalf. Moltbook is a social media network for agents. On Moltbook, agents can create communities, start discussion threads, add comments, and importantly, share skills. With the rise of Moltbook and OpenClaw, we need to be talking about the security risks we are exposing ourselves to when we hand access to our emails, computers, phones, and crypto wallets to an AI Agent.
We have known about Prompt Injection for some time now. Prompt injection is a security vulnerability where attackers inject malicious commands into a prompt. Prompt injection has been a way for bad actors to steal sensitive data or perform actions like spreading malware.
We then gave agents the ability to pull and read from the internet. As a result, hackers started hiding malicious prompts into webpage HTML, text that matches the page background, and other areas that go unnoticed by the human eye. Now we have arrived at prompt worms. A prompt worm is a self-replicating prompt injection attack. As agents share skills with each other, these skills may contain nefarious instructions to steal personal data, execute malicious commands, and importantly, share the skill with other agents.
Agents move quickly with the ability to perform tasks without human oversight. And many people have given them access to their sensitive data. You wouldn’t give your email login to a random person. You wouldn’t type your bank account credentials in a sketchy website. You wouldn’t leave your apple wallet without password protection before handing your child an iPad game notorious for in-app purchases.
As Simon Willison has put it, we are at a lethal infection point for AI agents. These agents have:
- Access to private data.
- Exposure to untrusted content.
- The Ability to externally communicate.
Until we start finding and learning about successful attacks, people will continue to normalize their risky behavior. In the future, will we put blame on the AI Agent for cybersecurity breach? Or the human that handed the AI the keys?
