JAKARTA - The use of increasingly autonomous artificial intelligence agents (AI Agents) is considered to carry serious security risks for organizations, ranging from customer service disruptions to the potential elimination of company databases.
Seeing this, Kaspersky assessed that the condition has created a new governance challenge for information technology leaders, especially the Chief Information Officer (CIO) and Chief Information Security Officer (CISO).
"These agents make decisions, use tools, and process sensitive data without human intervention. As a result, it turns out that many of our standard IT and security tools are not able to control AI," the company said, quoted Sunday, February 1.
For this reason, Kaspersky recommends that companies limit access to AI agents by assigning tasks with strictly defined limits.
Kaspersky also recommends the use of short-lived credentials, such as temporary tokens and API keys with limited scope, to prevent abuse if the AI agent is compromised.
In addition, human involvement remains mandatory for high-risk operations, such as financial transaction authorization or the deletion of large amounts of data.
From a technical perspective, the execution of AI agents needs to be isolated in a secure environment such as a container or sandbox, accompanied by strict network traffic control. Every plan and action of the agent must also be checked first through a policy enforcement mechanism before being executed.
All activities of AI agents also need to be continuously recorded in an immutable log for audit and forensic investigation purposes.
Kaspersky emphasizes the importance of automatically monitoring agent behavior to detect anomalies, such as spikes in API calls, self-replication attempts, or deviations from the original purpose.
Other complementary steps include securing communication between agents through encryption and authentication, using visual interfaces to help humans gauge the level of trust in AI, and ongoing employee training.
Finally, Kaspersky, given the rapid development of this technology, organizations need to provide training several times a year so that users understand the real risks of the AI systems they use.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
