The Rise of Cyber Adversaries: Breaching AI Security Tools and Gaining Firewall Control

Adversaries infiltrated over 90 organizations in 2025 by injecting malicious prompts into legitimate AI tools, resulting in the theft of credentials and cryptocurrency. These compromised tools had the ability to read data but lacked the capability to rewrite firewall rules. However, the new autonomous SOC agents currently being released can perform these tasks. This escalation from compromised tools to autonomous agents with infrastructure rewriting abilities has not yet been fully exploited on a large scale, but the conditions for it are advancing rapidly, outpacing governance measures designed to prevent such exploits.

A compromised SOC agent can manipulate firewall rules, modify IAM policies, and isolate endpoints using its own privileged credentials, all through approved API calls that are classified as authorized activity by EDR systems. The adversary can carry out these actions without directly interacting with the network, as the agent acts on their behalf.

Leading companies like Cisco and Ivanti have introduced advanced solutions such as AgenticOps for Security and Continuous Compliance with AI capabilities to address these evolving threats. These tools offer autonomous firewall remediation, PCI-DSS compliance features, policy enforcement, approval gates, and data context validation to combat potential attacks. The importance of implementing robust controls is highlighted by the OWASP Agentic Top 10, which outlines the risks associated with autonomous AI systems.

The rise of AI-enabled adversaries has led to an 89% increase in malicious operations year-over-year, with attacks targeting AI applications through prompt injection techniques. The UK National Cyber Security Centre has cautioned that such attacks may be challenging to completely mitigate. While previous compromises targeted AI tools with limited capabilities, the autonomous SOC agents now in use can perform read, write, enforce, and remediate functions.

The governance gap in securing autonomous agents has been identified as a critical concern, with organizations struggling to enforce access policies for AI identities and monitor unsanctioned AI tools running in production. The need for continuous compliance and robust governance measures is essential to mitigate the risks posed by autonomous agents.

Ivanti’s Neurons AI self-service agent and Continuous Compliance framework aim to automate patch management, IT service management, and compliance enforcement, reducing operational overhead and enhancing security. These solutions offer built-in policy enforcement, compliance verification, and guardrails to ensure that operations remain within defined parameters.

Security leaders are increasingly recognizing the importance of implementing governance controls alongside AI-driven solutions to prevent unintended behaviors and security breaches. The industry is moving towards integrating governance measures into AI platforms to address the evolving threat landscape effectively.

The audit for autonomous agents developed by OWASP provides a comprehensive framework for evaluating the risks associated with autonomous AI systems. By addressing key risk categories such as goal hijacking, tool misuse, identity abuse, and supply chain vulnerabilities, organizations can proactively mitigate potential threats posed by autonomous agents.

In conclusion, the rapid advancement of AI technology presents both opportunities and challenges for organizations. By implementing robust governance controls, organizations can harness the power of autonomous agents while mitigating the risks associated with AI-driven threats. It is imperative for organizations to prioritize security measures and ensure that governance controls are in place before deploying autonomous agents in production environments.