What warning did CertiK issue about AI agents?

CertiK warned that the rapid deployment of autonomous AI agents is creating significant cybersecurity risks. The company believes many organisations are giving AI systems access to sensitive data and financial tools without adequate security controls.

Why does CertiK consider AI agents a security risk?

According to CertiK CEO Ronghui Gu, many AI agents now have access to files, credentials, emails, workflows and financial systems. If compromised, these agents could gain broad access to critical infrastructure and sensitive information.

What is a prompt injection attack?

A prompt injection attack occurs when hidden instructions are embedded in content such as emails, PDFs or webpages. An AI agent may mistakenly treat those instructions as legitimate commands and perform actions that were never intended by the user.

How can prompt injection attacks affect AI agents?

Prompt injection can cause an AI agent to ignore its original instructions and follow malicious directions instead. In severe cases, attackers may be able to extract sensitive data, access credentials or trigger unauthorised financial transactions.

Why are AI agents considered potential insider threats?

Once granted access to internal systems, AI agents can view files, manage accounts and interact with business applications. If an attacker gains influence over the agent, it effectively becomes an insider with authorised access to critical resources.

What vulnerabilities did CertiK identify in AI infrastructure?

CertiK reported discovering numerous security issues, including unpatched vulnerabilities, exposed credentials, weak access controls and malicious software packages targeting AI systems. The firm said many of these weaknesses stem from poor isolation and insufficient security testing.

What are malicious AI plug-ins and why are they dangerous?

Malicious plug-ins are software components designed to manipulate AI behaviour or gain unauthorised access to systems. Because they often rely on natural language instructions rather than traditional malware code, they can evade conventional antivirus solutions.

How are criminals using AI against other AI systems?

CertiK observed an increase in automated scams designed specifically to target AI-powered trading bots and autonomous agents. These attacks can execute rapidly and disappear before human operators become aware of the compromise.

Image for illustrative purposes only. Not a real photo.

AI agent boom creates growing security risks

Written by Liezl GambePublished May. 30 2026Last Updated May. 30 2026

The rapid deployment of autonomous AI agents across consumer, enterprise and financial applications is creating a growing cybersecurity threat, according to CertiK co-founder and chief executive Ronghui Gu.

Gu warned that many organisations are granting AI agents access to local files, credentials, workflows and financial infrastructure without adequately isolating or securing those systems.

“Right now, agents are no longer just answering questions in a chat window,”

Said Ronghui Gu, adding:

“If you do not isolate the execution environment and scan these tools first, you are handing a compromised identity broad internal access to your entire network.”

According to CertiK, one of the most significant risks comes from prompt injection attacks, where hidden instructions embedded in emails, websites or documents can manipulate an AI agent into overriding its original directives and performing unauthorised actions.

The firm also reported discovering hundreds of malicious plug-ins, fake installers and deceptive software packages targeting AI systems, many of which can evade traditional antivirus tools because they rely on natural-language manipulation rather than malicious code.

CertiK said attackers are increasingly launching short-lived automated scams designed specifically to exploit other AI-driven systems, including trading bots and autonomous financial agents, before human operators can detect suspicious activity.

Gu argued that businesses should adopt a Zero Trust security model for AI infrastructure, requiring continuous verification of commands, software dependencies and system permissions rather than relying on assumptions that internal AI agents are inherently trustworthy.