Full Report
AI agents behave like humans and carry the same risk profile. They operate non-deterministically, can be manipulated through prompt engineering and lack any
Analysis Summary
# Tool/Technique: Agentic AI / AI Agents (Insider Risk Context)
## Overview
AI agents are autonomous or semi-autonomous systems that operate non-deterministically to perform tasks. In the context of modern threat modeling, these agents are classified as "digital insiders" because they possess human-like risk profiles, access sensitive data, and can deviate from expected behavioral patterns, potentially leading to data exfiltration or unauthorized actions.
## Technical Details
- **Type:** Technique / Emerging Threat Vector (Agentic AI)
- **Platform:** Enterprise Cloud Environments, LLM Frameworks, SaaS Ecosystems
- **Capabilities:** Autonomous decision-making, natural language processing, API interaction, and automated data processing.
- **First Seen:** Broad enterprise discussion accelerated circa 2024–2025; technical frameworks evolving through 2026.
## MITRE ATT&CK Mapping
- **[TA0001 - Initial Access]**
- [T1566 - Phishing] (Used to deliver malicious prompts or "jailbreaks")
- **[TA0042 - Resource Development]**
- [T1583 - Acquire Infrastructure] (Exploiting AI agents to provision or manipulate resources)
- **[TA0007 - Discovery]**
- [T1083 - File and Directory Discovery] (AI agents scanning internal repositories)
- **[TA0010 - Exfiltration]**
- [T1537 - Transfer Data to Cloud Account] (AI agents moving data to unauthorized LLM endpoints)
## Functionality
### Core Capabilities
- **Non-Deterministic Operation:** Unlike traditional software, AI agents do not follow Boolean (if-then) logic, making their actions unpredictable.
- **Automated Execution:** The ability to execute multi-step workflows across different enterprise applications without direct human intervention.
- **Data Access:** Integration with internal knowledge bases (RAG - Retrieval-Augmented Generation) to summarize and retrieve corporate intelligence.
### Advanced Features
- **Prompt Engineering Manipulation:** Susceptibility to malicious instructions that can override safety filters.
- **Behavioral Drift:** The capacity for an agent’s performance or logic to change over time based on new data or deceptive inputs.
## Indicators of Compromise
- **File Hashes:** N/A (Behavior-based/Logic-based threat)
- **File Names:** N/A
- **Registry Keys:** N/A
- **Network Indicators:**
- `api[.]openai[.]com` (Outbound calls to unauthorized LLM providers)
- `anthropic[.]com` (Unauthorized model usage)
- Unusual API traffic spikes from service accounts associated with AI orchestration.
- **Behavioral Indicators:**
- Large-scale data retrieval from internal databases outside of normal operating hours.
- "Hallucinated" or anomalous instructions generated within agent logs.
- Sudden changes in an AI agent’s "integrity score" or communication style.
## Associated Threat Actors
- **Insider Threats (Malicious/Negligent):** Employees using unapproved AI tools (Shadow AI).
- **External Adversaries:** Groups utilizing Prompt Injection or Adversarial Machine Learning to subvert legitimate corporate agents.
## Detection Methods
- **Behavioral Detection:** Monitoring for deviation from established baseline "behavior patterns" of the AI, similar to human User and Entity Behavior Analytics (UEBA).
- **Integrity Frameworks:** Implementing an "AI behavior safeguard layer" that checks agent outputs against a coded policy or "code of conduct."
- **LLM-Based Detection:** Using secondary language models specifically trained to identify malicious intent in the prompts or responses of other AI agents.
## Mitigation Strategies
- **Purpose-Built Integrity Frameworks:** Developing a technology layer to govern AI behavior and lack of determinism.
- **Access Management:** Applying strict Identity and Access Management (IAM) to AI agents, treating them as privileged users.
- **Human-Centric Safeguards:** Extending existing Insider Risk Management (IRM) programs to include AI "identities."
- **Bifurcation of Controls:** Implementing proactive guardrails rather than "waiting-and-seeing" for industry standards to emerge.
## Related Tools/Techniques
- **Prompt Injection:** The technique of manipulating an LLM to take unauthorized actions.
- **Shadow AI:** The unsanctioned use of AI tools by employees within an organization.
- **Machine Learning-Based Detection:** Traditional pattern matching, now evolving into language model-based security.