Davos discussion mulls how to keep AI agents from running wild
(2026/01/22)
- Reference: 1769036689
- News link: https://www.theregister.co.uk/2026/01/21/davos_ai_agents_security/
- Source link:
AI agents arrived in Davos this week with the question of how to secure them - and prevent agents from becoming the [1]ultimate insider threat - taking center stage during a panel discussion on cyber threats.
"We have enough difficulty getting the humans trained to be effective at preventing cyberattacks. Now I've got to do it for humans and agents in combination," Pearson Chief Technology Officer Dave Treat said.
Pearson's a global education and training company, and Treat was speaking during the question-and-answer part of the panel as an audience member, not a panelist. Like many companies, Pearson is introducing AI agents into its environments, Treat said.
[2]
This opens up a [3]whole new set of challenges for organizations that don't want to miss out on the efficiency gains that AI agents can provide - but they also don't want these agents to access data and systems that should be off limits to them, or perform tasks that can harm the business or individuals.
[4]
[5]
AI agents, Treat said, "tend to want to please. How are we creating and tuning these agents to be suspicious and not be fooled by the same ploys and tactics that humans are fooled with?"
We have enough difficulty getting the humans trained to be effective at preventing cyberattacks. Now I've got to do it for humans and agents
No one has a good answer to this question - at least not yet. This remains the challenge with other security threats related to AI and agents, like [6]prompt injection .
For now, implementing [7]zero trust and least-privilege access remains high on the list of best practices. And, we should note, these concerns are also [8]triggering M&A activity among security firms looking to scoop up smaller, AI-focused startups.
"With agents, you need to think about them as an extension of your team, an extension of your employee base," Cloudflare co-founder and president Michelle Zatlyn said, speaking on the Davos panel. "Organizations are adopting zero trust for their employees. The same thing will happen with agents."
[9]
Hatem Dowidar, group CEO of e&, an Emirati state-owned communications, technology, and investment group, suggested more guardrails and guard agents to monitor their AI minions.
"With human agents, remember many, many years ago we started saying 'all calls are recorded for quality purposes?' We need to create that also for AI agents," Dowidar said. "We need to set up guardrails and have guard agents that are in a separate system that look into how your AI agents are behaving and immediately flagging anything that is going out of the ordinary."
Mastercard CEO Michael Miebach said organizations should take a page from the banking industry's security and threat-intelligence practices, and collect as many signals as possible from relevant data streams and other indicators to determine if activity is safe or malicious.
[10]Yes, criminals are using AI to vibe-code malware
[11]Palo Alto Networks security-intel boss calls AI agents 2026's biggest insider threat
[12]Block CISO: We red-teamed our own AI agent to run an infostealer on an employee laptop
[13]Trump promises nuclear datacenter permits in 3 weeks, calls Greenland 'big beautiful ice'
He also noted that [14]Mastercard acquired Recorded Future for this type of proactive, threat-hunting purpose.
Identifying threats, Miebach said, "comes down to many things. It could be identity. It could also be your location data. It's many, many data sets that come together with a 99 percent probability score. This is a good transaction. Let it happen."
[15]
Analyzing all of these signals to improve security defenses requires companies to have access to their data, and this is where AI and security use cases intersect, according to Miebach.
"You can use the updated data infrastructure and lineage work to also drive the defenses," Miebach said.
This, according to Dowidar, is also an area where network defenders can use AI agents to boost their own security posture.
"We need more intelligent networks," he said. "We need to continuously monitor for different behaviors. People are using AI capabilities or agents for hacking or for bad actions, we also have agents that are looking at new behavior or different behavior and isolating it early on to be able to protect the network." ®
Get our [16]Tech Resources
[1] https://www.theregister.com/2026/01/04/ai_agents_insider_threats_panw/
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aXGu-QikQXIQDYnSZ2AztgAAAQg&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://www.theregister.com/2026/01/12/block_ai_agent_goose/
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aXGu-QikQXIQDYnSZ2AztgAAAQg&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aXGu-QikQXIQDYnSZ2AztgAAAQg&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://www.theregister.com/2025/10/22/openai_defends_atlas_as_prompt/
[7] https://www.theregister.com/2026/01/08/criminals_vibe_coding_malware/
[8] https://www.theregister.com/2026/01/08/crowdstrikes_740m_sgnl_deal_proves/
[9] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aXGu-QikQXIQDYnSZ2AztgAAAQg&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[10] https://www.theregister.com/2026/01/08/criminals_vibe_coding_malware/
[11] https://www.theregister.com/2026/01/04/ai_agents_insider_threats_panw/
[12] https://www.theregister.com/2026/01/12/block_ai_agent_goose/
[13] https://www.theregister.com/2026/01/21/american_genius_says_dont_panic/
[14] https://www.theregister.com/2024/09/12/mastercard_recorded_future/
[15] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aXGu-QikQXIQDYnSZ2AztgAAAQg&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[16] https://whitepapers.theregister.com/
"We have enough difficulty getting the humans trained to be effective at preventing cyberattacks. Now I've got to do it for humans and agents in combination," Pearson Chief Technology Officer Dave Treat said.
Pearson's a global education and training company, and Treat was speaking during the question-and-answer part of the panel as an audience member, not a panelist. Like many companies, Pearson is introducing AI agents into its environments, Treat said.
[2]
This opens up a [3]whole new set of challenges for organizations that don't want to miss out on the efficiency gains that AI agents can provide - but they also don't want these agents to access data and systems that should be off limits to them, or perform tasks that can harm the business or individuals.
[4]
[5]
AI agents, Treat said, "tend to want to please. How are we creating and tuning these agents to be suspicious and not be fooled by the same ploys and tactics that humans are fooled with?"
We have enough difficulty getting the humans trained to be effective at preventing cyberattacks. Now I've got to do it for humans and agents
No one has a good answer to this question - at least not yet. This remains the challenge with other security threats related to AI and agents, like [6]prompt injection .
For now, implementing [7]zero trust and least-privilege access remains high on the list of best practices. And, we should note, these concerns are also [8]triggering M&A activity among security firms looking to scoop up smaller, AI-focused startups.
"With agents, you need to think about them as an extension of your team, an extension of your employee base," Cloudflare co-founder and president Michelle Zatlyn said, speaking on the Davos panel. "Organizations are adopting zero trust for their employees. The same thing will happen with agents."
[9]
Hatem Dowidar, group CEO of e&, an Emirati state-owned communications, technology, and investment group, suggested more guardrails and guard agents to monitor their AI minions.
"With human agents, remember many, many years ago we started saying 'all calls are recorded for quality purposes?' We need to create that also for AI agents," Dowidar said. "We need to set up guardrails and have guard agents that are in a separate system that look into how your AI agents are behaving and immediately flagging anything that is going out of the ordinary."
Mastercard CEO Michael Miebach said organizations should take a page from the banking industry's security and threat-intelligence practices, and collect as many signals as possible from relevant data streams and other indicators to determine if activity is safe or malicious.
[10]Yes, criminals are using AI to vibe-code malware
[11]Palo Alto Networks security-intel boss calls AI agents 2026's biggest insider threat
[12]Block CISO: We red-teamed our own AI agent to run an infostealer on an employee laptop
[13]Trump promises nuclear datacenter permits in 3 weeks, calls Greenland 'big beautiful ice'
He also noted that [14]Mastercard acquired Recorded Future for this type of proactive, threat-hunting purpose.
Identifying threats, Miebach said, "comes down to many things. It could be identity. It could also be your location data. It's many, many data sets that come together with a 99 percent probability score. This is a good transaction. Let it happen."
[15]
Analyzing all of these signals to improve security defenses requires companies to have access to their data, and this is where AI and security use cases intersect, according to Miebach.
"You can use the updated data infrastructure and lineage work to also drive the defenses," Miebach said.
This, according to Dowidar, is also an area where network defenders can use AI agents to boost their own security posture.
"We need more intelligent networks," he said. "We need to continuously monitor for different behaviors. People are using AI capabilities or agents for hacking or for bad actions, we also have agents that are looking at new behavior or different behavior and isolating it early on to be able to protect the network." ®
Get our [16]Tech Resources
[1] https://www.theregister.com/2026/01/04/ai_agents_insider_threats_panw/
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aXGu-QikQXIQDYnSZ2AztgAAAQg&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://www.theregister.com/2026/01/12/block_ai_agent_goose/
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aXGu-QikQXIQDYnSZ2AztgAAAQg&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aXGu-QikQXIQDYnSZ2AztgAAAQg&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[6] https://www.theregister.com/2025/10/22/openai_defends_atlas_as_prompt/
[7] https://www.theregister.com/2026/01/08/criminals_vibe_coding_malware/
[8] https://www.theregister.com/2026/01/08/crowdstrikes_740m_sgnl_deal_proves/
[9] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aXGu-QikQXIQDYnSZ2AztgAAAQg&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[10] https://www.theregister.com/2026/01/08/criminals_vibe_coding_malware/
[11] https://www.theregister.com/2026/01/04/ai_agents_insider_threats_panw/
[12] https://www.theregister.com/2026/01/12/block_ai_agent_goose/
[13] https://www.theregister.com/2026/01/21/american_genius_says_dont_panic/
[14] https://www.theregister.com/2024/09/12/mastercard_recorded_future/
[15] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aXGu-QikQXIQDYnSZ2AztgAAAQg&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[16] https://whitepapers.theregister.com/
cyberdemon
> i.e. they can't (because they simply don't) distinguish between data and instructions
Well, as statistical token predictors without logic, reasoning, programming, never mind intelligence, they simply guess wot a human the training data might do in a given context. So they indeed can't.
> Ultimately I think the only way to keep them from "running wild" is to simply not use them.
And not to build and invest the world's finite resources in them.
Too late for that though, sadly.
AI agents are already running wild.
jake
Have you seen the salaries of these scammers?
It's actually very simple.
Pulled Tea
In order for you to absolutely reduce the risk of AI agents running rampant in an organization, here's a recommendation, boiled down to one sentence:
Don't use AI agents.
As I understand it, the problem with "AI agents" in their current guise is that to an LLM all inputs are prompts, i.e. they can't (because they simply don't) distinguish between data and instructions. I suspect the more guardrails you put in place to try to limit prompt attacks, the less flexible the system becomes.
Ultimately I think the only way to keep them from "running wild" is to simply not use them.