Are AI Agents Compromised By Design?
(Tuesday October 14, 2025 @11:30PM (BeauHD)
from the AI-security-trilemma dept.)
- Reference: 0179786614
- News link: https://yro.slashdot.org/story/25/10/14/2054250/are-ai-agents-compromised-by-design
- Source link:
Longtime Slashdot reader [1]Gadi Evron writes:
> Bruce Schneier and Barath Raghavan say agentic AI is already broken at the core. In their [2]IEEE Security & Privacy essay , they argue that AI agents run on untrusted data, use unverified tools, and make decisions in hostile environments. Every part of the OODA loop (observe, orient, decide, act) is open to attack. Prompt injection, data poisoning, and tool misuse corrupt the system from the inside. The model's strength, treating all input as equal, also makes it exploitable. They call this the AI security trilemma: fast, smart, or secure. Pick two. Integrity isn't a feature you bolt on later. It has to be built in from the start.
"Computer security has evolved over the decades," the authors wrote. "We addressed availability despite failures through replication and decentralization. We addressed confidentiality despite breaches using authenticated encryption. Now we need to address integrity despite corruption."
"Trustworthy AI agents require integrity because we can't build reliable systems on unreliable foundations. The question isn't whether we can add integrity to AI but whether the architecture permits integrity at all."
[1] https://slashdot.org/~Gadi+Evron
[2] https://www.computer.org/csdl/magazine/sp/5555/01/11194053/2aB2Rf5nZ0k
> Bruce Schneier and Barath Raghavan say agentic AI is already broken at the core. In their [2]IEEE Security & Privacy essay , they argue that AI agents run on untrusted data, use unverified tools, and make decisions in hostile environments. Every part of the OODA loop (observe, orient, decide, act) is open to attack. Prompt injection, data poisoning, and tool misuse corrupt the system from the inside. The model's strength, treating all input as equal, also makes it exploitable. They call this the AI security trilemma: fast, smart, or secure. Pick two. Integrity isn't a feature you bolt on later. It has to be built in from the start.
"Computer security has evolved over the decades," the authors wrote. "We addressed availability despite failures through replication and decentralization. We addressed confidentiality despite breaches using authenticated encryption. Now we need to address integrity despite corruption."
"Trustworthy AI agents require integrity because we can't build reliable systems on unreliable foundations. The question isn't whether we can add integrity to AI but whether the architecture permits integrity at all."
[1] https://slashdot.org/~Gadi+Evron
[2] https://www.computer.org/csdl/magazine/sp/5555/01/11194053/2aB2Rf5nZ0k
Yes (Score:2)
by devslash0 ( 4203435 )
Next question.
Is this April 1? (Score:1)
by Tablizer ( 95088 )
Somebody predicting an AI product category is FUBAR instead of wonderful magic productivity?
Re: (Score:2)
by gweihir ( 88907 )
No. It is real security experts at work and these people are pretty immune to hype.
If you haven't moved to post-agentic AI (Score:2)
by ebunga ( 95613 )
Then you are already behind the curve and should just liquidate your company now rather than continue operating.
Re: (Score:2)
by commodore73 ( 967172 )
Post-agentic? I'm already using quantum AI.
Re: (Score:2)
by gkelley ( 9990154 )
Is that better than post-quantum AI?
Re: (Score:2)
by commodore73 ( 967172 )
The Final Virus shall be written in the language of humor.
Yes, obviously (Score:2)
by gweihir ( 88907 )
Why does this even need to be stated? These things are grossly insecure and that cannot be fixed. It does not get more "broken by design" that that.
Re: (Score:2)
They do now. Hell, some of them are compromised by the operators.
But I also don't know what mean by an agent being compromised by design. An AI agent is software that uses AI. I don't see how an agent is inherently compromised, but at the same time it's got a turd at it's core.
Re: (Score:2)
> it's got a turd at it's core
That's the compromising part.
Re: (Score:2)
Haven't you heard? ChatGPT wants you to let it purchase things on your behalf. [1]https://openai.com/index/buy-i... [openai.com] What could possibly go wrong?
[1] https://openai.com/index/buy-it-in-chatgpt/