BETTER SAFE

It's understandable that businesses the world over are looking for ways to incorporate AI into their operations. AI agents have helped boost productivity and improve customer service, contributing to efficiency increases and better bottom lines. Across C-suites, executives agree that businesses that don't embrace AI will be at a significant disadvantage over the next few years. Yashin Manraj, CEO of Pvotal Technologies, is one of them. But, he warns, diving in headfirst without testing the water can lead to disaster. There's so much data AI agents can collect – often deeply personal data – that any breach can have massive implications. The right security is paramount.

Overexposure

Leaders integrating AI agents into customer support often don't understand the vulnerabilities.

“One of the most common vectors we've seen is that people are able to basically inject some code or some prompt that allows them to retrieve other consumer data because a lot of these companies don't understand how important it is to segregate data, how important it is to prevent their own AI agents from being able to read, for example, the entire database or entire consumer application,” Manraj told Reboot.

Too often, this information is left unprotected, accessible to bad actors who don't even really need to resort to hacking.

For example, the DeepSeek breach left more than a million critical records exposed. Chat histories, back-end data, API secrets, and other sensitive information was publicly accessible.

And whereas a lot of tracking information collected by internet search engines is anonymized, that is not usually the case with AI agents. People's names are often connected to personal information they reveal about themselves to chatbots. Things like medical history and account information are particularly sensitive, but basically any identifying details can be leveraged by scammers.