AI agents, the next evolution in generative artificial intelligence, are opening the door to a new wave of cybersecurity threats, according to warnings from industry experts and startups like Perplexity. These intelligent systems, designed to autonomously perform online tasks such as booking travel, managing calendars, or processing financial transactions, are now vulnerable to manipulation by malicious actors. The core risk lies in "query injection" attacks—where hackers subtly alter or insert harmful instructions into a user’s natural language prompt. While traditional cyberattacks required advanced coding skills, these new threats can be executed with simple, deceptive phrasing. For instance, a seemingly innocent request like “book me a hotel reservation” could be hijacked to instead “transfer $100 to this account” if the prompt is tampered with. AI agents, which operate by interpreting and executing commands in real time, are particularly susceptible. They can be tricked into carrying out unauthorized actions when fed malicious input, either through direct user interaction or by encountering compromised data on the web. This risk is amplified as AI agents become embedded in browsers and other digital tools that automatically process vast amounts of online content. Cybersecurity experts are sounding the alarm. Marti Jorda Roca of NeuralTrust, a firm focused on large language model security, emphasized that AI introduces entirely new attack surfaces. “People need to understand there are specific dangers using AI in the security sense,” he said. Major tech companies are taking notice. OpenAI’s chief information security officer, Dane Stuckey, has labeled query injection a “vulnerability” and an “unresolved security issue.” Microsoft has introduced tools to detect suspicious commands based on their source and context, while OpenAI now alerts users when an AI agent attempts to access sensitive websites, requiring human approval before proceeding. Despite these efforts, many experts believe current safeguards are insufficient. Eli Smadja of Check Point, an Israeli cybersecurity firm, calls query injection the “number one security problem” for AI agents. He warns that giving AI agents broad access to systems and data without proper oversight is a major mistake. “One huge mistake that I see happening a lot is to give the same AI agent all the power to do everything,” he said. Johann Rehberger, known in the industry as “wunderwuzzi,” argues that AI agents are not yet mature enough to be trusted with complex or high-stakes tasks. “I don’t think we are in a position where you can have an agentic AI go off for a long time and safely do a certain task,” he said. “It just goes off track.” The challenge, he adds, is balancing security with usability. Users want the convenience of AI doing the work for them, but constant monitoring and approval requirements can undermine that experience. As AI capabilities grow, so do the sophistication and speed of attacks. “They only get better,” Rehberger noted. As AI agents become more integrated into daily digital life, the need for robust, adaptive security measures is no longer optional—it’s essential. Without them, the very tools designed to make life easier could become the most powerful weapons in a hacker’s arsenal.