Artificial intelligence is rapidly evolving from simple chatbots to autonomous AI agents capable of performing real-world digital tasks—booking flights, sending emails, or managing calendars. But as these agents become more powerful and independent, cybersecurity experts warn they are also becoming prime targets for hackers. The next generation of AI-driven automation could unintentionally open the door to a new wave of digital threats.
AI agents, unlike traditional bots, can take complex instructions written in plain language and execute them automatically. This means that even people with zero technical knowledge can potentially misuse these systems—or worse, become victims of hidden manipulations. “We’re entering an era where cybersecurity is no longer about defending against skilled hackers, but anyone with access to an AI interface,” explained startup Perplexity in a recent blog post.
At the center of these concerns lies a growing risk known as query injection. This type of attack, already familiar in the world of software exploitation, involves tricking systems into executing malicious commands. However, when applied to AI agents, the consequences could be far more dangerous. Instead of traditional malware, hackers can embed malicious prompts or hidden instructions into text or webpages that unsuspecting AI agents might encounter while browsing the web.
For instance, a user might instruct their AI to “book a hotel in Paris,” only for the request to be silently modified into “transfer $100 to this account.” As Marti Jorda Roca, a software engineer at NeuralTrust, warns, “People need to understand that AI agents bring specific dangers when used in security-sensitive environments.”
Major industry players like OpenAI, Microsoft, and Meta are already racing to address these vulnerabilities. Meta has classified query injection as a “vulnerability”, while OpenAI’s Chief Information Security Officer, Dane Stuckey, calls it an “unresolved security issue.” In response, Microsoft introduced tools that detect suspicious commands based on their source, and OpenAI implemented real-time alerts that notify users when agents interact with sensitive sites.
Cybersecurity experts like Eli Smadja of Check Point label query injection as the “number one security problem” facing large language models today. Some professionals propose that AI agents should be designed to seek user approval before performing critical tasks—such as accessing banking data or exporting files—to minimize potential damage.
However, the convenience of hands-free AI automation creates tension between usability and security. As Johann Rehberger, a researcher known in the cybersecurity community as Wunderwuzzi, observes, “AI agents are not yet mature enough to be trusted with important missions or sensitive data. They go off track too easily.”
Conclusion:
As AI agents gain more autonomy, the line between helpful assistant and digital liability becomes dangerously thin. The threat of AI-powered cyberattacks is no longer theoretical—it’s emerging in real time. The solution lies in developing robust safeguards, ensuring transparency in AI decision-making, and keeping humans firmly in control. Until then, experts agree: trusting AI agents with critical tasks is a risk the world isn’t ready to take.
