Majority of AI Agents Vulnerable to Exploitation, New Report Shows

A new report has highlighted serious vulnerabilities in AI agents, revealing that only 11% of those evaluated are adequately protected against potential exploitation. As organizations increasingly grant AI agents access to sensitive information and operational capabilities, these findings carry significant implications.

Assessment Findings

The AI Risk Quadrant (AIRQ) Q2 2026 edition assessed 100 commercial and publicly available AI agents, focusing on three key areas: attack surface, blast radius, and defense controls. The troubling conclusion shows that most of these agents are vulnerable to hijacking by a single hostile document. This research, summarized by Help Net Security, emphasizes the urgent need for companies to rethink the permissions granted to their AI agents.

The report classifies agents into quadrants based on their security posture. Only a small number, labeled as "Fortified Leaders," exhibited strong defenses alongside a high attack surface. In contrast, coding and computer-use agents were identified as the most susceptible, featuring extensive attack vectors and considerable damage potential with minimal protective measures.

The Prompt Injection Threat

At the heart of this vulnerability is a method known as prompt injection. This occurs when an AI agent misinterprets hostile content as legitimate commands due to the limitations of large language models in distinguishing between data and instructions. A notable example is the EchoLeak incident, where a zero-click vulnerability in Microsoft 365 Copilot allowed attackers to extract confidential information through crafted emails.

The report reveals a staggering statistic: AI-enabled attacks have surged by 89% year on year. In one alarming case, an AI agent autonomously compromised over 600 firewalls across 55 countries, underscoring the potential scale of damage that unsecured agents could inflict.

Security Professionals' Concerns

The findings align with the views of security experts. A survey by the Cloud Security Alliance shows that 92% of security professionals are concerned about the impact of AI agents on network security. Additionally, a poll by Dark Reading ranks agentic AI as the top emerging threat for the year. These insights reflect a growing recognition of the risks involved in deploying AI agents without robust safeguards.

Recommendations for Mitigation

To address these vulnerabilities, organizations must implement strict access controls and oversight mechanisms. The report suggests several practical steps, including:

• Enforcing least-privilege access to limit what agents can access and control.
• Requiring human approval for significant actions, such as sending emails or executing code.
• Isolating untrusted inputs so that agents treat external content as mere data rather than executable instructions.
• Actively monitoring agent behavior to detect any unusual activities.

While these measures do not completely eliminate the risks posed by prompt injection, they can significantly reduce the potential impact of a compromised agent.

Conclusion

The AIRQ report serves as a critical warning to enterprises integrating AI agents into their workflows. With only 11% of assessed agents showing adequate defenses, organizations must urgently review and strengthen their security protocols. As the nature of AI-enabled threats evolves, so too must the strategies used to protect sensitive data and operations.