The agentic apocalypse: Resisting the onslaught of one billion AI agents
The rise of agents is about to create the largest attack surface in human history - and there's no guarantee we'll be able to secure it.
Security leaders are used to being outnumbered by the sheer volume of threats and bad actors out to ruin their day.
But the rise of agentic AI could soon turn a siege into a slaughter if warnings about the scale of the risk facing defenders are to be believed.
Today, an unusually snappily written press release popped into the Machine inbox warning that the arrival of vast numbers of agents will create a "vast new attack surface".
"There will be more than one billion AI agents with significant autonomous power in the next few years,” said Jack Hidary, CEO of SandboxAQ.
"Enterprises are giving AI agents a vastly increased range of capabilities to impact customers and real-world assets. This creates a dangerous attack surface for adversaries."
Why is agentic AI a security threat?
There are many reasons to be afraid of AI agents. The first is that they could dramatically increase the damage which can be wreaked by targeting an individual person.
Convincing one employee to click on a phishing email can be catastrophic enough. Now imagine that person controls thousands of agents across a variety of business functions. The potential blast radius could be thermonuclear.
Shadow AI will also become an even greater threat as workers go from generating emails on ChatGPT to commanding vast armies of digital vassals.
Nvidia boss Jensen Huang has said that 50,000 members of staff could end up managing 100 million AI agents per department, meaning the human vs machine ratio could soar to 2,000-to-1.
Try putting all those genies back in the bottle. It's not going to happen easily.
Preparing for the APIpocalypse
Meanwhile, the agentic apocalypse will give rise to a challenge we're calling the APIpocalypse. All those AI models will need to access data via APIs, which will come under increasing strain and create potentially catastrophic points of fragility.
Obviously, threat actors know this and are already stepping up their attacks on APIs. In November 2024, Akamai found that 84% of security professionals experienced an API security incident over the past 12 months - an all-time high that's significantly higher from the 78% recorded in 2023.
Anthropic's Model Context Protocol (MCP) is a potential solution to this issue. This standardised open protocol has been compared to a "USB-C port for AI applications" enabling access to multiple services with built-in access and security controls. But it's not a magic bullet.
Securing the world's largest attack surface
SandboxAQ argues, of course, that the solution to this emerging threat is its new platform, AQtive Guard, which is designed to manage and secure non-human identities (NHIs) and the other cryptographic assets used by the friendly and malevolent AI agents that are "surging across enterprise environments."
It said the way to combat a "flood" of intelligent, adaptive cyber threats lies in building proactive, AI-driven cryptographic defences. These will need to evolve at a faster pace than the tools used by bad guys, meaning that the arms race between defenders and threat actors is likely to accelerate to unprecedented levels.
READ MORE: Rogue agents: Securing the foundation of enterprise GenAI
The SandboxAQ solutions enable organisations to maintain an inventory of both NHIs and cryptographic assets such as keys, certificates, algorithms, and libraries, helping security teams stay ahead of the bad guy whilst meeting compliance and regulatory mandates.
The AQtive Guard Protect tool can orchestrate automated remediation workflows and enforce protection policies such as credential rotation or certificate renewal.
SandboxAQ also offers its own Large Quantitative Models (LQMs), which are a bit like LLMs but with a cleverer-sounding word in their name.
These modules organisations ways of gaining control, visibility and remediation as the security challenges of machine-to-machine communication security escalate to crisis proportions.
Marc Manzano, General Manager of Cybersecurity at SandboxAQ, said: "As organisations accelerate AI adoption and the use of agents and machine-to-machine communication across all business domains and functions, maintaining a real-time, accurate inventory of NHIs and cryptographic assets is an essential cybersecurity practice.
"Being able to automatically remediate vulnerabilities and policy violations is crucial to decrease time to mitigation and prevent potential breaches within the first day of use of our software."
There are many other ideas on how to secure against the agentic threat.
Strict identity and access management (IAM) frameworks can help to tackle the problem, particularly when combined with role-based access control (RBAC) and attribute-based access control (ABAC).
These systems tightly restrict what an agent can do, ensuring it only operates within clearly defined boundaries based on identity, context, and purpose. For highly sensitive environments, these controls should be embedded within a zero-trust architecture, which continuously verifies access requests and removes implicit trust entirely.
Other ways to defend against rogue agents include immutable logging systems (perhaps using blockchain), which can track every action an AI agent takes. This makes forensic analysis possible even after a compromise and ensures that bad behaviour is at least monitored.
Kill switch mechanisms are also a cool-sounding way to blow up agents if they start to disobey their creators and go haywire. Although it's highly probable that agents could be programmed maliciously to help each other override these protocols. They may even learn how to do this themselves.
We're expecting to see many more suggestions about how to protect against the agentic threat and put up defences against malicious enemy models.
However, it's far from clear that we'll win this battle easily.
The agentic apocalypse is about to begin and it's going to be boomtime for security firms - possibly quite literally.
Have you got a story or insights to share? Get in touch and let us know.
