Shadow AI agents in enterprise environments
Summary
Hide ▲
Show ▼
Shadow AI agents are proliferating in enterprise environments, often deployed without proper oversight or security measures. These agents can pose significant security risks, including data breaches and privilege escalation, if compromised. Enterprises must address the lack of visibility and control over these agents to mitigate risks. Shadow AI agents are autonomous software agents deployed within organizations, often without proper identification, ownership, or logging. They can be compromised to move through systems, access sensitive data, or escalate privileges continuously. Most existing security programs are not equipped to manage these agents, leading to increased risks as their adoption grows.
Timeline
-
20.08.2025 14:26 1 articles · 1mo ago
Shadow AI agents proliferating in enterprise environments
Shadow AI agents are autonomous software agents deployed within organizations without proper identification, ownership, or logging. These agents can be compromised to move through systems, access sensitive data, or escalate privileges continuously. Most existing security programs are not equipped to manage these agents, leading to increased risks as their adoption grows. Enterprises must address the lack of visibility and control over these agents to mitigate risks.
Show sources
- 🕵️ Webinar: Discover and Control Shadow AI Agents in Your Enterprise Before Hackers Do — thehackernews.com — 20.08.2025 14:26
Information Snippets
-
Shadow AI agents are autonomous software agents deployed within organizations without proper identification, ownership, or logging.
First reported: 20.08.2025 14:261 source, 1 articleShow sources
- 🕵️ Webinar: Discover and Control Shadow AI Agents in Your Enterprise Before Hackers Do — thehackernews.com — 20.08.2025 14:26
-
These agents can be compromised to move through systems, access sensitive data, or escalate privileges continuously.
First reported: 20.08.2025 14:261 source, 1 articleShow sources
- 🕵️ Webinar: Discover and Control Shadow AI Agents in Your Enterprise Before Hackers Do — thehackernews.com — 20.08.2025 14:26
-
Most existing security programs are not equipped to manage these agents, leading to increased risks as their adoption grows.
First reported: 20.08.2025 14:261 source, 1 articleShow sources
- 🕵️ Webinar: Discover and Control Shadow AI Agents in Your Enterprise Before Hackers Do — thehackernews.com — 20.08.2025 14:26
-
Shadow AI agents are often deployed by business units moving quickly to achieve results, bypassing IT oversight.
First reported: 20.08.2025 14:261 source, 1 articleShow sources
- 🕵️ Webinar: Discover and Control Shadow AI Agents in Your Enterprise Before Hackers Do — thehackernews.com — 20.08.2025 14:26
-
The proliferation of shadow AI agents increases the risk of data breaches and privilege escalation.
First reported: 20.08.2025 14:261 source, 1 articleShow sources
- 🕵️ Webinar: Discover and Control Shadow AI Agents in Your Enterprise Before Hackers Do — thehackernews.com — 20.08.2025 14:26
Similar Happenings
HexStrike AI weaponized to exploit Citrix vulnerabilities
Threat actors have begun using HexStrike AI, an AI-driven security tool, to exploit recently disclosed Citrix vulnerabilities. HexStrike AI, designed for authorized red teaming and bug bounty hunting, has been repurposed to automate the exploitation of security flaws. This development highlights the rapid weaponization of AI tools by malicious actors, significantly reducing the time between vulnerability disclosure and exploitation. The exploitation attempts target three Citrix vulnerabilities disclosed last week. Threat actors are using HexStrike AI to identify and exploit vulnerable NetScaler instances, which are then offered for sale on dark web forums. This trend underscores the growing threat of AI-powered cyberattacks and the need for robust defensive measures. CheckPoint Research observed significant chatter on the dark web around HexStrike-AI, associated with the rapid weaponization of newly disclosed Citrix vulnerabilities, including CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424. Nearly 8,000 endpoints remain vulnerable to CVE-2025-7775 as of September 2, 2025, down from 28,000 the previous week. CheckPoint recommends defenders focus on early warning through threat intelligence, AI-driven defenses, and adaptive detection.
AI-Powered Cyberattacks Automating Theft and Extortion Disrupted by Anthropic
Anthropic disrupted a sophisticated AI-powered cyberattack operation in July 2025. The actor targeted 17 organizations across healthcare, emergency services, government, and religious institutions. The attacker used Anthropic's AI-powered chatbot Claude to automate various phases of the attack cycle, including reconnaissance, credential harvesting, and network penetration. The actor threatened to expose stolen data publicly to extort victims into paying ransoms. The operation, codenamed GTG-2002, employed Claude Code on Kali Linux to conduct attacks, using it to make tactical and strategic decisions autonomously. The attacker used Claude Code to craft bespoke versions of the Chisel tunneling utility and disguise malicious executables as legitimate Microsoft tools. The actor organized stolen data for monetization, creating customized ransom notes and multi-tiered extortion strategies. Anthropic developed a custom classifier to screen for similar behavior and shared technical indicators with key partners to mitigate future threats. The operation involved scanning thousands of VPN endpoints for vulnerable targets and creating scanning frameworks using a variety of APIs. The actor provided Claude Code with their preferred operational TTPs (Tactics, Techniques, and Procedures) in their CLAUDE.md file. Claude Code was used for real-time assistance with network penetrations and direct operational support for active intrusions, such as guidance for privilege escalation and lateral movement. The threat actor created obfuscated versions of the Chisel tunneling tool to evade Windows Defender detection and developed completely new TCP proxy code that doesn't use Chisel libraries at all. When initial evasion attempts failed, Claude Code provided new techniques including string encryption, anti-debugging code, and filename masquerading. The threat actor stole personal records, healthcare data, financial information, government credentials, and other sensitive information. Claude not only performed 'on-keyboard' operations but also analyzed exfiltrated financial data to determine appropriate ransom amounts and generated visually alarming HTML ransom notes that were displayed on victim machines by embedding them into the boot process. The operation demonstrates a concerning evolution in AI-assisted cybercrime, where AI serves as both a technical consultant and active operator, enabling attacks that would be more difficult and time-consuming for individual actors to execute manually.
Chinese State-Sponsored Actors Target Global Critical Infrastructure
Chinese state-sponsored Advanced Persistent Threat (APT) actors, specifically the Salt Typhoon group and a newly identified group named RedNovember, have been conducting sustained campaigns to compromise critical infrastructure networks worldwide. The campaigns aim to gain long-term access to telecommunications, government, transportation, lodging, and military networks. This activity has been detailed in a joint advisory by CISA, NSA, FBI, and international partners, including Canada, Australia, New Zealand, the UK, Czech Republic, Finland, Germany, Italy, Japan, the Netherlands, Poland, and Spain. The advisory provides intelligence on tactics used by these actors and recommends mitigations to strengthen defenses. The Czech Republic's National Cyber and Information Security Agency (NUKIB) has issued a warning instructing critical infrastructure organizations to avoid using Chinese technology or transferring user data to servers located in China. The agency has re-evaluated its risk estimate of significant disruptions caused by China, now assessing it at a 'High' level. The NUKIB has confirmed malicious activities of Chinese cyber-actors targeting the Czech Republic, including a recent APT31 campaign targeting the Czech Ministry of Foreign Affairs. The advisory highlights concerns over the transfer of system and user data to China, potentially misused by state, military, or political interests. The Czech government previously accused China of targeting its critical infrastructure through APT 31, an allegation denied by the PRC but condemned by the US, EU, and NATO. The advisory suggests that individuals and organizations consider restricting or prohibiting the use of products and services that transfer data to China. The campaign has targeted at least 600 organizations across 80 countries, including 200 in the U.S. The threat actors have exploited vulnerabilities in Cisco, Ivanti, and Palo Alto Networks devices to gain initial access and have modified routers to maintain persistent access and pivot into other networks. The advisory also notes that the APT actors may target other devices such as Fortinet firewalls, Juniper firewalls, Microsoft Exchange, Nokia routers and switches, Sierra Wireless devices, Sonicwall firewalls, etc. RedNovember has targeted perimeter appliances of high-profile organizations globally, including defense and aerospace organizations, space organizations, and law firms. The group has breached at least two U.S. defense contractors, a European engine manufacturer, and a trade-focused intergovernmental cooperation body in Southeast Asia. RedNovember has used the Go-based backdoor Pantegana and Cobalt Strike as part of its intrusions, along with the Spark RAT and LESLIELOADER. The group has also used VPN services like ExpressVPN and Warp VPN to administer and connect to servers used for exploitation and communication.
AI systems vulnerable to data-theft via hidden prompts in downscaled images
AI systems remain vulnerable to data-theft via hidden prompts in downscaled images. Researchers from Trail of Bits have demonstrated a novel attack vector that exploits AI systems by embedding hidden prompts in images. These prompts become visible when images are downscaled, enabling data theft or unauthorized actions. The attack leverages image resampling algorithms to reveal hidden instructions, which are then executed by the AI model. The vulnerability affects multiple AI systems, including Google Gemini CLI, Vertex AI Studio, Google Assistant on Android, and Genspark. The attack works by crafting images with specific patterns that emerge during downscaling. These patterns contain instructions that the AI model interprets as part of the user's input, leading to potential data leakage or other malicious activities. The researchers have developed an open-source tool, Anamorpher, to create images for testing and demonstrating the attack. To mitigate the risk, Trail of Bits recommends implementing dimension restrictions on image uploads, providing users with previews of downscaled images, and seeking explicit user confirmation for sensitive tool calls.
Murky Panda, Genesis Panda, Glacial Panda Cloud and Telecom Intrusions
Chinese hacking groups Murky Panda, Genesis Panda, and Glacial Panda have escalated their cloud and telecom espionage activities. Murky Panda, also known as Silk Typhoon, exploits trusted cloud relationships and zero-day vulnerabilities to breach enterprise networks. They target government, technology, academic, legal, and professional services entities in North America. Murky Panda exploits internet-facing appliances and known security flaws in Citrix, Commvault, and Ivanti Pulse Connect VPN to deploy web shells and custom malware. They compromise exposed SOHO devices and deploy web shells to establish persistence. In recent attacks, Murky Panda exploited zero-day vulnerabilities to break into a SaaS provider's cloud environment and gain access to the provider's application registration secret in Entra ID. They also compromised a Microsoft cloud solution provider with delegated administrative privileges (DAP) to gain Global Administrator rights across all downstream tenants. Genesis Panda, active since January 2024, targets financial, media, telecommunications, and technology sectors across 11 countries. They leverage cloud services for exfiltration and persistence. Glacial Panda targets telecoms in 12 countries, exploiting Linux systems and legacy technologies. They use privilege escalation bugs and trojanized OpenSSH components for backdoor access.