Autonomous AI agents are beginning to operate across enterprise networks in ways that traditional security controls are not built to handle, according to new research from Radware’s threat intelligence team.
The company’s report, The Internet of Agents: The Next Threat Surface, warns that agent ecosystems powered by large language models (LLMs) are already creating an attack surface that adversaries are quick to exploit.
Radware notes that while organizations are deploying AI agents with the ability to reason, invoke tools, and communicate with one another through emerging standards, they are not matching this with tools that can address the loopholes opened by the agents.
From new protocols to new exploits
The adoption of Model Context Protocol (MCP) and Agent-to-Agent (A2A) interaction standards has expanded how agents plug into corporate systems. However, this connectivity also introduces pathways for attack, including indirect prompt injection, tool poisoning, and lateral compromise, according to the report.
Through indirect prompt injection, attackers can embed hidden instructions inside common business inputs such as emails, documents, or web pages. “No user action is required to trigger the exploit. It happened while you were sleeping,” Radware wrote. This zero-click quality means even vigilant employees may be unable to prevent compromise once an agent processes a tainted input.
The report also describes a proof-of-concept exploit, labeled EchoLeak, that allows attackers to chain indirect prompt injections with agentic access privileges. This technique can silently extract sensitive data or trigger unauthorized transactions without human involvement, raising questions about how difficult it will be to contain risks in autonomous ecosystems.
Is AI lowering the barrier for cybercrime?
Radware’s research indicates the emergence of malicious AI platforms that package these capabilities for broader use.
Subscription services like XanthoroxAI offer “full attack kill chain tooling” to both novice and experienced actors. The report notes that this has the effect of industrializing cybercrime, providing attackers with ready-made, agentic frameworks for reconnaissance, exploitation, and persistence.
Another concern is the accelerating pace of exploit development. The report cites examples where GPT-4 was able to generate functional exploits from vulnerability descriptions faster than seasoned researchers. This means “the window between a vulnerability disclosure and functional exploit code in the wild, formerly measured in days or weeks for complex bugs, could shrink to hours or minutes,” the report warned.
Implications for channel partners
The spread of autonomous AI agents is expected to shift demand across the channel as it will create new requirements for advisory and security-led services. Given the rate at which enterprises are deploying these systems into workflows and customer-facing operations, many will turn to partners for practical strategies on governance and protection.
Radware’s report argues that conventional security tools will not cover this emerging layer of infrastructure. That opens space for solution providers, MSSPs, and resellers to deliver managed services that include red-teaming, agent monitoring, and policy enforcement.
Channel firms that move early to build expertise in securing AI-driven environments are likely to gain an edge as customers seek trusted guidance.