Your AI Agents Have Permissions You Never Approved. Here’s What To Do About It
•InnovationYour AI Agents Have Permissions You Never Approved.
•Here’s What To Do About ItByVineet Arora,Forbes Councils Member.for Forbes Technology CouncilCOUNCIL POSTExpertise from Forbes Councils members, operated under license.
•Opinions expressed are those of the author.
هذا الخبر من Forbes. خبر يقدم أدوات ذكاء اصطناعي للتلخيص والترجمة والاستماع.
InnovationYour AI Agents Have Permissions You Never Approved. Here’s What To Do About ItByVineet Arora,Forbes Councils Member.for Forbes Technology CouncilCOUNCIL POSTExpertise from Forbes Councils members, operated under license. Opinions expressed are those of the author. | Membership (fee-based)May 14, 2026, 08:00am EDTVineet Arora, CTO & Co-Founder, WinWire, with 30+ years in IT Consulting helping CxOs drive Business Transformation thru AgenticAI Solutions gettyGartner’s latest projection puts it plainly: "By 2028, 25% of all enterprise generative AI (GenAI) applications will experience at least five minor security incidents per year, up from 9% in 2025." And by 2029, 15% will face at least one major incident, up from 3% in 2025. Numbers like that land differently when you have seen what an incident looks like.Last year, researchers at Aim Labs disclosed EchoLeak, a zero-click vulnerability in Microsoft 365 Copilot. A crafted email, without links or attachments, could cause the agent to follow hidden instructions and expose sensitive data within its access scope. Microsoft patched the issue before any known real-world exploitation.A few months later, Noma Labs disclosed ForcedLeak, a critical vulnerability in Salesforce Agentforce, where malicious instructions embedded in Web-to-Lead form fields could be executed by AI agents, enabling the exfiltration of sensitive CRM data.In both cases, the defenders got lucky that the researchers found the flaw first.The second category of incident is already live in production. In developer tooling, there are emerging reports of agent misexecution. For example, a documented issue involving Google’s Gemini CLI describes unintended file operations that resulted in data loss, with the system later acknowledging failure. In another widely reported incident, an AI coding agent from Replit deleted a production database during a development workflow, prompting a public apology from the company’s CEO.The OWASP Fo...المصدر: Forbes | Source: Forbes
ملاحظة تحريرية | Editorial Note: نُشر هذا المقال في الأصل بواسطة Forbes. خبر (Khabr) هي منصة إعلامية أردنية مرخّصة تعمل بالذكاء الاصطناعي. نضيف قيمة تحريرية من خلال: تحليل ذكي للأخبار، ملخصات تلقائية، رواية صوتية بالذكاء الاصطناعي، ترجمة متعددة اللغات، وتدقيق الحقائق. هدفنا جعل الأخبار أكثر وضوحاً وسهولةً للقارئ العربي.
This article was originally published by Forbes. Khabr is a licensed Jordanian AI-powered news platform (Registration #82086). We add editorial value through: AI-powered news analysis, automated summaries, AI audio narration, multi-language translation (Arabic, English, French, Turkish), and AI fact-checking. Our mission is to make news more accessible and understandable for Arabic-speaking audiences worldwide.
