Author: Saugat Sindhu, Global Head – Advisory Services, Cybersecurity & Risk Services, Wipro Limited
October is Cybersecurity Awareness Month, and this year, one emerging frontier demands urgent attention: Agentic AI.
India’s digital economy is booming — from UPI payments to Aadhaar-enabled services, from smart manufacturing to AI-powered governance. But as artificial intelligence evolves from passive large language models (LLMs) into autonomous, decision-making agents, the cyber threat landscape is shifting dramatically.
These agentic AI systems can plan, reason, and act independently — interacting with other agents, adapting to changing environments, and making decisions without direct human intervention. While this autonomy can supercharge productivity, it also opens the door to new, high-impact risks that traditional security frameworks aren’t built to handle.
Here are the 10 most critical cyber risks of agentic AI — and the governance strategies to keep them in check.
1. Memory poisoning
Threat: Malicious or false data is injected into an AI’s short- or long-term memory, corrupting its context and altering decisions.
Example: An AI agent used by a bank falsely remembers that a loan is approved due to a tampered record, resulting in unauthorized fund disbursement.
Defense: Validate memory content regularly; isolate memory sessions for sensitive tasks; require strong authentication for memory access; deploy anomaly detection and memory sanitization routines.
2. Tool misuse
Threat: Attackers trick AI agents into abusing integrated tools (APIs, payment gateways, document processors) via deceptive prompts, leading to hijacking.
Example: An AI-powered HR chatbot is manipulated to send confidential salary data to an external email using a forged request.
Defense: Enforce strict tool access verification; monitor tool usage patterns in real time; set operational boundaries for high-risk tools; validate all agent instructions before execution.
3. Privilege compromise
Threat: Exploiting permission misconfigurations or dynamic role inheritance to perform unauthorized actions.
Example: An employee escalates privileges with an AI agent in a government portal to access Aadhaar-linked information without proper authorization.
Defense: Apply granular permission controls; validate access dynamically; monitor role changes continuously; audit privilege operations thoroughly.
4. Resource overload
Threat: Overwhelming an AI’s compute, memory, or service capacity to degrade performance or cause failures — especially dangerous in mission-critical systems like healthcare or transport.
Example: During festival season, an e-commerce AI agent gets flooded with thousands of simultaneous payment requests, causing transaction failures.
Defense: Implement resource management controls; use adaptive scaling and quotas; monitor system load in real time; apply AI rate-limiting policies.
5. Cascading hallucination attacks
Threat: AI-generated false but plausible information spreads through systems, disrupting decisions — from financial risk models to legal document generation.
Example: An AI agent in a stock trading platform generates a misleading market report, which is then used by other financial systems, amplifying the error.
Defense: Validate outputs with multiple trusted sources; apply behavioural constraints; use feedback loops for corrections; require secondary validation before critical decisions.
6. Intent breaking and goal manipulation
Threat: Attackers alter an AI’s objectives or reasoning to redirect its actions.
Example: A procurement AI in a company is manipulated to always select a particular vendor, bypassing competitive bidding.
Defense: Validate planning processes; set boundaries for reflection and reasoning; protect goal alignment dynamically; audit AI behaviour for deviations.
7. Overwhelming human overseers
Threat: Flooding human reviewers with excessive AI output to exploit cognitive overload — a serious challenge in high-volume sectors like banking, insurance, and e-governance.
Example: An insurance company’s AI agent sends hundreds of claim alerts to staff, making it hard to spot genuine fraud cases.
Defense: Build advanced human-AI interaction frameworks; adjust oversight levels based on risk and confidence; use adaptive trust mechanisms.
8. Agent communication poisoning
Threat: Tampering with communication between AI agents to spread false data or disrupt workflows — especially risky in multi-agent systems used in logistics or defense.
Example: In a logistics company, two AI agents coordinating deliveries are fed false location data, sending shipments to the wrong city.
Defense: Use cryptographic message authentication; enforce communication validation policies; monitor inter-agent interactions; require multi-agent consensus for critical decisions.
9. Rogue agents in multi-agent systems
Threat: Malicious or compromised AI agents operate outside monitoring boundaries, executing unauthorized actions or stealing data.
Example: In a smart factory, a compromised AI agent starts shutting down machines unexpectedly, disrupting production.
Defense: Restrict autonomy with policy constraints; continuously monitor agent behaviour; host agents in controlled environments; conduct regular AI red teaming exercises.
10. Privacy breaches
Threat: Excessive access to sensitive user data (emails, Aadhaar-linked services, financial accounts) increases exposure risk if compromised.
Example: An AI agent in a fintech app accesses users’ PAN, Aadhaar, and bank details, risking exposure if compromised.
Defense: Define clear data usage policies; implement robust consent mechanisms; maintain transparency in AI decision-making; allow user intervention to correct errors.
This list is not exhaustive — but it’s a strong starting point for securing the next generation of AI. For India, where digital public infrastructure and AI-driven innovation are becoming central to economic growth, agentic AI is both a massive opportunity and a potential liability.
Security, privacy, and ethical oversight must evolve as fast as the AI itself. The future of AI in India will be defined by the intelligence of our systems — and by the strength and responsibility with which we secure and deploy them.
