Tech
Are AI agents a blessing or a curse for cyber security? | Computer Weekly
Artificial intelligence (AI) and AI agents are seemingly everywhere. Be it with conference show floors or television adverts featuring celebrities, suppliers are keen to showcase the technology, which they tell us will help make our day-to-day lives much easier. But what exactly is an AI agent?
Fundamentally, AI agents – also known as agentic AI models – are generative AI (GenAI) and large language models (LLMs) used to automate tasks and workflows.
For example, need to book a room for a meeting at a particular office at a specific time for a certain number of people? Simply ask the agent to do so and it will act, plan and execute on your behalf, identifying a suitable room and time, then sending the calendar invite out to your colleagues on your behalf.
Or perhaps you’re booking a holiday. You can detail where you want to go, how you want to get there, add in any special requirements and ask the AI agent for suggestions that it will duly examine, parse and detail in seconds – saving you both time and effort.
“We’re going to be very dependent on AI agents in the very near future – everybody’s going to have an agent for different things,” says Etay Maor, chief security strategist at network security company Cato Networks. “It’s super convenient and we’re going to see this all over the place.
“The flip side of that is the attackers are going to be looking heavily into it, too,” he adds.
Unforeseen consequences
When new technology appears, even if it’s developed with the best of intentions, it’s almost inevitable that criminals will seek to exploit it.
We saw it with the rise of the internet and cyber fraud, we saw it with the shift to cloud-based hybrid working, and we’ve seen it with the rise of AI and LLMs, which cyber criminals quickly jumped on to write more convincing phishing emails. Now, cyber criminals are exploring how to weaponise AI agents and autonomous systems, too.
“They want to generate exploits,” says Yuval Zacharia, who until recently was R&D director at cyber security firm Hunters, and is now a co-founder at a startup in stealth mode. “That’s a complex mission involving code analysis and reverse engineering that you need to do to understand the codebase then exploit it. And that’s exactly the task that agentic AI is good at – you can divide a complex problem into different components, each with specific tools to execute it.”
Cyber security consultancy Reversec has published a wide range of research on how GenAI and AI agents can be exploited by malicious hackers, often by taking advantage of how new the technology is, meaning security measures may not fully be in place – especially if those developing AI tools want to ensure their product is released ahead of the competition.
For example, attackers can exploit prompt injection vulnerabilities to hijack browser agents with the aim of stealing data or other unauthorised actions. Or, alternatively, Reversec has demonstrated how an AI agent can be manipulated through prompt injection attacks to encourage outputs to include phishing links, social engineering and other ways of stealing information.
“Attackers can use jailbreaking or prompt injection attacks,” says Donato Capitella, principal security consultant at Reversec. “Now, you give an LLM agency – all of a sudden this is not just generic attacks, but it can act on your behalf: it can read and send emails, it can do video calls.
“An attacker sends you an email, and if an LLM is reading parts of that mailbox, all of a sudden, the email contains instructions that confuse the LLM, and now the LLM will steal information and send information to the attacker.”
Agentic AI is designed to help users, but as AI agents become more common and more sophisticated, that’s also going to open the door to attackers looking to exploit them to aid with their own goals – especially if legitimate tools aren’t secured correctly.
“If I’m a criminal and I know you’re using an AI agent which helps you with managing files on your network, for me, that’s a way into the network to deploy ransomware,” says Maor. “Maybe you’ll have an AI agent which can leave voice messages for you: Your voice? Now it’s identity fraud. Emails are business email compromise (BEC) attacks.
“The fact is a lot of these agents are going to have a lot of capabilities with the things they can do, and not too many guardrails, so criminals will be focusing on it,” he warns, adding that “there’s a continuous lowering of the bar of what it takes to do bad things”.
Fighting agentic AI with agentic AI
Ultimately, this means agentic AI-based attacks is something else chief information security officers (CISOs) and cyber security teams need to consider on top of every other challenge they currently face. Perhaps one answer to this is for defenders to take advantage of the automation provided by AI agents, too.
Zacharia believes so – she even built an agentic AI-powered threat-hunting tool in her spare time.
“It was about a side-project I did in my spare time at the weekends – I’m really geeky,” she says. “It was about exploring the world of AI agents because I thought it was cool.”
Cyber attacks are constantly evolving, and rapid response to emerging threats can be incredibly difficult, especially in an area where AI agents could be maliciously deployed to uncover new exploits en masse. That means identifying security threats, let alone assessing the impact and applying the mitigations can take a lot of time – especially if cyber security staff are doing it manually.
“What I was trying to do was automate this with AI agents,” says Zacharia. “The architecture built on top of multiple AI agents aim to identify emerging threats and prioritise according to business context, data enrichment and things that you care about, then they create hunting and viability queries that will help you turn those into actionable insights.”
That data enrichment comes from multiple sources. They include social media trends, CVEs, Patch Tuesday notifications, CISA alerts and other malware advisories.
The AI prioritises this information according to severity, with the AI agents acting upon that information to help perform tasks – for example, by downloading critical security updates – while also helping to relieve some of the burden on overworked cyber security staff.
“Cyber security teams have a lot on their hands, a lot of things to do,” says Zacharia. “They’re overwhelmed by the alerts they keep getting from all the security tools that they have. That means threat hunting in general, specifically for emergent threats, is always second priority.”
She points to incidents like Log4j, a critical zero-day vulnerability in widely used software that was almost immediately exploited by sophisticated threat actors upon disclosure.
“Think how much damage this could cause in your organisation if you’re not finding these on time,” says Zacharia. “And that’s exactly the point,” she adds, referring to how agentic AI can help to swiftly identify and remedy cyber security vulnerabilities and issues.
Streamlining the SOC with agentic AI
Zacharia’s far from alone in believing agentic AI could be of great benefit to cyber security teams.
“Think of a SOC [security operations centre] analyst sitting in front of an incident and he or she needs to start investigating it,” says Maor. “They start with looking at the technical data, to see if they’ve seen something like it in the past.”
What he’s describing is the important – but time-consuming – work SOC analysts do everyday. Maor believes adding agentic AI tools to the process can streamline their work, ultimately making them more effective at detecting cyber threats.
“An AI model can examine the incident and then detail similar incidents, immediately suggesting an investigation is needed,” he says. “There’s also the predictive model that tells the analyst what they don’t need to investigate. This cuts down the grunt work that needs to be done – sometimes hours, sometimes days of work – in order to reach something of value, which is nice.”
But while it can provide support, it’s important to note that agentic AI isn’t a silver bullet that is going to eliminate cyber security threats. Yes, it’s designed to make the task of monitoring threat intelligence or applying security updates easier and more efficient, but people remain key to information security, too. People are needed to work in SOCs, and information security staff are still required to help employees across the rest of the organisation remain alert and secure to cyber threats.
Especially as AI continues to evolve and improve, and attackers will continue to look to exploit it – and it’s up to the defenders to counter them.
“It’s a cat and mouse situation,” says Zacharia. “Both sides are adopting AI. But as an attacker, you only need one way to sneak in. As a defender, you have to protect the entire castle. Attackers will always have the advantage, that’s the game we’re playing. But I do think that both sides are getting better and better.”
Tech
I Tested Garmin Watches for a Decade While Hiking, Biking, and Climbing. Here’s What You Should Buy
Last year, Garmin introduced a Pro version that incorporates the inReach’s satellite communications savvy. Not only does it cost at least $400 more than the Apple Watch Ultra and $200 more than the regular Fenix 8, but you also have to pay for the inReach subscription plan, which has several tiers and ranges from $8/month to $50/month depending on whether you want features like unlimited texting or sending photo messages.
What you get for this mind-boggling price is a sports watch that can do anything and everything. It has best-in-class battery life (every Fenix can last for weeks on a single charge, and up to a month with solar charging) and features like the depth sensor from Garmin’s Descent line, which means this watch works as a full-on dive computer for scuba and free diving. It has a microphone and speaker for basic voice commands (although no onboard cellular connectivity), the surprisingly useful built-in LED flashlight, and Garmin’s signature built-in topographic maps, 24/7 health monitoring, and tracking for over a hundred different activities.
I’ve taken the 51-mm version on pretty much every outdoor sport—snowboarding, trail running, mountain biking, and rock climbing. Every time I use it, its capabilities far outclass my own. I have irritated many a fellow climber by attempting to track route difficulty, duration, and falls while integrating my Body Battery metrics and so on. The danger is always that you’ll spend more time fiddling with your Garmin Fenix 8 than you do with your actual sport. I have the version with the sapphire glass face and the titanium bezel, and have smashed it into rock faces with nary a scratch. If you’re up for paying the price and want a good-looking watch that will last forever (I have friends who are still wearing their Fenix 5s and 6s, and honestly, they’re fine), this is the one to get.
Best Running Watch
The Garmin Forerunner series launched in the early 2000s and has become the quintessential runner’s watch. Like all Garmins, the Forerunner comes in a range of price points, each offering different features. Last year, Garmin released the Forerunner 570 ($550), a midrange model with no LED flashlight or onboard maps, and the Forerunner 970 ($750), which is the premium version. Before I go into detail about why the Forerunner 970 is the best option, I should also say that I have tested many previous Garmin Forerunners at various price points. If you’re not a triathlete, the older Forerunners are still worth considering, and the entry-level $200 Forerunner 165 is aimed explicitly at runners, instead of including triathletes as the more expensive models do.
Acer is one of the top largest PC manufacturers in the world, perhaps best known for its gaming line and budget-friendly options. If you’ve already got your eye on an Acer product like a laptop or monitor, and are shopping at the company’s online storefront, you should be using one of these Acer promo codes and coupons to save some cash on your purchase.
Save 40% on Accessories When You Build an Acer Bundle
If you’re buying from Acer, you’re most likely shopping for either a desktop PC or laptop. With this discount, you can get a really solid deal on accessories if you bundle it with a mouse, laptop bag, or headset. When you go to purchase a PC, just click “Build Bundle” and you’ll see some of the eligible options, all of which are reduced by 40%. The Nitro Mechanical Keyboard, for example, goes from $50 to just $30. That 40% is a real discount, too, as that same keyboard costs $50 on Amazon when I checked.
Beyond peripheral add-ons, you can also save 10% off Acer Care Plus extended service plans or McAfee LiveSafe antivirus subscriptions. You can bundle up to five products together to save the most money. If you’re headed off to college (or have a kid in the family), a bundle like this can get you everything you need for a gaming or studying setup on the go.
Shop Rotating Weekly Deals on Monitors and Gaming Gear
Acer’s PC gaming offerings come in either the flagship Predator brand or the budget-tier Nitro. Acer offers rotating weekly deals on everything from monitors to gaming laptops, some of which are my favorites that I’ve tested in their given category. The Acer Nitro V 16, for example, was a budget gaming laptop that I recommended quite a lot last year because of its incredible price. The one I tested was the entry-level version with an Nvidia RTX 5050 inside, but Acer has the RTX 5060 model in its own storefront. It’s $100 off right now at $1,200, which comes with 16 GB of RAM and a terabyte of storage. In fact, it’s only $30 more than the RTX 5050 model, despite offering a significant jump in gaming performance. These discounts are reflected right on the product pages, so there’s no promo code, discount code, or coupon code required.
Acer has a wide selection of monitors available, too, whether that’s a massive 49-incher or a more modest 27-inch gaming workhorse. One of my favorite discounts I saw right now was the Acer Nitro XV2, a 27-inch 1440p display with a 300 Hz refresh rate. It’s 44% off at the time of writing, bringing the price down to just $250. Because these discounts are swapped out on a weekly basis, it’s worth checking back to see if the product you’re eyeing has a new discount.
Select Customers Can Get 15% Off Their Purchase
Acer also offers a number of added discounts at checkout, including 15% off for students. Students will need to verify through Student Beans or SheerID. Because a lot of the devices Acer offers are budget-friendly, they can be attractive for students, and the extra 15% off is the icing on the cake.
We tested the Acer Swift 16 AI last year and really enjoyed the high-resolution, OLED screen and impressively quiet performance. Acer has the smaller version of this same laptop available, the Swift 14 AI, which is currently $150 off. You also might check out the Acer Chromebook Plus 514, a laptop we liked quite a bit when we reviewed it in 2024.
Acer offers this same 15% discount for active duty military, veterans, and their families. It also applies to healthcare professionals, which can be verified through its healthcare discount portal.
The world’s top AI research conference, the Conference on Neural Information Processing Systems—better known as NeurIPS—became the latest organization this week to become embroiled in a growing clash between geopolitics and global scientific collaboration. The conference’s organizers announced and then quickly reversed controversial new restrictions for international participants after Chinese AI researchers threatened to boycott the event.
“This is a potential watershed moment,” says Paul Triolo, a partner at the advisory firm DGA-Albright Stonebridge who studies US-China relations. Triolo argues that attracting Chinese researchers to NeurIPS is beneficial to US interests, but some American officials have pushed for American and Chinese scientists to decouple their work—especially in AI, which has become a particularly sensitive topic in Washington.
The incident could deepen political tensions around AI research, as well as dissuade Chinese scientists from working at US universities and tech companies in the future. “At some level now it is going to be hard to keep basic AI research out of the [political] picture,” Triolo says.
In its annual handbook for paper submissions, issued in mid-March, NeurIPS organizers announced updated restrictions for participation. The rules stated that the event could not provide services including “peer review, editing, and publishing” to any organizations subject to US sanctions, and linked to a database of sanctioned entities. It included companies and organizations on the Bureau of Industry and Security’s entity list and those on another list with alleged ties to the Chinese military.
The new rules would have affected researchers at Chinese companies like Tencent and Huawei who regularly present work at NeurIPS. The database also includes entities from other countries such as Russia and Iran. The US places limits on doing business with these organizations, but there are no rules around academic publishing or conference participation.
The NeurIPS handbook has since been updated to specify that the restrictions apply only to Specially Designated Nationals and Blocked Persons, a list used primarily for terrorist groups and criminal organizations.
“In preparing the NeurIPS 2026 handbook, we included a link to a US government sanctions tool that covers a significantly broader set of restrictions than those NeurIPS is actually required to follow,” the event’s organizers said in a statement issued Friday. “This error was due to miscommunication between the NeurIPS Foundation and our legal team.”
Before they reversed course, the conference organizers initially said that the new rule was “about legal requirements that apply to the NeurIPS Foundation, which is responsible for complying with sanctions,” adding that it was seeking legal consultation on the issue.
Immediate Backlash
The new rule drew swift backlash from AI researchers around the world, particularly in China, which produces a large quantity of cutting-edge machine learning papers and is home to a growing share of the world’s top AI talent. Several academic groups there issued statements condemning the measure and, more importantly, discouraging Chinese academics from attending NeurIPS in the future. Some urged Chinese academics to contribute instead to domestic research conferences, potentially helping increase the country’s influence in relevant science and tech fields.
The China Association of Science and Technology (CAST), an influential government-affiliated organization for scientists and engineers, said Thursday that it would stop providing funding for Chinese scholars traveling to attend NeurIPS and would use the money instead to support domestic and international conferences that “respect the rights of Chinese scholars.”
CAST also said it will no longer count publications at the 2026 NeurIPS conference as academic achievements when evaluating future research funding. It’s unclear if the organization will reverse course now that NeurIPS has walked back the new rule.
Venezuela’s Maduro thanks supporters in first online post from US prison
Global ‘No Kings’ protests target Trump and war on Iran
Arizona beats Purdue to make first Final Four since 2001
-
Business1 week agoFlipkart group CFO to leave co amid IPO plans – The Times of India
-
Sports1 week agoRating Adidas’ 2026 World Cup away shirts: Argentina, Spain, Mexico and more
-
Fashion1 week agoChina’s textile & apparel exports surge 17% to $50 bn in Jan-Feb 2026
-
Sports1 week agoAmerican Conference Commissioner Tim Pernetti thanks Trump for Army-Navy game executive order
-
Tech1 week ago
The Corsair 4000D RS PC Case Keeps Your System Cool
-
Tech1 week agoGamers Hate Nvidia’s DLSS 5. Developers Aren’t Crazy About It, Either
-
Sports1 week agoHow to watch 2026 NCAA swimming and diving championships
-
Business5 days agoProperty Play: Home flippers see smallest profits since the Great Recession, real estate data firm says