The rapid rise of autonomous artificial intelligence agents across the internet, corporate networks, and user applications is fueling a surge in serious security gaps. CertiK CEO Ronghui Gu warns that the mounting “security debt” in this field is accelerating toward a disaster.
Hidden vulnerabilities in AI agents
Although companies are marketing these smart software agents as productivity miracles, they are introducing major risks behind the scenes. The deployment of these autonomous and largely unsupervised agents without proper isolation is laying the groundwork for significant security challenges.
In an interview with CoinDesk, Ronghui Gu stressed that users are now giving these agents access to sensitive files, system passwords, and even financial account credentials—a development that opens the door to abuse, manipulation, and fraud.
Gu explained that once users grant permissions, AI agents can read the local file system, invoke external applications, trigger workflows, and interact with financial infrastructure. Unless these environments are isolated, both networks and personal data become completely vulnerable to attacks from inside or outside.
The dangers of misguided trust
According to Gu, today’s AI agents face a fundamental problem caused by a flawed model of trust. Many open-source applications are built on the assumption that local operations or integrations with platforms like WhatsApp shield them from external threats. However, reality paints a different picture.
Granting special permissions to agents can turn them into major insider risks. If they have access to local storage or account management capabilities, identity theft and data breaches become real possibilities.
Widespread security flaws and key terms
CertiK’s latest analysis identifies hundreds of critical vulnerabilities in the core infrastructure of this rapidly expanding market. The report highlights unpatched open-source software bugs (CVEs) and inadequate oversight of module boundaries as primary causes of credential leaks.
Glossary: Prompt injection refers to a method where attackers plant visible instructions written in natural language into AI agents. Through harmless-looking emails, PDFs, or websites, malicious commands can be embedded and alter an agent’s intended actions.
Automated attacks accelerate
Gu also notes a shift in attack dynamics, with assaults targeting autonomous agents now occurring faster and over much shorter time windows. CertiK’s data shows a dramatic increase in automated scams that operate on-chain for only minutes or hours before vanishing.
These attacks primarily target algorithmic trading bots and other AI systems. Attackers exploit vulnerabilities and launch machine-against-machine financial heists before any human intervention can take place.
Next-generation threats and security advice
Some of these intrusions can alter agent behavior without a single line of harmful code—mere instructions buried in natural language can be enough. Conventional antivirus products frequently fail to detect these new forms of attack.
As Gu explains, malicious plugins or stealthy installers that use natural language can hijack an agent’s operations, while current antivirus programs offer little to no protection against these threats.
Gu concludes by stressing that the software industry must move away from broad trust models to a Zero Trust approach, in which every command and plugin is continuously verified before being executed.
