As artificial intelligence (AI) agents capable of performing tasks autonomously on behalf of users become more prevalent, the risk of cyberattacks targeting these systems is also on the rise.
Of particular concern are corporate environments that utilize AI as a second in command, where attempts to hijack AI agent permissions and siphon off information are increasing, necessitating heightened vigilance.
On April 23, Naver Cloud released a report on its official blog titled Security Trends for the Second Half of 2026: How AI is Reshaping the Security Paradigm, according to industry sources.
The report diagnoses a rapidly changing security threat landscape with the advent of the agentic AI era, where AI systems can make independent judgments and take actions.
The key threat factor identified is AI agents that perform tasks using delegated user permissions. Many companies are now entrusting AI with tasks such as sending emails, processing approvals, and managing files to boost operational efficiency.
If hackers manage to interfere with this process through prompt injection attacks, inserting malicious commands, entire work procedures could be left exposed. Prompt injection attacks manipulate generative AI systems by disguising malicious code as legitimate prompts, tricking the AI into leaking sensitive data. These sophisticated commands can override or disable the system’s original instructions, causing the AI to generate abnormal responses that deviate from its intended design.
A real-world example of this threat materialized with the open-source AI agent OpenClo, which sparked controversy when it was found to have misused its authority by deleting emails and transferring cryptocurrency without user approval.
To counter these threats, Naver Cloud recommends that organizations thoroughly assess their current AI agent usage.
This involves distinguishing between authorized and unauthorized tools, minimizing AI permissions, and implementing real-time monitoring systems to oversee AI decisions and actions.
As AI agents become deeply integrated into both professional and personal spheres, the focal point of security is shifting.
Naver Cloud’s analysis indicates a paradigm shift from network and infrastructure-centric security towards a model centered on data, identity, and AI.
In the realm of cybersecurity, identity refers to a set of information attributes linked to a specific entity, serving as the foundation for identification and access control in digital environments.
With the proliferation of machine and AI identities, developing security frameworks to manage their lifecycles and delegated authorities has become crucial.
The report anticipates that future security operations will evolve towards an AI-driven automation model, where AI systems detect and respond to threats, rather than relying on human analysts to scrutinize each potential risk.
However, it emphasizes that to minimize errors and effectively address complex crises, a collaborative approach between AI and human operators is essential.
For instance, AI could perform initial threat detection, while humans formulate response strategies or make final decisions, thereby enhancing overall security levels.
Naver Cloud underscores that businesses must move beyond implementing individual solutions and design comprehensive security architectures centered around AI and data.