Agent Traps: Enterprise Agentic AI Wave Brings In New Threats

AI agents are turning inputs, memory and execution into new attack surfaces

Prompt injection and “agent traps” allow attackers to manipulate behaviour without breaching systems

Enterprises are moving toward constrained autonomy and zero-trust models for agents

Added to Saved Stories in Login VIEW SAVED STORIES .inc42-toggle-item-popup { display: none; position: relative; } .toggle-item-close { text-align: end; padding: 8px 12px 0px 10px; position: absolute; right: 0; cursor: pointer; } .toggle-items-content-main { display: block; position: relative; top: 27px; left: -204px; border-radius: 12px; background: #FFF; box-shadow: 0px 4px 24px 0px rgba(100, 100, 100, 0.25); width: 435px; height: 115px; } .toggle-items-content { display: flex; align-items: baseline; justify-content: center; padding-top: 22px; } .toggle-items-content .items-content-text .h4-saved-story{ color: #000; font-size: 20px; font-style: normal; font-weight: 700; line-height: normal; text-transform: capitalize; margin: 2px 0 10px 6px; } .toggle-items-content .items-content-text .myInc42-plus-dark { width: 100px !important; } .toggle-items-content .items-content-text .myInc42-light { width: 80px !important; } .toggle-items-content .items-content-text img{ height: 22px; } .view-my-feed-btn { width: 100%; text-align: center; display: flex; justify-content: center; } .view-my-feed-btn a { width: auto !important; } .view-my-feed-btn button { border-radius: 4px; background: linear-gradient(180deg, #DA1B4D 0%, #E23026 100%); color: #fff; font-size: 12px; display: inline-block !important; min-width: 162px; width: 162px !important; height: 34px !important; font-style: normal; font-weight: 700; line-height: normal; padding: 10px; cursor: pointer; } .CustomIconStyled { position: absolute; right: 180px; top: -80px; } .SubDropdownModelShare .sub-arrow-icon { width: 76px; height: 80px; position: relative; overflow: hidden; box-shadow: none; } @media (max-width:767px) { .toggle-items-content .items-content-text .h4-saved-story{ margin: 4px 0 10px 6px; font-size: 18px; } .toggle-items-content { align-items: center; } }

In April 2026, Vercel, a cloud application deployment platform, disclosed a security incident that did not originate within its own infrastructure, but through a third-party AI tool used by an employee. The attacker compromised the tool, used it to gain access to the employee’s Google Workspace account, and then pivoted into internal systems, eventually accessing environment variables and sensitive operational data.

What makes this incident notable is not just the breach itself, but what it represents. The initial entry point was an AI system embedded into everyday workflows — the same class of tools that increasingly power AI agents and agent-driven automations inside organisations. As enterprises begin to rely on agents to retrieve context, connect systems and execute tasks autonomously, these tools effectively become extensions of the organisation’s operational layer.

Around the same time, researchers at AI giant Google DeepMind were outlining a deeper, more structural risk. Their research paper introduces the concept of “AI agent traps” — adversarial inputs designed not to hack systems, but to manipulate agents themselves.

The premise is simple but profound. As AI agents begin to navigate the web, interact with tools and make decisions autonomously, the attack surface shifts from software vulnerabilities to the information environment itself. Instead of breaking into systems, attackers can influence what agents see, how they reason, and what actions they........

© Inc42