Security for AI agents should be built into the entire system, not just around the model itself, to better prevent failures and attacks from bad actors, according to a recent research paper.
changed document, released On May 20, researchers from Google, Gray Swan AI, EmbraceTheRed and several universities argued that agent security should be treated as a systemic problem and AI agents should be treated as an untrusted component.
“From this perspective, efforts to increase model robustness, the dominant viewpoint in the community, are insufficient on their own. Instead, we need to complement existing efforts with systems security techniques,” the researchers said.
“To this end, we propose viewing agent security as an example of computer security. This domain has a long history of dealing with powerful attackers and has motivated decades of research on principles and techniques for dealing with such adversaries.”
AI agents are becoming increasingly popular among cryptocurrency users. Some cryptocurrency executives speculate that AI agents in space could explode in the next few years. Circle CEO Jeremy Allaire predicted in January that there would be billions of AI agents working on users’ behalf within five years.
Basic security can stop most attacks
The researchers said that after examining a series of attack case studies, “three mechanisms” could “eliminate a large proportion of attacks.”
They argue that AI agents should clearly distinguish between instructions and untrusted data to avoid attackers deceiving the agent by hiding malicious instructions in the data. According to the researchers, an AI agent should also have only the minimum permissions necessary to complete the task, rather than full access.
The researchers said standard security configurations include trusted and untrusted systems, and artificial intelligence should be treated as an untrusted system. Source: Agent security is a systemic problem
At the same time, the broader system should control where sensitive information can go, not the agent, to ensure it cannot be manipulated to send sensitive data to unsafe destinations.
In a recent case, AI-powered cryptocurrency trading assistant Bankr said it disabled transactions on May 20 after identifying an attacker who had gained access to at least 14 wallets. Security experts speculate that the bot could have been used by a hacker.
AI agents are used to create Web3 applications, launch tokens, and autonomously interact with services and protocols, and some platforms employ AI for commercial purposes.
Aaron Ratcliff, head of attribution at blockchain analytics firm Merkle Science, told Cointelegraph last year that from a security standpoint, giving an AI agent access to a wallet adds a layer of trust to something that was designed to be trustless and can be secure if the system is built correctly.
Related: Exodus launches AI agent-focused stablecoin on Solana
“I would like proof that AI can detect front-running, apply slippage limits, detect fraud tokens and audit contracts in real time before it makes a trade. It should also provide sandbox prompts, prevent injections and block man-in-the-middle access,” he said.
Meanwhile, Sean Ren, co-founder of AI-powered blockchain platform Sahara AI, said that model context protocols are the gold standard in security when configured correctly, but users should still pay attention to every action performed by an AI agent.
“They essentially act as a gatekeeper between the AI ​​model and your wallet. The agent can only perform specific, approved actions – such as checking your balance or preparing payments for confirmation – rather than freely transferring funds or changing wallet settings,” he said.
Warehouse: Crypto scammers face death threats, Aussie CGT makes Asian hubs attractive
