News
AI agents were once theoretical, but now they are a tangible force reshaping the modern threat landscape. Also known as Computer-Using Agents (CUAs), these advanced AI bots can use applications and browse the internet to complete complex, often time-consuming tasks with minimal or no human oversight. Their rapid evolution is unlocking new efficiencies across a variety of sectors with automation and analysis, enabling more informed decision-making.
But this leap forward comes with a caveat. As they grow more capable, AI agents introduce a new class of cybersecurity threats. Malicious actors can hijack these tools to orchestrate sophisticated cyberattacks, exploiting predictable patterns of human behavior to infiltrate systems and exfiltrate sensitive data.
From theory to realityTo move beyond theory and speculation, our team undertook a series of controlled experiments to assess how agentic AI could be weaponized. We found that these agents can automate a wide range of malicious tasks on behalf of threat actors when instructed correctly.
This includes, but is not limited to, credential stuffing and reconnaissance, which previously required significant human effort. To make matters worse, they can even perform outright cyberattacks by guessing passwords and sending out phishing emails en masse.
This marks a watershed moment in cybersecurity’s fight against AI-powered threats. The automation of attacks significantly lowers the barrier to entry for threat actors, enabling even low-skilled individuals to launch high-impact campaigns. This has the potential to rapidly escalate the scale at which phishing attacks can be carried out.
The growing capabilities of AI agentsThe largest AI players are redefining what agents can do. Platforms like OpenAI’s Operator, alongside various tools developed by Google, Anthropic and Meta, all have their own strengths and limitations, but share one critical feature. The ability to carry out real-world actions based on very simple text prompts.
This functionality is a double-edged sword. In the hands of responsible users, it can drive innovation and productivity. But in the wrong hands, it becomes a powerful weapon, one that can turn a novice attacker into a formidable threat.
The good news is that widespread abuse of these tools is not yet common. However, that window is closing fast. The simplicity and accessibility of agentic AI make it an ideal tool for amplifying social engineering attacks.
Automating reconnaissance at scaleTo illustrate the real-world implications, we investigated whether agentic AI could be utilized to automate the collection of information for targeted attacks. Using OpenAI’s Operator, which features a sandboxed browser and possesses uniquely autonomous behavior, we issued a simple prompt: identify new employees at a specific company.
Within minutes, the agent accessed LinkedIn, analyzed recent company posts and profile updates, and compiled a list of new joiners from the past 90 days. It extracted names, roles, and start dates, all the information needed to craft highly targeted phishing campaigns. And, it did this in the blink of an eye.
Some might be tempted to dismiss this as a simple information-gathering exercise. But this experiment displays that seemingly harmless human behaviors like posting job updates on social media can inadvertently expose organizations to significant cyber risk. What once took hours or days can now be accomplished in minutes, at scale.
Exploiting identity through credential stuffingAnother alarming capability of agentic AI is its potential to facilitate identity-based attacks. Credential stuffing, a method where attackers use previously compromised username and password combinations to gain unauthorized access, is a prime example.
To test this attack vector, we instructed Operator to attempt access to login flows on several popular SaaS platforms, equipping it with a target email address and a publicly available list of breached passwords. Based on this limited information, it was able to get into one of the accounts. This underscores how agentic AI can be used to automate credential abuse, bypass traditional defenses and exploit a weak link in the security chain. Human error.
Injecting heightened urgency into human risk managementOur research confirms that agentic AI is already capable of executing a broad spectrum of malicious activities, from phishing and malware delivery to exposing vulnerabilities. While current capabilities are still in their early stages, the potential is there for automated attacks at scale in the not-so-distant future.
This calls for a fundamental shift in how organizations approach cybersecurity. Historically, the focus has been on protecting systems, not people. However, traditional methods like annual training and awareness campaigns only serve to place the burden on employees. This is an outdated approach, and it papers over the real root causes of human error.
Human-centric cyber risk needs to be proactive. And, it needs to be in real-time. This includes two main steps:
- User-focused controls: Implementing strong authentication, behavioral monitoring, and phishing-resistant technologies shifts the focus to identifying common risky behaviors
- Threat mapping: Visualizing and prioritizing human-centric risks in the same way software risks are tracked by the MITRE database, for example, can inform more targeted interventions tailored to specific risky user behaviors
By understanding the human behaviors that create openings for threat actors, businesses can deploy smarter, more effective defenses. This shift from reactive to proactive security is well established for software defense, so there is no good reason human risk should be treated any differently.
Adapt before it’s too lateAgentic AI is not just a technological advancement, it is a vehicle for cyberattacks at scale. As these tools become more powerful and accessible, the cybersecurity community must shift its mindset. The future of cyber defense lies not just in securing systems, but in understanding and protecting the people who use them.
The clock is ticking, and the attackers are already adapting. So should you.
We've featured the best encryption software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
- Levoit Sprout is an air purifier designed for children
- It includes white noise and gentle night light functions
- It also monitors humidity and temperature
Levoit's Sprout is an air purifier geared specifically towards children, and it has some nifty tricks up its sleeve. Not only does it purify air, but it also offers various extra features intended to help create the perfect safe, soothing sleep environment. Levoit calls it a 'three in one peacemaker'.
Today's best air purifiers are excellent at removing impurities from the air, and some even double up as fans, but I've never seen one that's designed to act as a sleep aid. I'm actually a little miffed that this one's really for children, because I'd quite like one in my bedroom.
There's a true HEPA filter, which can capture all kinds of nasties – including dust, pollen, smoke and viruses – from the air. On top of that, it's able to track the levels various pollutant types (PM1.0, PM2.5, PM10, TVOC and CO2) as well as monitoring the temperature and humidity in the room.
Soothing sleepThe Sprout doubles up as a night light, emitting soft, blue-light-free ambient illumination, and offers five different white noise settings to help create a soothing environment to drop off in. The curvy shape with rounded edges was created with nursery décor in mind.
The Sprout purifier connects to the VeSync app, where you can view air quality reports in real time, create personalized schedules, control the appliance remotely, and check how soon the filter needs replacing. It's also compatible with Amazon Alexa if you want to go hands-free.
The Levoit Sprout is available to purchase direct from Levoit or via Amazon US or Amazon UK, and costs $279.99 / £279.99 at list price. The good news for UK shoppers is that there's a deal available to take the price down:
There's £50 off the Levoit Sprout right now, taking the price of this child-friendly air purifier and sleep aid down to under £230. This multitasking appliance purifies the air and also has nightlight and white noise functions, plus the curvy design will fit seamlessly into a nursery or child's room.
The same deal is available direct from Levoit, via a coupon code.View Deal
You might also like...- Dropbox is dropping Passwords from its product portfolio
- The app and browser extension will be discontinued soon
- Users will still be able to access their data until October 28, 2025
For users of Dropbox Passwords, it's time to take a look at the best password managers and find a new service to use, after the cloud storage company revealed it will soon discontinue the service.
The end of service for Dropbox Passwords will be October 28, 2025, giving users ample time to find a new credential manager to suit their needs.
In the announcement, Dropbox said it was discontinuing the tool, “as part of our efforts to focus on enhancing other features in our core product.”
So long, Dropbox PasswordsDropbox Passwords users will still have ample time to access their saved usernames, passwords, and stored credit card information for export until October 28, but there will be some key changes before then.
On August 28, 2025 the password manager will become view-only on both mobile devices and on through the browser extension. You won’t be able to add any more credentials nor use the autofill feature from this date.
On September 11, the mobile app will be depreciated and will no longer be available for use. Your data will remain available through the browser extension.
The fateful date of October 28 will see all Dropbox Password data securely deleted and the dark web monitoring feature will cease to function.
In its blog post, Dropbox has provided some key information on how to export your data from both the app and browser extension. Mobile app users can follow these instructions to export their data:
- Open the Dropbox Passwords mobile app.
- Tap (settings).
- Tap Export.
- Tap Export to confirm.
To export data from the browser extension, do the following:
- Open the Dropbox Passwords browser extension.
- Click your avatar (profile picture or initials) in the bottom-left corner.
- Click Preferences.
- Click the Account tab.
- Click Export.
- Click Export to confirm.
- These are the best parental control apps
- We've rounded up all the best secure email providers
- PayPal will now let you pay in Bitcoin and other cryptocurrencies - but with one crucial condition
- A critical flaw in SAP NetWeaver is still being abused, months after patching
- Researchers saw it used to deploy Auto-Color
- This backdoor remains dormant when not in use
A vulnerability in SAP NetWeaver is being exploited to deploy Linux malware capable of running arbitrary system commands and deploying additional payloads, experts have warned.
Security researchers from Palo Alto Networks’ Unit 42 discovered a piece of malware called Auto-Color, a Linux backdoor, dubbed for its ability to rename itself after installation.
The researchers found it was capable of opening reverse shells, executing arbitrary system commands, acting as a proxy, uploading and modifying files, as well as adjusting settings dynamically. It was also discovered that the backdoor remains mostly dormant if its C2 server is unreachable, effectively evading detection by staying inactive until the operator instructions arrive.
Salt TyphoonHowever, the researchers weren’t able to determine the initial infection vector - how the malware made it onto target endpoints remained a mystery - until now.
Responding to an incident in April 2025, cybersecurity experts from Darktrace investigated an Auto-Color infection on a US-based chemicals company. They were able to determine that the initial infection vector was a critical vulnerability in SAP NetWeaver, a technology platform developed that serves as the technical foundation for many SAP applications.
The vulnerability was found in the platform’s Visual Composer Metadata Uploader element, which was not protected with a proper authorization. As a result, unauthenticated agents were allowed to upload potentially malicious executable binaries that could do severe damage. It is tracked as CVE-2025-31324, and was given a severity score of 9.8/10 - critical.
SAP fixed the issue in late April 2025, but at the time, multiple security firms were already seeing attacks in the wild. ReliaQuest, Onapsis, watchTowr, Mandiant, all reported observing threat actors leveraging this flaw, and among them - Chinese state-sponsored groups, as well.
Given the destructive potential of the flaw, and the fact that a patch is available for months now, Linux admins are advised to apply it without hesitation and mitigate potential threats.
Via BleepingComputer
You might also like- SAP patches recently exploited zero-day in wake of NetWeaver server attacks
- Take a look at our guide to the best authenticator app
- We've rounded up the best password managers
- Google has just confirmed that it hasn't received any official request from the UK government to weaken encryption or provide backdoor access to user data
- Earlier this year, Apple was asked to provide an encryption backdoor in its iCloud’s Advanced Data Protection feature
- This marks a growing divide in how tech giants are affected by the UK’s controversial Investigatory Powers Act and its global implications for privacy
Google has just admitted that the UK government hasn't requested access to end-to-end encrypted user data.
Meanwhile, Apple has been hit by a Technical Capability Notice (TCN) under the 2016 Investigatory Powers Act (IPA), forcing it to shutter its iCloud Advanced Data Protection feature in the UK as a result.
The backlash that followed the UK's request for access to end-to-end encrypted data from Apple echoed throughout the rest of the world. It now turns out that the request may have been more targeted than it first seemed, with Google seemingly immune to it for now.
"We haven't received a technical capabilities notice"(Image credit: Shutterstock / nikkimeel)In February this year, the UK authorities requested that Apple break its end-to-end encryption policies in the Advanced Data Protection (ADP) feature. ADP isn't on by default, but when enabled, it adds an extra layer of security. Not even Apple itself can access the data that's been encrypted in this way; it's completely private.
Unsurprisingly, the order was not met with a warm reception. Mounting scrutiny of the UK's Investigatory Powers Act (IPA) led US senators to investigate whether other companies have also received similar requests.
According to TechCrunch, Google refused to answer questions about any involvement from the UK government when prompted by US Senator Roy Wyden. Companies that are subject to government surveillance orders are unable to disclose them under UK law.
However, Wyden disclosed that at least one technology giant confirmed that it hasn't received such a notice. That turned out to be Meta, which told Wyden's office back in March that it hadn't been served an order to backdoor its encryption services.
Although Google remained silent, it appears to have broken that vow of silence in a statement to TechCrunch. Karl Ryan, Google spokesperson, said: "We haven't received a technical capabilities notice."
That's as good a confirmation as we're going to get in this situation. If Google had received such a notice, it would imply that the UK government was surveying whether a backdoor could be added to its end-to-end encryption or not.
Ryan also told TechCrunch: "We have never built any mechanism or 'backdoor' to circumvent end-to-end encryption in our products. If we say a product is end-to-end encrypted, it is."
The UK government might still back downWhen asked to build a backdoor in its ADP service, Apple instead chose to turn off the feature for users in the UK, leaving them without access to additional data protection.
Although using one of the best VPN services can help boost Brits’ online privacy, it's certainly not going to replace iCloud’s end-to-end encryption protection that users in other countries are able to benefit from.
The order was widely criticized worldwide, with US lawmakers warning against "systemic vulnerabilities." Meanwhile, Apple decided to challenge the request in Court.
More recently, two senior British officials disclosed that the UK government might have to give up on pursuing encryption backdoors due to pushback from the US government. "They don't want us messing with their tech companies," they said.
No matter where this case ultimately leads, the fact that Apple was involved, but Google walked away unscathed, is an interesting development. Google’s hands-off status may offer reassurance that the UK’s encryption demands aren’t as sweeping as they first appeared — at least not yet.
You might also like