New AI Models Won't Fix Your Old AI Problems

Chasing the Shiny New Thing While Your Current Tools Collect Digital Dust

While everyone's swooning over Midjourney's latest pixie dust, Llama's new petting zoo, and ChatGPT's Studio Ghibli-style recreation, here's a radical thought: if your organization is still only scratching the surface of AI with meeting summaries and email drafts when these tools could be transforming entire workflows, automating repetitive processes, and uncovering insights in your mountain of untapped data, perhaps another shiny AI toy isn't what you need right now. But sure, download that update. I'm sure THIS will be the one that magically unlocks the productivity revolution your competitors are already enjoying—without you needing an actual strategy.

Beyond the Buzzwords: AI Agents Are Already Hacking Us While We Debate What to Call Them

Last week, our newsletter explored the bewildering world of AI agents and the industry's inability to define what they actually are. We highlighted how tech CEOs like Altman, Nadella, and Benioff keep promising revolutionary "digital workers" while industry insiders admit the term has become "almost nonsensical" from overuse. We exposed the technobabble surrounding these systems, their reliability issues, and the dangers of deploying technology nobody fully understands.

But the situation is far more alarming than mere semantic confusion and marketing hype. While we're still arguing about what to call these digital genies, they're already being weaponized.

From Theoretical Risk to Active Threat

The theoretical cybersecurity concerns we briefly mentioned last week have manifested into concrete threats faster than anticipated. According to new research from MIT and Palisade Research, autonomous AI agents aren't just a future concern—they're already actively scanning the internet for vulnerabilities.

Palisade's "LLM Agent Honeypot" project has identified confirmed AI agents originating from Hong Kong and Singapore actively conducting reconnaissance operations on what they believed were vulnerable government and military servers. These weren't simple bots running scripts; they were sophisticated agents capable of responding to complex prompts in under 1.5 seconds and adapting their approach based on the target—capabilities well beyond traditional hacking tools. 

The Looming Threat Multiplication

Why should this terrify your CISO? Because we're witnessing the democratization of hacking expertise. Malwarebytes security expert Mark Stockley warns that AI agents represent an exponential force multiplier for cybercriminals: "If I can reproduce [an attack] once, then it's just a matter of money for me to reproduce it 100 times."

Remember our reality check of organizations that "can barely secure their AWS accounts against basic phishing emails" yet are "eagerly lining up to deploy autonomous AI agents"? The situation is more dire than we thought. Researchers have demonstrated that current AI agents can successfully exploit 13% of vulnerabilities with no prior knowledge. Provide these agents with minimal information about the vulnerability, and that success rate jumps to 25%. 

The Perfect Storm: Hype Meets Capability

Last week, we highlighted the technobabble surrounding AI agents with terms like "agentic," "autonomous," and "reflection-driven planning." The cruel irony is that while enterprise-grade "agents" struggle with basic tasks, their malicious counterparts are already demonstrating frightening levels of competence.

 As Daniel Kang, assistant professor at the University of Illinois Urbana-Champaign, bluntly puts it: "I'm afraid people won't realize this until it punches them in the face."

 From Useless to Dangerous in Record Time

The technology industry has achieved a remarkable feat: creating agents that simultaneously can't reliably schedule your meetings but can potentially compromise your security infrastructure. It's as if we've invented digital genies that ignore your actual wishes but grant the wishes of your worse enemies and frenemies. The companies trying to sell us these agents are doing what AI companies do:  boil the ocean and try to convince you to write a fat check.  Criminals, however, have only one goal: own your stuff. This allows them to create effective models that don’t have to focus on anything else.

 We’ve previously questioned whether the tech industry suddenly gained "10's of thousands of expert AI software developers." Now we must ask: how many cybercriminals are already deploying agents that can work 24/7, don’t need sleep, and can launch attacks at a scale impossible for human hackers?

 A New Security Paradigm

Cybersecurity expert Vincenzo Ciancaglini from Trend Micro describes the current state of malicious agentic AI as "even more of a Wild West than the LLM field was two years ago." We're potentially facing an "overnight explosion in criminal usage."

Again, last week, we raised concerns that "power without proper understanding or control rarely ends well for the wish maker." Now we must confront a more urgent reality: while organizations debate what to call their digital assistants and which vendor's marketing buzzwords sound most impressive, malicious agents are already at work. Since most companies are shockingly deficient in even the cybersecurity basics, the danger is real.

The uncomfortable truth is that the industry's exaggerated promises about helpful AI agents might actually be fulfilled first in the realm of malicious ones. Before you deploy that shiny new "autonomous process agent" across your enterprise, perhaps consider that similar technology is already searching for ways into your systems.

After all, in the arms race between AI agents, the ones without corporate red tape, an overwhelming level of FOMO, and marketing departments reviewing their every move might just have the decisive advantage.