Realtime AI News
Trend Micro tests 13 AI models in PwC-backed AI agent risk study
Trend Micro's TrendAI and PwC Consulting released a joint report on July 17 revealing that stored prompt injection attacks succeed across multiple large language models from different vendors. The 2,600-test evaluation found the vulnerability stems from AI agent architecture itself, not any specific model, and proposed a new governance framework called AI-CAL.
Trend Micro's enterprise-focused TrendAI brand and PwC Consulting released a joint report on July 17 titled “The Age of Autonomous AI: Cyber Risks and Practical Governance for AI Agents.” The report combines PwC Consulting's analysis of risk, controls, and implementation roadmaps with TrendAI's empirical security validation, revealing structural security risks in agent-based AI systems.
TrendAI built a proof-of-concept environment modeled on realistic corporate systems and tested whether attacks on AI agents could be carried out. It ran 2,600 parallel tests using 200 automatically generated attack prompts against 13 AI models from four vendors: Anthropic, OpenAI, Google, and DeepSeek. The tests confirmed that attacks succeeded on models from multiple vendors, indicating that stored prompt injection is not tied to a specific model or vendor but stems from the architecture of AI agents. In such attacks, malicious instructions are embedded in legitimate business data and later executed when an AI agent reads that data.
In one demonstration scenario, an AI agent reading and classifying support tickets submitted through a public web form was targeted by embedding malicious instructions in the ticket text. In another, an identity-verification system using uploaded passport images was attacked by disguising malicious instructions inside a passport image as an “AUDIT NOTE.” In the test environment, the AI agent was misdirected into calling database tools in sequence and succeeded in exfiltrating confidential information including authentication tokens, as well as obtaining other customers' passport data such as names, passport numbers, dates of birth, expiration dates, and nationality. The company emphasized these were demonstrations in a verification environment, not attacks on real-world systems.
The report argues that current language models have an inherent architectural property in which they cannot strictly distinguish between data and instructions. As AI agents autonomously chain together multiple tool calls, the impact of a prompt injection attack can spread from an initial input to information theft or data tampering. Consequently, core countermeasures lie less in switching AI models than in system design and operational controls, including enforcing least-privilege access, restricting tool calls, and improving observability and controllability.
PwC Consulting organized risks using five levels of AI-agent autonomy from L1 to L5 across five functional domains. It also proposed an “AI Control Assurance Level” (AI-CAL) framework intended to help executives and security teams discuss the control maturity of AI agents using a common language. The report groups priority actions into three areas: establishing access governance, building foundations for observability and control, and institutionalizing AI-CAL assessment processes.
AI agents, capable of interpreting inputs and triggering software tools with limited human intervention, are being adopted more widely in customer support, internal operations, and identity verification. Their expanding use has heightened concern over prompt injection and tool abuse, particularly when agents connect directly to databases, workflow systems, or external applications. The report provides a structured framework for enterprises deploying AI agents to assess and mitigate these emerging risks.
Why it matters
This study shifts the AI agent security conversation from model-level fixes to architectural and governance-level controls, urging enterprises to focus on system design and operational guardrails rather than simply choosing a safer model.
Nearby Updates
All07/18, 06:55
Vertu wants executives to pay $6,880 for an AI agent — here’s how it actually performs
Vertu wants executives to pay $6,880 for an AI agent — here’s how it actually performs. From AI workflows to battery life and security, here's what it's really like to live with Vertu's luxury foldable every day.
07/18, 06:32
PPIO Launches Smart Model Gateway as 'Intelligent Token Factory' for the Agent Era
PPIO has released a Smart Model Gateway positioned as an 'Intelligent Token Factory' for the Agent era, with trillions of token calls verified in production. The product provides unified model access and token management for AI applications.
07/18, 06:12
Databricks hits $188B valuation, extending its run as AI's favorite second act
Databricks on Thursday announced a new funding round led by Coatue at a $188 billion valuation, roughly $3 billion in size according to reports. The company has transformed from a big-data SaaS business into an AI infrastructure provider in just 19 months, with its valuation surging from $62 billion in December 2024.
07/18, 05:42
Perplexity Launches SPACE Runtime for AI Agent Tasks
AI search company Perplexity has released SPACE, a runtime environment designed specifically for executing AI agent tasks. The launch marks Perplexity's expansion from search into AI agent infrastructure.