AI agents widen cyber risk

IDC projects about 1.3 billion AI agents by 2028 and estimates show 77% of small businesses lack formal AI policies, underscoring rapid, largely unmanaged agent growth. (forbes.com) Rama Sekhar, partner at Menlo Ventures, warns agentic systems now run with memory and autonomy and create a defined "blast radius" that expands as agents are embedded across workflows. (bankinfosecurity.com) BeyondTrust data analyzed by Phantom Labs found enterprise AI agents growing roughly 466.7% year-over-year, signaling fast escalation of non‑human identities inside corporate environments. (markets.businessinsider.com) Netskope’s 2025 Cloud and Threat Report documents surging GenAI adoption and the rise of custom on‑premises agents that commonly operate outside centralized IT visibility, creating “shadow AI” risk. (netskope.com) Anthropic and other vendors report attackers are using AI to craft code that adapts to defensive controls in real time, driving an AI‑vs‑AI detection arms race on both offensive and defensive fronts. (anthropic.com) Check Point CEO Nadav Zafrir and other security leaders are urging real‑time, AI‑driven oversight and “guardian” agents to continuously evaluate agent behavior as traditional perimeter controls prove inadequate. (govinfosecurity.com) The OWASP GenAI Security Project published a Top‑10 risks and mitigations list for agentic AI on Dec. 10, 2025, calling for identity, access and API governance as primary controls. (genai.owasp.org) Industry guidance for smart buildings and facility systems notes that IoT, cloud and AI integrations increase attack surface for building management platforms, and recommends segmentation, continuous monitoring and incident response playbooks to limit lateral movement and contain breaches. (tiaonline.org)