AI Agents Framed as 'Insider Threat'

The global AI agents market is projected to expand from around $8 billion in 2025 to over $250 billion by 2034, with a compound annual growth rate nearing 47%. This rapid deployment is creating a new class of privileged users inside enterprises that existing security models are not designed to handle. Attackers are exploiting these agents through methods like prompt injection and memory poisoning, which manipulate an agent's reasoning rather than its code. At the Black Hat USA 2025 conference, researchers from Zenity Labs demonstrated live exploits against agents from Microsoft, Google, OpenAI, and Salesforce, successfully exfiltrating data and manipulating workflows. A critical vulnerability, dubbed EchoLeak (CVE-2025-32711), showed that a single crafted email sent to a Microsoft 365 Copilot user could trigger automatic data exfiltration with no user interaction required. This highlights a new attack surface where the AI itself becomes the vector for a breach. The security industry is responding by treating AI agents as non-human identities that require their own zero-trust frameworks. Companies like Noma Security and Zenity are developing platforms for AI agent discovery, posture management, and runtime protection to monitor for anomalous behavior and enforce security policies. This trend is migrating on-chain, with Solana emerging as a hub for AI agent development due to its high speed and low costs. In March 2026, Solana announced the launch of an AI Agent Registry, a trust layer designed to provide verified identities, reputation, and operational histories for on-chain agents. Developer toolkits are already proliferating within the ecosystem to connect AI to the blockchain. SendAI's Solana Agent Kit provides tools to link agents to over 30 Solana protocols, while Crossmint's GOAT (Great Onchain Agent Toolkit) is a framework for connecting agents to any on-chain application.