As AI agents that automate specific tasks without humans spread, some are raising concerns that AI agents could behave like malware.
AI agents can operate like malware…controls urgently needed
Security issues and service disruptions have occurred at major companies such as Meta and Amazon due to AI agent malfunctions, boosting interest in so-called guardian AI agents that monitor and control AI agents. Startups as well as leading tech companies have entered the guardian AI market or are considering doing so. Guardian AI is provided in the form of a cloud app. It sets rules for how agents within a company should behave, and if an agent deviates, guardian AI sends an alert to the person in charge or changes the agent’s behavior.
According to a recent report by The Information, Wayfound, a guardian AI startup led by Tatyana Mamut (타티아나 마무트), a former executive at Amazon Web Services and Salesforce, has secured about 12 paying customers mainly in finance and tech.
Hedge funds are using Wayfound’s guardian AI to monitor AI agents that write research reports. The Information reported that Wayfound charges a monthly subscription fee of $750 per 10,000 agent tasks.
Salesforce last year named Wayfound an official “monitoring partner” for its AI agent platform, Agentforce. Israeli startup Avon AI has also signed multi-year contracts with multiple corporate customers using a similar combined subscription and usage-based pricing model.
Big tech companies are also moving faster toward guardian AI. Cloud-based enterprise software company ServiceNow is selling a guardian agent that monitors not only its own AI agents but also agents from rivals such as Microsoft and Amazon. It charges both subscription fees and usage-based fees in the form of an “AI Control Tower.” Salesforce is also said to be reviewing the development of guardian AI.
South Korean security companies are moving to expand AI-based portfolios. Fasoo is changing its name to FasooAI and is moving in earnest to become a company that supports AX (AI innovation). FasooAI plans to strengthen related businesses actively from this name change. It will expand its portfolio to support AI adoption through an enterprise AI platform and agentic AI, while also securing AI governance and managing and protecting AI-ready data. RaonSecure signed a business agreement with Upstage to develop and commercialise agentic AI security automation, and said it will unveil an “agentic AI-based security automation platform” within this year, in which AI automatically operates overall enterprise security.
Fasoo reborn as FasooAI…”strengthening identity as an AX support company”
RaonSecure to cooperate with Upstage…to launch agentic AI-based security automation platform within this year
Attacks targeting the software supply chain are also continuing. A supply-chain attack was confirmed in which North Korean hackers tampered with an Axios NPM (Node Package Manager) package, a major JavaScript library, causing millions of malicious distributions. LiteLLM, an AI gateway solution provider used by millions of developers, publicly said it would part ways with security compliance startup Delve and obtain security certification again through another company.
North Korean hackers carry out Axios NPM package supply-chain attack…millions of distributions in 3 hours
AI gateway LiteLLM parts ways with disputed security firm Delve after exposure to malware attack
The article also summarised moves by companies in South Korea and abroad around AI.
Amazon Web Services launched AWS DevOps Agent and AWS Security Agent. The two agents serve as AI team members that DevOps and security teams can use around the clock. The focus is on reducing the time people spend on fixing problems after they occur and helping them concentrate on optimisation in advance.
AWS launches DevOps and security AI agents…automating 24-hour outage detection and penetration testing
MegazoneCloud signed a strategic partnership with cloud security company Zscaler to strengthen zero-trust-based cloud security. Yeom Dong-hoon (염동훈), MegazoneCloud’s chief executive, stressed two points at the company’s own conference regarding AI taking root in corporate settings: an enterprise trust layer and change management. Based on this, he presented a vision of a scenario in which all employees use cloud-based AI computers.
MegazoneCloud expands zero-trust-based cloud security business with Zscaler
“Enterprise AI can spread only with both trust layer and change management”
A report said a command injection vulnerability was found in OpenAI’s coding agent, Codex, that could allow GitHub authentication tokens to be stolen.
“OpenAI Codex vulnerability could allow theft of GitHub authentication tokens through command injection”
A new AI model said to be under development at Anthropic, Claude Mythos, is drawing attention in the security industry as concerns emerge that if it fell into hackers’ hands, it could be abused while far outpacing defenders’ response to security vulnerabilities. Some also see that AI will not shrink the standing of security companies but rather expand it.
“Anthropic’s new AI model could become a weapon for hackers”…cybersecurity industry on edge
[Tech Insight] AI will not kill the security industry, but make it much bigger…why?
In policy, the Personal Information Protection Commission will conduct a pre-inspection of the handling status of resident registration number processing such as collection and use in the financial sector as a follow-up measure after recently sanctioning credit card companies for violating obligations related to handling resident registration numbers. The Korea Internet & Security Agency (KISA) launched a “ransomware full lifecycle response task force” to respond systematically to increasingly sophisticated ransomware attacks.
The Telecommunications Technology Association (TTA) set up a dedicated standardisation project group (PG507) for “AI security” to secure the reliability of AI models and protect data. Cho In-chul (조인철), a lawmaker from the Democratic Party, proposed a partial revision bill to the Act on Promotion of Information and Communications Network Utilization and Information Protection. It would strengthen obligations for information and communications service providers to preserve log records and require related servers to be immediately preserved as evidence when an incident occurs.
Personal Information Protection Commission to push advance inspection of personal data protection in finance
KISA launches ‘ransomware full lifecycle response task force’
TTA sets up dedicated standardisation project group for ‘AI security’
‘Immediately preserve key logs in incidents’…Cho In-chul proposes bill to mandate log records
Click Here For The Original Source
