Skip to main content
close search
site logo
Dive Brief

IT teams aren’t equipped to stop rogue AI agents

Autonomous systems represent an attack surface existing cybersecurity services models aren’t designed to protect.

Published Jan. 22, 2026
James Anderson's headshot
Senior Reporter
Multiple padlocks encircled by white, on a blue surface.
Getty Images

First published on

Channel Dive

Dive Brief:

  • AI agents are involved in 40% of insider cybersecurity threats, according to a report by managed security service provider Akati Sekurity.
  • Non-human identities outnumber humans 144 to one in the average business and constitute an attack surface IT teams, service providers and vendors are ill-equipped to defend, Akati CEO Krishna Rajagopal told Channel Dive.
  • “[Partners] are focused on making sure that the LLMs are secure and doing an assessment, looking at the security of the MCP server. But there is this little worm — literally the agentic agent — that can [go] rogue, and if that goes rogue, most MSPs and MSSPs currently do not have an answer for,” Rajagopal said.

Dive Insight:

Akati’s insider angle puts an in-house spin on AI-based cybersecurity threats. Threat actors’ use of generative AI to conduct phishing and social engineering at scale is well known. Akati warns that cybercriminals will exploit the agents within a business.

“If you've got a Gen AI implementation with GPUs running in the cloud, they want to piggyback on that and use it to run their own queries,” Rajagopal said.

A cyber espionage campaign that Anthropic foiled last fall could be a foretaste of supply chain attacks that use AI platforms as a Trojan horse. A state-affiliated group broke into Claude’s AI coding agent and attempted to breach more than two dozen organizations that use the LLM.

Rajagopal believes the hackers were running a proof-of-concept operation.

“I think they were testing the water to see what they could potentially do and how big they can go, and [at what] scale and speed, should they pull out another SolarWinds-type of supply chain attack,” he said.

A 2020 SolarWinds breach devastated MSPs that used the platform for IT management and remote monitoring. As MSPs and MSSPs develop agents for internal teams and customers, they need to be vigilant.

Existing service models have never accounted for non-human identities, nor have the software vendors that support security operations centers, Rajagopal cautioned. User behavior analytics must evolve into agent behavior analytics.

“MSSPs have always been focusing on protecting and supporting the organization from employees,” Rajagopal said. “Our pricing model has been per-employee, per-device; it's always been focused on a human. But with this explosion of non-human, my message is that for MSPs and MSSPs, right now is the time where you have to equip yourself on two fronts.” 

Akati outlined a 12-month roadmap — which the company itself undertook — for mitigating rogue agent threats. 

Partners in the first 30 days should make a full inventory of all non-human identities in their organization, audit the agents with high privileges and set up blocklist prompts. They should, in the next 60 days, deploy a pipeline for agent decision logging, develop incident response procedures for rogue agents and give agents just-in-time access.

Rajagopal urged service providers to familiarize themselves with the MITRE Atlas Framework, which charts how insider threats of the future may stem from human trust in AI systems rather than human malice.

“I think this attack chain is going to blow up, and you're going to see more of it in 2026,” Rajagopal said.

Recommended Reading

Filed Under: Cyberattacks, Threats

Editors' picks

Company Announcements

View all | Post a press release
Cyber Incidents and Attacks Disrupt Enterprise Business Operations for Two Weeks, Reveals Firs…
From Absolute Security
January 08, 2026

Want to share a company announcement with your peers?

Get started

Editors' picks
Latest in Cyberattacks
Industry Dive is an Informa TechTarget business.
© 2026 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.