🟠High  | Source: The Hacker News
Attackers are exploiting legacy infrastructure — such as unpatched on-premises systems, outdated APIs, and deprecated services — to hijack AI agents that organisations are rapidly deploying. Because security programmes have not kept pace with AI adoption, these legacy components are being used as pivot points to manipulate or subvert AI-driven workflows. With 71% of organisations piloting AI agents, the attack surface is significant and largely uncharted.
Security Architect’s Take: Audit all systems that AI agents can interact with or receive instructions from, and treat legacy infrastructure as a high-risk trust boundary — apply zero-trust principles, enforce strict input validation, and ensure AI agents cannot be prompted or redirected via unsanitised data from legacy sources.
Original advisory: Stop Your Legacy Infrastructure from Hijacking Your AI Agents