Researchers at STAR Labs conducted over 1,700 successful exploits across various agent types, exposing significant gaps in enterprise security. While coding agents like GitHub Copilot, Claude Code, and Cursor face direct threats to local infrastructure, productivity tools—including Microsoft 365 Copilot and ChatGPT Enterprise—often fail silently. In 91% of successful attacks against these productivity assistants, data exfiltration occurred without leaving a trace or requiring traditional malware.
The risk extends to custom, first-party agents built on platforms such as Amazon Bedrock and Google Gemini. Because these operate within the corporate trust boundary, a single compromise can lead to enterprise-wide exposure. The report also highlights a growing threat from AI-Powered Persistent Threats (AiPT), which utilize automated toolkits to exploit Language-Augmented Vulnerabilities in Applications (LAVA).

Comments (0)
No comments yet. Be the first!