Google 和 Meta 的安全研究人員警告,自主型 AI 代理需要全系統的防禦架構,以因應新興的安全風險。專家提醒,僅靠傳統資安工具不足以防範由 AI 代理帶來的威脅,因為這些代理能夠保留記憶、呼叫外部工具、與其他代理協調,並可在沒有直接人工監督的情況下持續運作。這項擔憂源自企業在工作流程中快速部署 AI 代理,涵蓋付款、客戶服務、程式碼編寫、資安,以及金融作業。與先前偏聊天機器人式的系統不同,代理式 AI 引入持久記憶系統、工具執行,以及自主工作流程,從而產生新的攻擊面。這些互聯系統中的安全失敗,往往不會侷限於單一環節——遭入侵的指令或惡意輸入可能在外部可見之前,先在多個層級之間擴散。
Security Gaps in AI Agent Systems
A survey of 116 AI-agent security papers identified major gaps in defenses against "cross-session" and "stack-propagating" threats, which are capable of moving across multiple layers of autonomous systems over time. The risk is particularly acute in financial services, where AI agents are increasingly deployed for payments, fraud monitoring, trading operations, and customer account management.
In a recent incident, Bankr, an AI-powered crypto trading assistant, disabled transactions on May 20 after identifying an attacker who had gained access to at least 14 wallets. Security experts speculated the bot could have been exploited by a hacker.
Keyrock reported that AI agents processed $73 million in crypto payments between 2025 and 2026, demonstrating the scale of autonomous AI deployment in financial workflows.
Researchers emphasize that agent security must be approached as a systems problem, treating the AI model powering the agent as an untrusted component. Security experts are proposing methods to intercept attacks as they move through interconnected AI-agent systems rather than relying solely on front-end filters or prompt moderation.
Google 與 Meta 擴展代理式 AI 生態系
Google 近期揭露了 Gemini Spark,這是一款可長時間在線的 AI 助理,能夠在 Workspace 應用、雲端系統與第三方平台之間進行互動。該公司正將 AI 代理更深入地整合到 Chrome、Gmail、Search 與 Android 系統中。
Meta 正在準備代理式 AI 助理,能夠在其社交與訊息平台上執行個人化任務。安全專家警告,越來越自主的系統,會在這些互聯生態系之間創造更多資安漏洞與惡意攻擊的機會。
