Researchers at STAR Labs conducted over 1,700 successful exploits across various agent types, exposing significant gaps in enterprise security. While coding agents like GitHub Copilot, Claude Code, and Cursor face direct threats to local infrastructure, productivity tools—including Microsoft 365 Copilot and ChatGPT Enterprise—often fail silently. In 91% of successful attacks against these productivity assistants, data exfiltration occurred without leaving a trace or requiring traditional malware.
The risk extends to custom, first-party agents built on platforms such as Amazon Bedrock and Google Gemini. Because these operate within the corporate trust boundary, a single compromise can lead to enterprise-wide exposure. The report also highlights a growing threat from AI-Powered Persistent Threats (AiPT), which utilize automated toolkits to exploit Language-Augmented Vulnerabilities in Applications (LAVA).
Vinay Pidathala, vice president of AI security research at Straiker, noted that traditional endpoint detection and firewalls are ill-equipped to monitor the semantic layer where agents make decisions. As attackers weaponize the context in which agents operate, security teams face a new reality where standard vulnerability scanners cannot see the instructions an agent chooses to execute.

Comments (0)
No comments yet. Be the first!