Artificial intelligence has moved well beyond the chatbot era. The systems being deployed today don't just respond to questions; they plan, decide, and act. In this episode of the Security Strategist, host Trisha Pillay sits down with Kevin Curran, Professor of Cybersecurity at Ulster University and IEEE senior member, to unpack what this shift means for organisations, security teams, and the people responsible for keeping data safe. From prompt injection to privacy by design, this conversation covers the full spectrum of what agentic AI brings to the cybersecurity table and what it demands of us in return.

From Chatbots to Autonomous Agents

For years, AI in the enterprise context meant tools that waited for instructions. You asked, it answered. The dynamic was predictable, and security teams could build controls around it. Fast forward today, that world is rapidly becoming a memory.

Agentic AI represents a step-change. These systems don't sit idle waiting for a prompt; they pursue goals, interact with APIs, browse the web, execute code, and coordinate with other AI agents, often with minimal human involvement. As Curran explains, this autonomy is both the point and the problem. "Our surface area has dramatically expanded," he notes, capturing in a single phrase what security architects are grappling with across industries.

The implications are immediate. Traditional security frameworks were designed around human actors, meaning slow-moving, auditable, and accountable. Agentic systems operate at machine speed, across multiple endpoints simultaneously, and can chain together dozens of actions before a human reviewer even knows a task has begun. The perimeter, as security professionals understood it, has effectively dissolved.

For organisations still thinking about AI security in terms of data privacy policies and acceptable use clauses, this is a wake-up call. The threat model has changed. The question is no longer just what data an AI can access, but what actions it can take and on whose behalf.

The Vulnerabilities Nobody Warned You About

As the capabilities of agentic AI grow, so does the attack surface. Curran highlights prompt injection as one of the most pressing and underappreciated threats in this new landscape. Unlike traditional software vulnerabilities that exploit code, prompt injection attacks exploit the AI's core function: its ability to read and follow instructions.

The attack is deceptively simple. A malicious actor embeds hidden instructions in content that the AI will encounter, a webpage it browses, a document it processes, or an email it reads. The agent is unable to distinguish between legitimate directives and injected commands, following the hidden instruction. It might exfiltrate data, take an unauthorised action, or silently alter its behaviour. The user never knows.

This vulnerability is particularly dangerous in agentic contexts precisely because these systems have broader permissions and longer action chains. An AI agent with access to calendars, emails, file systems, and external APIs is a high-value target. A successfully injected prompt doesn't just compromise a single response but it can compromise an entire workflow.

The accountability question compounds the problem. As Curran puts it: "Who's responsible when AI acts autonomously?" When an AI agent makes a decision that causes harm, whether through a security breach, a compliance violation, or an erroneous action. The lines of responsibility blur in ways that existing legal and organisational frameworks aren't equipped to handle. Boards, legal teams, and CISOs need to be asking this question now, before an incident forces the issue.

The principle of least privilege emerges here as a critical mitigation. Curran is clear that AI agents should operate with the minimum access necessary for any given task, not a blanket set of enterprise-wide permissions. Limiting scope limits damage. If a compromised agent can only touch what it needs for a specific transaction, the blast radius of any attack is contained.

Secure by Design

Are you enjoying the content so far?

The answer to agentic AI's security challenges isn't to slow down adoption, it's to build differently. Curran is a strong advocate for the secure by design philosophy, which holds that security must be an architectural decision made at the beginning of a system's life, not a layer of controls bolted on after deployment.

This principle has been discussed in cybersecurity circles for years, but agentic AI gives it new urgency. When you're deploying systems that make autonomous decisions, the cost of a security oversight isn't a patching cycle, it can be an incident. Designing for security from day one means conducting AI-specific threat modelling before a system goes live, mapping out what an agent can access, what actions it can take, and where the failure points lie.

Privacy by design sits alongside this as an equally vital framework. Curran points to ephemeral transaction models as a promising approach, structures in which AI agents handle sensitive data only for the duration of a specific task, with no persistent storage of information that isn't necessary. "Privacy by design minimises data collection," he explains, and in a world where autonomous systems are constantly processing personal and organisational data, minimisation isn't just good practice. It's good governance.

Tools and platforms are beginning to emerge that support this approach. Signing room technologies, for instance, offer ways to conduct sensitive transactions with built-in auditability and access controls, worth exploring for organisations managing AI-assisted workflows involving contracts or identity verification. Security scanning platforms designed for AI-era codebases are also maturing, giving development teams the ability to identify vulnerabilities before they reach production.

Organisations that treat security and privacy as foundational to AI deployment, rather than compliance requirements, will be better positioned as these systems become more capable and increasingly embedded in critical operations.

Takeaways

  • Agentic AI and autonomous decision-making
  • Security vulnerabilities in AI systems
  • Secure by design principles for AI deployment
  • Invest in AI-specific threat modeling
  • Implement security by design principles from the start
  • Adopt ephemeral transaction frameworks for privacy