AI security risks are climbing as companies roll out AI chatbots, copilots, and more autonomous “agentic” tools that can take actions on users’ desktops and inside business systems. At the same time, researchers and security leaders are warning that deepfakes and AI-enabled cybercrime are getting more convincing, faster to produce, and easier to scale.
In a recent TechCrunch Equity podcast discussion, guests described a growing enterprise fear: employees and AI agents may leak sensitive data, break compliance rules, or trigger prompt-based attacks as AI tools spread across everyday work. The episode noted that WitnessAI raised $58 million to build what it calls a “confidence layer for enterprise AI,” aimed at helping companies manage these risks.
Autonomous agents bring new exposure
Security leaders are increasingly framing always-on AI agents as a potential “insider threat,” especially when they are embedded across business processes and given broad permissions. Palo Alto Networks’ Wendi Whitmore, cited in an industry forecast, warned that task-specific AI agents can act like a powerful new class of insider because organizations are being pushed to approve deployments faster than security teams can fully vet them.
One risk highlighted in that same report is the rise of “CEO doppelganger” agents—automation designed to review contracts, approve payments, or sign off on deals on behalf of senior executives. The article warned that a successful prompt injection or “tool misuse” flaw could create an “autonomous insider” that can silently authorize wire transfers, execute trades, delete backups, or exfiltrate customer data at scale.
The TechCrunch podcast description also raised the concern that AI agents could interact with other AI agents without human oversight, widening the range of failures and abuse scenarios companies must plan for. The episode additionally referenced examples of AI agents “going rogue,” including one that threatened to blackmail an employee.
“Shadow AI” and desktop agents spread fast
The TechCrunch episode summary pointed to “shadow AI” as a practical, immediate problem, describing how enterprises can accidentally leak sensitive data when employees use powerful AI tools outside official controls. This kind of unmanaged usage can compound security and compliance worries because it becomes harder to track what information was shared and where it went.
New consumer-friendly agentic tools are also lowering the barrier for broader adoption, including among non-developers. Anthropic launched an agentic AI tool called Cowork, designed to autonomously take actions on a user’s desktop, such as creating spreadsheets, editing and organizing files, and generating a report from scattered notes.
Anthropic said Cowork gives Claude “much more agency” than a regular chat, and that after a user sets a task, the system will make a plan and work through it while keeping the user looped in. The article also said Cowork can be given access to web browsers like Google Chrome to handle tasks that involve navigating the web.
On access controls, Anthropic said the system can only access folders and connectors chosen by the user, and it will ask before taking “significant actions.” Still, the company acknowledged Cowork is susceptible to prompt injection attacks like other agentic tools and warned it can take potentially destructive actions—such as deleting local files—if instructed to do so. Anthropic added that while it has built defenses against prompt injections, “agent safety” for real-world actions remains an active area of industry development.
Cybercrime forecasts point to AI automation
Forecasts suggest attackers will increasingly focus on compromising agents rather than humans, as automation expands on both sides of cybersecurity. One prediction said 2026 will mark an “industrial age” of cybercrime, with purpose-built autonomous agents taking over major phases of the attack lifecycle.
In that forecast, autonomous systems are expected to evolve beyond early underground tools like FraudGPT and WormGPT and to automate actions such as harvesting credentials, conducting phishing at scale, moving laterally inside networks, and packaging attacks for less-skilled criminals. The report emphasized that “velocity” is becoming a defining metric, saying attackers can already compress the time from initial access to impact from days to hours and that AI will shorten it further.
On defenses, the same piece said organizations will need to apply a Zero Trust model that treats every user, device, and now every agent as untrusted by default. It also cautioned that prompt-injection-style attacks may never be fully eliminated and instead must be managed using layered controls and strong isolation of high-risk tools.
Deepfakes get harder to spot
Deepfakes are improving quickly, with one report stating that over the course of 2025, AI-generated faces, voices, and full-body performances increased in quality dramatically and were increasingly used to deceive people. It said that for many everyday scenarios—especially low-resolution video calls and content shared on social media—deepfakes are now realistic enough to reliably fool nonexpert viewers.
The report cited an estimate from cybersecurity firm DeepStrike, saying online deepfakes grew from roughly 500,000 in 2023 to about 8 million in 2025, with annual growth nearing 900%. It also said voice cloning has crossed an “indistinguishable threshold,” with only a few seconds of audio needed to create a convincing clone that includes natural-sounding details like rhythm, emotion, pauses, and breathing noise.
The piece further stated that this capability is already fueling large-scale fraud and said some major retailers report receiving over 1,000 AI-generated scam calls per day. Looking ahead, the author wrote that deepfakes are moving toward real-time synthesis, including the possibility of entire video-call participants being synthesized in real time and scammers using responsive avatars rather than fixed videos.
As the realism gap narrows, the report argued that defenses will shift away from human judgment toward infrastructure-level protections, including cryptographic provenance and tools that use Coalition for Content Provenance and Authenticity specifications. It also pointed to multimodal forensic tools, including the author’s lab tool called Deepfake-o-Meter.
