DTEX has issued a new advisory highlighting emerging cybersecurity risks linked to AI agents receiving instructions through messaging platforms such as Telegram and WhatsApp. The findings underscore how these agents, when deployed on user endpoints, can be leveraged to access sensitive data and operate in the background – often without triggering traditional security alerts.

The advisory, developed by DTEX’s insider risk team, focuses on how locally executed AI agents can be configured to receive instructions via personal messaging apps and carry out tasks autonomously. Once deployed, these agents can access files, network drives, and external AI services using the same permissions as the user, creating a significant risk of data exposure.

DTEX emphasizes that the core issue lies at the endpoint level rather than solely in AI model vulnerabilities or prompt manipulation. Unlike conventional cyber threats, these AI-driven activities do not rely on malware or exploits, making them harder to detect using standard security tools. Instead, they blend into normal user behavior, creating a visibility gap for security teams.

A key concern outlined in the advisory is the use of messaging apps as command channels. In such scenarios, users can configure AI agents to receive instructions externally and execute them locally, including reading files, navigating directories, and preparing data for transfer. Because these actions can mimic legitimate workflows, identifying malicious or risky behavior becomes significantly more complex.

Jamie Lindsay, VP, APAC and Japan at DTEX, noted that these agents can operate silently in the background while accessing sensitive data through legitimate permissions. He highlighted that instructions delivered through messaging platforms often fall outside traditional security monitoring, creating a blind spot that organizations must address.

The advisory also identifies several host-level indicators that may signal the presence of such AI agents. These include long-running processes, credential exposure within system parameters, container-based deployments, and outbound connections to external AI services. Monitoring these signals can help organizations detect unusual activity that might otherwise go unnoticed.

DTEX further pointed out that both host-based and containerized deployments present unique detection challenges. In some cases, containerized environments may generate clearer telemetry, while host-based deployments can appear as persistent background processes with minimal observable behavior. This variability makes it essential for security teams to adapt detection strategies based on how AI agents are deployed.

The company warns that the risk is particularly high in environments where employees are encouraged to experiment with AI tools without sufficient oversight. Even without malicious intent, AI agents can introduce vulnerabilities, expose credentials, or create unintended pathways for data exfiltration.

To address these risks, DTEX recommends that organizations closely monitor how AI agents are configured and used on endpoints, especially the prompts that guide their behavior. It also stresses the importance of restricting credential exposure and tracking how sensitive data is accessed, stored, and transmitted. Additionally, organizations should evaluate and limit potential data exfiltration paths by understanding how both users and AI agents interact with internal systems.

As AI adoption accelerates across enterprises, DTEX’s advisory highlights a critical shift in cybersecurity priorities. The growing presence of autonomous agents on endpoints requires organizations to move beyond policy discussions and implement practical detection and monitoring strategies that account for real-world AI behavior.

Recommended Cyber Technology News :

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com