- Researchers argue AI agents must be treated as untrusted components, requiring system-wide security design instead of just robust AI models.
- Three key security mechanisms are identified to block most attacks: separating instructions from data, granting minimal permissions, and centralizing control of sensitive data flow.
- The call for systemic security follows incidents like the Bankr trading assistant exploit, highlighting urgent vulnerabilities as AI agents proliferate in crypto.
Researchers from Google, Gray Swan AI, and universities released an amended paper on May 20, urging a fundamental shift in securing AI agents that are becoming central to cryptocurrency. They argue security must encompass the entire computer system, not just the AI model, to effectively guard against failures and malicious attacks.
The paper, Agent Security is a Systems Problem, states “efforts to increase model robustness… are insufficient on their own.” Consequently, the team advocates for borrowing proven techniques from the field of computer security, which has long studied powerful adversaries.
This warning comes as AI agents gain significant traction among crypto users. Circle CEO Jeremy Allaire predicted billions of AI agents would operate on users’ behalf within five years, while platforms increasingly use them to build Web3 apps and trade autonomously.
The researchers studied various attack cases and concluded three core protections could prevent most threats. First, agents must clearly distinguish between instructions and untrusted data to avoid hidden malicious commands.
Second, agents should operate with the minimum permissions needed for a task, not full system access. Finally, the broader system, not the agent, must control where sensitive information flows to prevent data leaks.
The urgency of this framework is underscored by recent security incidents. The AI-powered crypto trading assistant Bankr disabled transactions on May 20 after an attacker compromised at least 14 wallets.
Security experts like Aaron Ratcliff of Merkle Science note that while AI can be safe with correct design, it requires robust capabilities like spotting scam tokens and preventing prompt injection attacks. Meanwhile, Sean Ren of Sahara AI emphasizes that model context protocols can act as critical gatekeepers, limiting an agent to pre-approved actions.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
