Janith Malinga

← Back to security articles

AI workplace agent connected to multiple workplace tools and security controls

AI security

Securing the AI-Powered Workplace: Understanding the New Attack Surface

AI is becoming part of everyday business operations. As AI tools, workflows, and agents connect to company systems and data, they introduce a new attack surface that security teams must understand and address.

AI SecurityAppSecSecurity Architecture

AI is no longer just another technology; it has become part of everyday business operations. Employees across many organisations now use AI tools, workflows, and agents to complete daily tasks. As these tools become more deeply connected to company systems and data, they introduce a new attack surface that security teams must understand and address.

For years, we have often said that humans are the weakest link in the security chain. However, with the rise of AI-powered tools and the growing number of AI-related security incidents worldwide, we may now need to rethink that statement. In many modern environments, AI itself is becoming another weak link in the chain.

Recent AI-Related Security Incidents

Recent incidents show that the AI attack surface is no longer theoretical. As AI tools become connected to account recovery flows, email systems, browsers, developer tools, and internal company data, attackers are finding new ways to abuse them.

1. Meta AI support bot abused to hijack Instagram accounts

One recent example involved Meta’s AI-powered customer support system. Attackers reportedly abused a flaw in the support workflow to trigger Instagram password reset links to unverified email addresses. This led to more than 20,000 Instagram accounts being compromised or likely hijacked. The issue highlights a major risk with AI-enabled support systems: when AI is connected to sensitive workflows such as account recovery, weak verification logic can quickly become a serious security issue.

2. OpenClaw AI agent flaws enabling prompt injection and data exfiltration

Another example is OpenClaw, an AI agent framework where researchers identified weaknesses that could allow prompt injection and data exfiltration. Since AI agents often connect to email, browsers, local files, APIs, and productivity tools, a successful prompt injection attack can potentially cause the agent to leak sensitive data or perform unintended actions. This shows that AI agents are not only chat interfaces; they are becoming execution environments with access to real business data and systems.

3. Docker Ask Gordon AI flaw leading to code execution and data theft risk

A third example is the Docker Ask Gordon AI vulnerability. Docker patched a critical flaw in its AI assistant where malicious Docker image metadata could be interpreted in a dangerous way, creating a path toward code execution and data theft. This incident is important because it shows how content that was previously considered harmless, such as metadata, labels, or documentation, can become dangerous when AI systems read it and act on it.

These incidents point to the same lesson: AI systems must be treated as part of the security boundary. If an AI tool can read sensitive data, make decisions, call tools, reset passwords, execute commands, or interact with internal systems, then it must be reviewed, monitored, and controlled like any other high-risk application.

References:

How to Implement Secure AI Workflows

Securing AI workflows does not mean organisations need to start from scratch. There are already useful frameworks and guidance that can help security teams build a structured approach.

NIST has published the Artificial Intelligence Risk Management Framework, which provides guidance on managing risks related to AI systems. It encourages organisations to identify, assess, manage, and govern AI risks throughout the AI lifecycle. This is important because secure AI adoption is not only about technical controls; it also requires governance, accountability, risk assessment, and continuous monitoring.

SANS has also introduced the AI Security Maturity Model, which helps organisations understand their current level of AI security maturity and identify areas for improvement. This type of maturity model is useful because many organisations are already using AI tools, but they may not yet have clear policies, security reviews, monitoring, or incident response processes in place.

Using guidance from frameworks such as NIST AI RMF and the SANS AI Security Maturity Model, organisations can start building secure AI workflows by focusing on a few key areas: maintaining an inventory of AI tools, defining acceptable use policies, reviewing AI integrations, applying least privilege, monitoring AI activity, testing for prompt injection, and educating employees on safe AI usage.

The goal should not be to block AI adoption. Instead, organisations should create a secure path for employees to use AI safely, while protecting company data, systems, and customers.

Final Thoughts

AI adoption is moving faster than many security teams can govern. Employees are already using AI assistants, agents, browser extensions, coding tools, and workflow automations to improve productivity. This creates real business value, but it also introduces new risks.

The main challenge is that AI tools are no longer passive systems. They can read data, interpret instructions, call tools, make decisions, and sometimes perform actions on behalf of users. This changes the security model. A malicious email, document, metadata field, or prompt can potentially influence the behaviour of an AI system and cause unintended outcomes.

Security teams need to adapt by treating AI as part of the enterprise attack surface. AI tools should be inventoried, reviewed, monitored, tested, and governed. The organisations that succeed will not be the ones that block AI completely, but the ones that enable AI safely with the right controls, visibility, and accountability.

AI is becoming part of the modern workplace. Now security must become part of AI.