There's an AI agent security gap that nobody is talking about. In our whitepaper released yesterday, one finding particularly stood out - the scalability crisis in human oversight. As AI agents become more autonomous, users will face thousands of permission requests. The reality is that most people will simply approve everything, turning security controls into security theatre. But this is just one of a number of critical vulnerabilities identified in the research: -Agent identity fragmentation - companies building separate identity systems instead of common standards. -User impersonation risks - no way to tell if an action was taken by a human or an agent acting on their behalf. -Recursive delegation - when agents create other agents, permission chains become unmanageably complex. -Browser control bypass - agents controlling screens and browsers sidestep traditional security checks entirely. The technical details matter because these are not theoretical future problems. They are emerging now as agents gain autonomy. The full whitepaper dives deep into each challenge: https://lnkd.in/gs-7RydJ Tobin South Atul Tulshibagwale Nancy Cam-Winget Aaron Parecki Nat Sakimura 💯George Hopkin Pamela Dingle Heather Flanagan Gail Hodges #AIAgents #Cybersecurity #AIGovernance
Thanks a lot. The Gimel Foundation appreciates your support on this important issue! The Gimel Foundation has developed and shared the open-source GAuth protocol as the new standard for authorizing AI earlier (patents pending). Lovely it is winning people over. See our website: https://lnkd.in/dvypbjtQ For our GitHub: https://lnkd.in/d4Q5Ur6y Any further feedback in terms of pull requests is more than welcome! Thanks!
Critical security gap as users reflexively approve AI agent requests https://thefreesheet.com/2025/10/08/critical-security-gap-as-users-reflexively-approve-ai-agent-requests/
Thanks Tobin South for dropping into the W3C Linked Web Storage WG to discuss intersections of this work with technologies similar #solid.
Happy to see this out! A critically important topic
Great article. One point in my list of concerns, in addition to what have been addressed in the article related to consent, is the end user giving consent to their own requests (in case of agents triggered by human interaction). The consent mechanism is used on normal software when the end-user is the resource owner, i.e., owner of their data (profile information, account balance, medical record, etc); on the agent-based approach, an user prompt could access data that they are not authorized to, requiring an even more stronger authorization mechanism.
great paper
Thank you for illuminating the value of efficient, scalable means of authorization to accomodate the modern age. There are many ways to architect such a solution. I’m certain the future holds a number of interesting viewpoints.
A good write up and this is one of the critical challenges that industry is trying to solve with Agentic AI
Great share! I’ve also shared it in the AI Security group on LinkedIn: https://www.linkedin.com/groups/14545517/ and Twitter: https://x.com/AISecHub
Digital Ventures for Humanity
1moGlad to see your support on this important issue! Gimel Foundation has developed and shared the open-source GAuth protocol as the new standard for authorizing AI: See https://lnkd.in/dvypbjtQ And GitHub: https://github.com/Gimel-Foundation Feedback (pull requests) welcome! Gimel Foundation promotes a more inclusive, fair, and just global digital economy, including supporting the achievement of the United Nations Sustainable Development Goals (U.N. SDGs). Together with its developer community, Gimel Foundation develops and governs innovative solutions in the field of AI governance and digital identities. In particular, Gimel Foundation is licensing and promoting the introduction of the open-source solution “GAuth”, an advanced protocol for authorizing digital agents and humanoid robots. Gimel Foundation is aiming at leapfrogging towards a new de-facto standard in the field of cyber security. Contributions to and documents of Gimel Foundation are governed by its Board of Trustees. Note: All rights reserved, patents pending #GiFoRFC0110 #GiFoRFC0111 #GiFoRFC0115 #AgentiveAI #AI #Authorization #AIauthorization #AIgovernance #cybersecurity #GAuth #OAuth #GimelID #EntraID #GAgent #LoA4 #LoA5 IETF Gimel Technologies