Threat IntelligenceEmerging Threats

AI Agents Expose Hidden Risks as Insider Threats Evolve

Analyst 207||Source: CyberScoop
Concerned person in a brightly-lit office setting with a sense of urgency and accelerated activity.

"In cyberattacks, you talk about the kind of execution time of adversaries coming in and dropping ransomware, we’re now seeing the kill chain drop to 30 and 10 minutes depending on what they’re doing," Alex Desmond, director of insider threat intelligence and innovation at DTEX, told CyberScoop.

Alex Desmond and DTEX: the speed problem

DTEX researchers, speaking with CyberScoop, say improvements in frontier models and deeper integration of agentic AI into business networks have markedly shortened the time defenders now have to react. Desmond contrasted current timelines — where an attacker can move from access to harmful action in 10 to 30 minutes — with a few hours six months ago. That acceleration is central to DTEX’s concern that AI agents multiply the damage an insider can do, intentionally or accidentally.

Anthropic’s Claude Cowork, the Dispatch tool, and Salesforce plugins

DTEX focused on Anthropic’s Claude Cowork, a workflow used in corporate environments that includes remote-control features for agents. One named capability, Dispatch, relays commands from a user’s phone to their desktop Claude agent. Claude Cowork also includes a plugin for communicating with Salesforce AI agents that can access and transfer data.

Two short tests: Outlook drafts and file exfiltration

In controlled experiments reported to CyberScoop, DTEX researchers tested two scenarios. The first asked Claude to summarize information from Salesforce and paste it into a draft Outlook email. The second instructed the agent to archive selected files and transfer them via the Cowork app. In both cases the researchers used simple, single-turn prompts and reported spending between 10 and 30 minutes preparing to exfiltrate the data.

Systems the agents could reach: SharePoint, OneDrive, Outlook, Salesforce, and local files

DTEX confirmed that, in their tests, agents had access to a range of enterprise systems and endpoint data. That list included the ability to download SharePoint corporate data, production documentation stored in OneDrive, access to Outlook email, Salesforce data (and the data accessible through Salesforce AI agents), and any other files on the user’s endpoint device. For each of these applications, Claude Cowork exposes a dedicated plugin or API that can be used to share data externally if prompted.

An IT governance and visibility problem, not a CVE

DTEX emphasized that their findings do not stem from exploiting a software bug or configuration vulnerability and that there is no associated CVE. Instead, the report frames the issue as an IT governance and visibility shortfall. Businesses are rushing to integrate AI tools and pushing employees to use them while failing to deploy the access policies, logging, auditing and monitoring needed to detect or reconstruct how data moved.

The point is practical: if an organization does not log and audit prompts to agents, it may be impossible to determine whether a leakage was caused by an agent acting autonomously, an agent following malicious instructions, or a user mistake. Network and cloud monitoring can show when data is downloaded from SharePoint, but that signal can be weak when users routinely pull sensitive files down as part of their normal workflow. "If a user’s normal workflow is to pull sensitive files down to work locally all the time, you don’t have endpoint monitoring and you introduce an AI agent, it then just has access to all that data," Desmond said.

What this means for technologists, enterprise leaders, end users, and nation-state operators

  • Technologists and security teams: DTEX’s findings point to a need to consider prompt logging, endpoint monitoring, and tighter controls on agent plugins and APIs; these are the specific observables the report identifies as necessary to determine how data was accessed or moved.
  • Enterprise and procurement leaders: rapid adoption of agentic AI without matched controls creates a visibility gap. The report underscores the governance choice companies are making when they enable tools like Claude Cowork without mandating auditing of prompts or limiting plugin access.
  • End users and general employees: because agents can operate via simple prompts and remote relay tools such as Dispatch, legitimate workflows can unintentionally grant full system access to an agent and thereby increase the risk of accidental exfiltration.
  • Nation-state operators and compromised insiders: DTEX flagged another practical risk — western IT and cybersecurity firms have been inundated with job applicants secretly working on behalf of the North Korean government. These hires, paid to evade sanctions and fund Pyongyang’s nuclear program, may gain legitimate access to environments; combined with agentic AI access, that legitimate foothold can be rapidly amplified.

DTEX’s work draws a narrow but urgent line: agentic AI features that improve worker convenience — remote dispatch, plugins to enterprise systems, and simple promptability — also grant powerful access that can be leveraged in minutes. The experiments did not rely on exploits, they relied on governance choices. The concrete question the tests leave is procedural: will organizations begin logging and auditing agent prompts and limit plugin access before an incident occurs?

https://cyberscoop.com/ai-agent-insider-threat-cybersecurity-dtex/

Agentic AiCyberattacksEmerging ThreatsInsider ThreatsRansomwareThreat IntelligenceAI AgentsFrontier Models
Related Intelligence

Continue Reading

Helpdesk workers surrounded by cubicles, phones, and fluorescent lighting, with an atmosphere of unease and vulnerability.

Ransomware Gang Pink Exploits Helpdesk Calls to Steal Credentials

Meet Pink, a notorious ransomware gang that's exploiting helpdesk calls to steal sensitive credentials using clever tactics like vishing and IT impersonation. They're using these stolen secrets to exfiltrate valuable data from enterprise cloud storage and productivity systems, leaving victims with a tough choice: pay up or face the consequences.

Analyst 207
Windows computer workstation with browser open, surrounded by technical books and office supplies.

Hola Browser Compromised to Deliver Cryptominer in Supply Chain Attack

Hola's CEO, Avi Raz Cohen, assured users that the company has taken swift action to prevent future breaches, rebuilding its distribution pipeline and implementing robust security measures. The move comes after a supply chain attack compromised the Hola Browser, secretly delivering a cryptominer to unsuspecting users.

Analyst 207
Laptop screen shows checkout page with subtle code hint in background, in neutral indoor setting.

Magecart Campaign Exploits Stripe to Host Stolen Payment Data

Meet the sneaky Magecart campaign that's exploiting Stripe to host stolen payment data, cleverly hiding its skimming code inside trusted domains like Google Tag Manager and Stripe's API. By using these legitimate-looking channels, the attack slips past security filters, putting online stores and customers at risk.

Analyst 207
Brightly-lit office setting with computer workstation in foreground and blurred screen.

Multiple Breaches Expose Sensitive Data Across Industries

Sensitive data has been compromised across various industries in a series of alarming breaches, including a clever social engineering scam that exposed info of 6 million Carnival Corporation customers and two incidents involving learning management company Instructure's Canvas platform. These breaches highlight the growing threat of cyber attacks and the importance of robust data protection measures.

Analyst 207