Security researchers from Google and Meta are warning that autonomous AI agents require system-wide defensive architectures to address emerging security risks. The experts caution that traditional cybersecurity tools alone cannot protect against threats posed by AI agents capable of retaining memory, calling external tools, coordinating with other agents, and operating continuously without direct human supervision. The concern stems from rapid enterprise deployment of AI agents across workflows including payments, customer service, coding, cybersecurity, and financial operations. Unlike earlier chatbot-style systems, agentic AI introduces persistent memory systems, tool execution, and autonomous workflows that create new attack surfaces. Security failures in these interconnected systems rarely stay isolated—compromised instructions or malicious inputs can spread through multiple layers before becoming visible externally.
Security Gaps in AI Agent Systems
A survey of 116 AI-agent security papers identified major gaps in defenses against "cross-session" and "stack-propagating" threats, which are capable of moving across multiple layers of autonomous systems over time. The risk is particularly acute in financial services, where AI agents are increasingly deployed for payments, fraud monitoring, trading operations, and customer account management.
In a recent incident, Bankr, an AI-powered crypto trading assistant, disabled transactions on May 20 after identifying an attacker who had gained access to at least 14 wallets. Security experts speculated the bot could have been exploited by a hacker.
Keyrock reported that AI agents processed $73 million in crypto payments between 2025 and 2026, demonstrating the scale of autonomous AI deployment in financial workflows.
Researchers emphasize that agent security must be approached as a systems problem, treating the AI model powering the agent as an untrusted component. Security experts are proposing methods to intercept attacks as they move through interconnected AI-agent systems rather than relying solely on front-end filters or prompt moderation.
Google and Meta Expand Agentic AI Ecosystems
Google recently unveiled Gemini Spark, an always-on AI assistant capable of interacting across Workspace apps, cloud systems, and third-party platforms. The company is integrating AI agents deeper into Chrome, Gmail, Search, and Android systems.
Meta is preparing agentic AI assistants capable of executing personalized tasks across its social and messaging platforms. Security experts warn that increasingly autonomous systems create more opportunities for security breaches and malicious attacks across these interconnected ecosystems.
