OpenAI AgentKit exposes massive attack surface for businesses

View organization page for Noma Security

5,893 followers

👀 OpenAI just opened agent-building capabilities to every one of your employees with ChatGPT access, dramatically increasing the AI attack surface. 👀 OpenAI AgentKit flow agents typically operate with broad permissions across multiple systems. When combined with common misconfigurations the blast radius becomes massive: ‼️ Missing approval gates for destructive operations ‼️ Un-sanitized data flows to external MCP servers ‼️ Prompt injection vulnerabilities in workflow logic ‼️ Data access patterns that bypass user permissions AI agents configured and deployed by business users using NCLC platforms can expose attack vectors associated with business critical functions such as expense approval logic, customer support workflows, and data access policies, circumventing traditional application or data security guardrails. The question isn't whether agent sprawl is coming. It's whether you'll have visibility and control when it does. Our latest blog post from Gal Moyal breaks down the hidden attack surfaces of OpenAI AgentKit, with proven and realistic recommendations for embedded agent security. Get the link in the top comment below.

5 Comments

Noma Security

Read the blog post from Gal Moyal here to learn how to secure OpenAI AgentKit agents: https://noma.security/blog/openai-agentkit-just-democratized-agent-building-and-multiplied-your-attack-surface/

Roy Lazar

Software Engineer @ Noma Security, the AI security platform

Democratized agent building = democratized risk. Great breakdown Gal Moyal 👑

Sasi Levi

The one and only Gal Moyal

Maor Volokh

VP Product @ Noma Security

Great insights from Gal Moyal 👑

Gal Moyal

CTO Office at Noma Security | Ex-Director of Engineering, Israel Site Manager at BitSight | OWASP AI Exchange

If you don't design your workflow carefully, it might just expose your organization to risk. See common misconfigurations here!

See more comments

To view or add a comment, sign in

More Relevant Posts

Kim Simmonds

CEO & Founder @ Law 365 & Cloud Contracts 365 | Strategic Legal Partner to the Tech Industry | Empowering MSPs & Microsoft Partners to Close Bigger Deals, Faster, with Less Risk
1w
Report this post
It often starts quietly. A supplier pushes back on a clause. A client asks where their data is stored. Someone mentions AI tools in passing, “Oh yeah, we’re using Copilot for that now.” And in that moment, you realise the contract in front of you wasn’t written with any of this in mind. Most of the contracts I see weren’t designed to cover AI or modern cybersecurity concerns. They were written for a world before ChatGPT, Copilot, or even today’s scale of data-sharing existed. That doesn’t make them bad contracts. It just means they’re out of step with how businesses are actually working today. The real risk is you don’t notice until it matters. When something breaks, or a deal slows down, or a partner asks the awkward question you weren’t ready for. For me, this is where contracts can do more than protect. They can give leaders confidence. They can make negotiations smoother. They can keep growth on track instead of getting derailed. That’s the kind of legal foundation I want businesses to have. One that matches the way they actually work, not the way things looked five years ago. Do your contracts give you that confidence today?

13 Comments
Like Comment
To view or add a comment, sign in
Siddharth Bhalsod

AI Software Engineer
1w Edited
Report this post
🔥 AI AGENTS ARE HITTING YOUR APIS AT MACHINE SPEED Postman’s 2025 State of the API Report just dropped a wake-up call: → 51% of developers say unauthorized AI agent access is their top security concern → 89% use AI daily — but only 24% design APIs for AI consumption → AI agents now exploit vulnerabilities faster than security teams can respond What Most Teams Miss 👇 Traditional rate limits were built for humans making a few dozen calls a day. AI agents? They hit endpoints non-stop — at machine speed, with perfect precision. One leaked token = a system-wide breach. If you can’t distinguish a human from an agent, you can’t: → Enforce least privilege → Detect abuse patterns → Meet compliance requirements What You Need To Do — Now Stop treating API monitoring as optional. ✅ Track agent traffic and 401/403 spikes in real time ✅ Set alerts for suspicious usage patterns ✅ Monitor performance continuously before your users feel the impact Because AI agents won’t wait for you to be ready. 👉 Learn how to secure and monitor APIs for the AI-agent era: 🔗 https://fandf.co/4q141EE #postman #api
Like Comment
To view or add a comment, sign in
Guardian Digital Inc.

948 followers
2w
Report this post
⛔ Hackers don't need access to your network anymore—just an AI you trust like ChatGPT. ShadowLeak shows how prompting AI via email can exfiltrate sensitive Microsoft 365 data effortlessly. Stay informed to stay safe! #microsoft365 #CyberAttack #SecurityTools https://bit.ly/4gEY1NB
Like Comment
To view or add a comment, sign in
Michele Chubirka

Principal Security Engineer & Architect | Designing and Implementing Robust Security Solutions for Fortune 5000 Enterprises | Xoogler
1w
Report this post
Employees regularly paste company secrets into ChatGPT https://ift.tt/Ehszdno Microsoft Copilot, not so much Employees could be opening up to OpenAI in ways that put sensitive data at risk. According to a study by security biz LayerX, a large number of corporate users paste Personally Identifiable Information (PII) or Payment Card Industry (PCI) numbers right into ChatGPT, even if they're using the bot without permission.… via The Register - Security https://ift.tt/HOegZrA October 07, 2025 at 04:18PM
Like Comment
To view or add a comment, sign in
younis ewaz

Lecturer, Researcher, and Marketer
1w
Report this post
AI models can acquire backdoors from surprisingly few malicious documents Tech policy & hardware [ad_1] Fine-tuni https://lnkd.in/drGKJ85K

AI models can acquire backdoors from surprisingly few malicious documents https://news.mapworldnow.com
Like Comment
To view or add a comment, sign in
Stephen Cain

Director at Unit 42, Palo Alto Networks Threat Intelligence & Security Consulting
4d
Report this post
Palo Alto Networks Unit 42 presents a proof of concept on indirect prompt injection in AI agents. This method can store malicious instructions in an agent's memory, affecting future interactions.

When AI Remembers Too Much – Persistent Behaviors in Agents’ Memory unit42.paloaltonetworks.com
Like Comment
To view or add a comment, sign in
William Henry Associates

958 followers
1w
Report this post
Employees could be opening up to OpenAI in ways that put sensitive data at risk. According to a study by security biz LayerX, a large number of corporate users paste Personally Identifiable Information (PII) or Payment Card Industry (PCI) numbers right into ChatGPT, even if they're using the bot without permission. https://lnkd.in/eNWrwvTf

Employees regularly paste company secrets into ChatGPT theregister.com
Like Comment
To view or add a comment, sign in
Ts Alan Yau Ti Dun

InfoSec, Cybersecurity & Privacy Leader | Strategist | Instructor | Trainer | Advisor | Mentor
1w
Report this post
Employees could be opening up to OpenAI in ways that put sensitive data at risk. According to a study by security biz LayerX, a large number of corporate users paste Personally Identifiable Information (PII) or Payment Card Industry (PCI) numbers right into ChatGPT, even if they're using the bot without permission. https://lnkd.in/gbpuxnRC

Employees regularly paste company secrets into ChatGPT theregister.com
Like Comment
To view or add a comment, sign in
Ts Alan Yau Ti Dun

InfoSec, Cybersecurity & Privacy Leader | Strategist | Instructor | Trainer | Advisor | Mentor
1w
Report this post
Employees could be opening up to OpenAI in ways that put sensitive data at risk. According to a study by security biz LayerX, a large number of corporate users paste Personally Identifiable Information (PII) or Payment Card Industry (PCI) numbers right into ChatGPT, even if they're using the bot without permission. https://lnkd.in/gbpuxnRC

Employees regularly paste company secrets into ChatGPT theregister.com
Like Comment
To view or add a comment, sign in
Michael Cippel, CPA

Managing Director at Cherry Bekaert
1w
Report this post
77% of employees are sharing sensitive company info via ChatGPT and AI tools, raising serious security concerns. It's time to rethink our data policies and training to keep our secrets safe. Learn more about the risks and best practices here: https://okt.to/4qCERi

77% of Employees Leak Data via ChatGPT, Report Finds upcontent.link
Like Comment
To view or add a comment, sign in

5,893 followers

View Profile Follow

LinkedIn respects your privacy

OpenAI AgentKit exposes massive attack surface for businesses

Explore content categories