Unauthorized use risk for AI

Last updated: May 27, 2025

Robustness

Agentic AI risks

Amplified by agentic AI

Description

Unauthorized use: If attackers can gain access to the AI agent and its components, they can perform actions that can have different levels of harm depending on the agent’s capabilities and information it has access to. Examples:

Using stored personal information to mimic identity or impersonate with an intent to deceive.
Manipulating AI agent’s behavior via feedback to the AI agent or corrupting its memory to change its behavior.
Manipulating the problem description or the goal to get the AI agent to behave badly or run harmful commands.

Why is unauthorized use a concern for foundation models?

Attackers accessing the agent can alter AI agent’s behavior and make it execute actions that benefit the attacker such as executing actions that lead to system degradation, data exfiltration, exhausting available resources, and impairing performance. The actions taken by the attackers may cause harms to others.

Parent topic: AI risk atlas

We provide examples covered by the press to help explain many of the foundation models' risks. Many of these events covered by the press are either still evolving or have been resolved, and referencing them can help the reader understand the potential risks and work toward mitigations. Highlighting these examples are for illustrative purposes only.

Was the topic helpful?

0/1000