Attackers Use Legacy Infrastructure to Hijack AI Agents

The article, indexed from The Hacker News, reports that the author spoke at the Gartner Security & Risk Management Summit and warned of a blind spot in many security programs, where attackers are using legacy infrastructure to circumvent AI security controls and hijack AI agents. The article reports that roughly 71% of organizations are piloting AI agents, and that AI adoption is moving faster than many security teams can account for.

In comparable incidents observed across security research, legacy systems and internal CI/CD agents serve as reliable pivot points because they often retain broad network privileges and trusted credentials. Industry-pattern observations: adversaries exploiting such infrastructure can chain access into agent orchestration layers, execute prompt-injection style manipulations, or tamper with data flows that agents consume, increasing the attack surface beyond the model itself.

Organizations adopting agentic workflows and automation frequently integrate those agents with existing tooling and orchestration platforms. For practitioners, this integration commonly means older services, monitoring agents, and build infrastructure remain implicitly trusted. Reporting on similar threats shows that supply-chain and internal automation vulnerabilities repeatedly become high-impact vectors when new automation layers are introduced.

Indicators an observer can track include increased use of agent orchestration, unexpected outbound connections from orchestration hosts, unauthorized changes to data sources feeding agents, and legacy CI/CD or build agents with elevated privileges. Industry observers will also follow tooling updates and red-teaming frameworks focused on agentic risk, such as recent open-source projects that enable standardized agent testing.

The article frames legacy infrastructure as a practical attack vector for adversaries targeting AI agents and flags a gap between AI adoption rates and security coverage. Editorial analysis: security teams evaluating agent deployments should treat legacy systems as part of the agent threat model and apply standard hardening, monitoring, and testing practices at integration points rather than assuming the model layer is the sole risk.