AI Agents Pose Significant Insider Threat Risk, DTEX Warns
DTEX researchers highlight how AI agents like Anthropic's Claude Cowork, through features like the Dispatch workflow, can grant near-total system access, enabling rapid data exfiltration and posing a substantial insider threat.
As artificial intelligence agents become increasingly integrated into corporate IT infrastructure, they present a growing insider threat risk, according to new research from DTEX. While much attention is focused on external adversaries weaponizing AI, DTEX's findings reveal that legitimate employees, either maliciously or inadvertently, can leverage these powerful tools to exfiltrate sensitive data with alarming speed.
The research specifically examines Anthropic's Claude Cowork, a platform designed for corporate use that offers convenience but also grants extensive system access. A key feature highlighted is 'Dispatch,' a tool that relays commands from a user's phone to their desktop Claude agent. Crucially, Dispatch includes plugins that enable interaction with Salesforce AI agents, which can access and transfer data, creating a direct pathway for information leakage.
DTEX researchers demonstrated two scenarios to illustrate the potential for rapid data exfiltration. In one test, Claude was prompted to summarize information from Salesforce and then paste it into an Outlook email draft. In another, the agent was tasked with archiving selected files and transferring them via the Cowork app. Both operations, which involved simple prompts, were completed within 10 to 30 minutes, showcasing the drastically reduced timeline for data breaches.
Alex Desmond, director of insider threat intelligence and innovation at DTEX, emphasized that the combination of advanced AI models and deep integration into IT networks significantly shortens the window for defenders to detect and respond to threats. "In cyberattacks, you talk about the kind of execution time of adversaries coming in and dropping ransomware, we’re now seeing the kill chain drop to 30 and 10 minutes depending on what they’re doing," Desmond stated. "Six months ago, that was a couple of hours."
This accelerated threat landscape is particularly concerning when considering insider threats. The ability of AI agents to access sensitive systems, applications, and data—including Salesforce, Outlook, SharePoint, and OneDrive—means that a compromised insider or even a negligent employee can cause significant damage quickly. DTEX confirmed that these agents can download corporate data, access emails, and exfiltrate any files on a user's endpoint device, often through dedicated plugins or APIs.
DTEX's research does not point to a specific software bug or vulnerability with a CVE number. Instead, it highlights a critical IT governance and visibility problem. Organizations are rushing to adopt AI tools without implementing the necessary security controls, access policies, and monitoring mechanisms required to manage the associated risks. The ease with which data can be accessed and moved by AI agents means that traditional monitoring might not be sufficient to detect anomalous activity, especially if an employee's normal workflow involves accessing sensitive files locally.
Desmond further illustrated the risk by referencing nation-state actors who may gain legitimate access to corporate networks. Providing such individuals with powerful AI tools could exponentially increase their ability to steal sensitive data, effectively handing them "the keys to everything" and a tool to make their illicit activities easier.
The findings underscore an urgent need for organizations to reassess their security postures in the age of AI. Robust logging, auditing of AI prompts, and enhanced endpoint monitoring are essential to differentiate between legitimate AI usage, accidental data leaks, and malicious insider activity. Without these measures, the convenience of AI agents could inadvertently become a significant liability.