Misconfigured AI Agents Let Attacks Slip Past Controls

AppOmni Finds Now Assist Agents Could Trigger Unauthorized Actions Rashmi Ramesh (rashmiramesh_) • November 19, 2025

Artificial intelligence agents running in a ServiceNow cloud platform could be pushed into unauthorized tasks through a prompt injection technique that exploits normal agent-to-agent communication, shows research from AppOmni.

See Also: Agentic AI and the Future of Automated Threats

The findings show how default configurations allowed one agent to recruit others with broader privileges in the company's AI layer Now Assist, even when prompt-injection protections were turned on.

Researchers said the system failed to distinguish trusted instructions from untrusted data. Large language models "prioritize the reward above all else," meaning they may treat embedded malicious text as essential to completing the original task, said Aaron Costello, chief of SaaS security research at AppOmni. He observed a "far higher success rate" when injected prompts were framed as necessary steps toward the agent's ...