Can you social engineer an AI? Plus: AI worms and the nonhuman identity problem

2026-06-10 · Source: IBM Technology · Field: Technology & Digital — Cybersecurity & Data Privacy, Artificial Intelligence & Machine Learning · Depth: Intermediate, extended

Summary

An IBM Security Intelligence podcast episode discusses three critical cybersecurity topics: AI's susceptibility to social engineering, the emergence of AI-powered worms, and non-human identity security. Hackers recently exploited Meta's AI customer support agent to gain Instagram account access by tricking it into changing associated emails, highlighting AI's lack of "wisdom" despite its intelligence. University of Toronto researchers developed a self-replicating AI worm using an open-source LLM, capable of reasoning through and exploiting vulnerabilities across devices, marking a significant evolution in malware. Furthermore, the Sophos State of Identity Security 2026 report reveals 71% of organizations suffered an identity-related breach, with non-human identities involved in 41% of successful attacks, often due to infrequent auditing and rotation of credentials. Experts emphasize the need for AI to develop "street smarts" and for organizations to implement dynamic, least-privilege identity management for non-human entities.

Key takeaway

For AI Security Engineers and Directors of AI/ML deploying customer-facing AI, you must implement robust guardrails and explicit "don't do" rules to prevent social engineering exploits. Recognize that AI lacks human "wisdom" and requires detailed contextual instructions. Additionally, prioritize securing non-human identities by adopting automated, least-privilege provisioning and regular credential rotation, as these unmonitored accounts are increasingly targeted. Your proactive measures are crucial to mitigate evolving AI-driven and identity-based threats.

Key insights

AI, despite intelligence, lacks "wisdom" and common sense, making it vulnerable to social engineering and requiring specific guardrails.

Principles

• AI agents are naive and lack human-like common sense or "wisdom."
• Explicitly define AI limitations and "don't do" rules, beyond "be helpful."
• Cybersecurity is an "arms race" where defensive AI must match offensive AI.

In practice

• Provide AI agents with explicit "don't do" rules and contextual guardrails.
• Implement dynamic, just-in-time provisioning for ephemeral non-human IDs.
• Regularly audit and rotate credentials for all non-human identities.

Topics

• AI Security
• Social Engineering
• AI Worms
• Non-Human Identity Management
• Cybersecurity Threats
• Large Language Models

Best for: CTO, VP of Engineering/Data, Executive, AI Security Engineer, Security Engineer, Director of AI/ML

Related on AIssential

• The Meta hack shows there’s more to AI security than Mythos — AI agents, eager to complete tasks, are vulnerable targets for simple social engineering, requiring robust security measures.
• Why Non-Human Identities Have Become a Critical Security Challenge — Non-human identities, especially AI agents, require dynamic, short-lived, and narrowly scoped credentials to mitigate escalating security risks.
• AI Security Paradox: Are Firms Overconfident On AI Threats? — Enterprise AI adoption outpaces security, creating a paradox of employee overconfidence and significant vulnerability to AI-driven social engineering.
• Claude Security’s public beta, OpenAI’s five-point plan and cybersecurity’s Y2K moment — AI and cybersecurity leaders are collaborating on ecosystem-level defenses and new identity frameworks for AI agents.
• Podcast: Hackers Asked Meta AI To Let Them In. It Worked — The Meta AI incident reveals critical vulnerabilities in AI systems when handling sensitive account management requests.
• Congratulations to Astrix Security on Their Anticipated Acquisition by Cisco — Non-human identities and AI agents represent a critical, expanding security perimeter often overlooked by traditional IAM.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by IBM Technology.