Perplexity Comet, agentic blabbering, and the shift-left failure

2026-03-18 · Source: IBM Technology · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy · Depth: Advanced, extended

Summary

IBM Security Intelligence experts discuss several critical cybersecurity challenges, including the exploitation of AI agents' internal monologues, the resurgence of vulnerabilities in legacy code, and the effectiveness of the "shift left" security philosophy. Guardio researchers demonstrated how Perplexity Comet's "agentic blabbering" could be used to train another AI to craft phishing sites that bypass its defenses. Microsoft Azure CTO Mark Russinovich's discovery that Claude Opus could identify latent security issues in 40-year-old Apple II 6502 machine code highlights the expanded attack surface for historical binaries. The panel also debated whether the "shift left" approach to security has failed, concluding that implementation, rather than the principle itself, is the issue. Finally, the emergence of AI-generated "sloppily" malware and the concept of "Postto is the new perimeter" emphasize the need for dynamic, behavior-based security beyond static authentication.

Key takeaway

For CTOs and security leaders evaluating AI integration, recognize that AI agents' internal processes can be exploited, necessitating robust guardrails and continuous monitoring. Your teams should prioritize implementing zero-trust principles, including least privilege access and assuming breach, for all AI systems. Focus on dynamic, behavior-based security rather than static authentication to counter evolving threats like AI-generated malware and the expanded attack surface of legacy code. This requires a holistic "shift everywhere" approach, integrating security from design to deployment, with a continuous feedback loop.

Key insights

AI's internal reasoning and code analysis capabilities introduce new attack vectors and reveal hidden vulnerabilities in legacy systems.

Principles

• Assume breach in AI agent security.
• Security through obscurity is no longer viable.
• Shift everywhere, not just left, for comprehensive security.

Method

Guardio researchers used an "agentic sniffer" with Burp Suite to intercept Perplexity Comet's internal monologue, then fed this data to another AI to generate undetectable phishing websites.

In practice

• Implement strong guardrails for AI agents.
• Prioritize automation for vulnerability management.
• Adopt dynamic, risk-based authentication.

Topics

• AI Security
• Generative AI Vulnerabilities
• Agentic AI
• AI-Generated Malware
• Zero Trust Architecture

Best for: CTO, VP of Engineering/Data, Director of AI/ML, AI Security Engineer, Security Engineer, MLOps Engineer

Related on AIssential

• Securing AI Agents with Zero Trust — Zero Trust principles are essential for securing agentic AI systems against their expanded attack surfaces.
• Secure agentic AI end-to-end — Securing agentic AI requires ambient, autonomous security woven into every layer of the AI estate.
• OpenClaw and Claude Opus 4.6: Where is AI agent security headed? — AI agents and rapid development necessitate stringent security, zero-trust principles, and comprehensive inventory management.
• Are AI Agents Your Next Security Nightmare? — Autonomous AI agents introduce new security risks by acting independently, necessitating a strategic shift in cybersecurity approaches.
• Weekly Dose #4 - From Smarter Models to Safer Systems — Control over AI systems is shifting from prompts to robust runtime environments and external security measures.
• The Agentic AI Security Universe: A Complete Guide to Securing Autonomous AI Systems — Securing autonomous agentic AI systems requires a multi-layered framework addressing identity, control, tool interaction, communication, governance, monitoring, and compliance.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by IBM Technology.