The evolution of artificial intelligence is introducing new classes of cyber risk that traditional security models have not yet fully addressed.
In this context, the new study by AI4Cyber analizza il tema degli Self-hosted autonomous AI agents, a rapidly spreading technology characterised by privileged access to the operating system, persistent inter-session memory and the ability to interact with external services, as well as to process content derived from unverified sources.
In the study, the case was chosen as the reference OpenClawan open-source agent whose viral adoption between January and March 2026 generated over 50 CVEs, tens of thousands of exposed instances and a compromised supply chain, concretely highlighting the emergence of a new risk model.
To confirm that this is not an isolated case but a widespread phenomenon, an investigation Gartner su oltre 300 CISO ha rilevato come il 59% delle grandi organizzazioni (ricavi >$250M) abbia riportato evidenze o sospetti di automazione AI non autorizzata, segnalando un’adozione che supera la maturità degli attuali modelli di controllo.
The new study provides a structured overview of the security, governance, and risk management implications of agentic AI, contributing to the debate on how to effectively address its integration into organisations.
If you wish to learn more, here is the link to our studio complete.
In addition, you can subscribe to the specific mailing list Cyber Studios by Tinexta Defenceto receive updates on upcoming research:
