This panel discussion explored the dual-edged nature of agentic AI — autonomous systems that plan, act, and adapt independently. It examined the transformative potential of agentic AI amid vulnerabilities, including adversarial manipulation, data poisoning, and cross-border ripple effects, across finance, healthcare, energy, and digital public infrastructure (DPI). It addressed themes such as novel vulnerabilities in accelerating DPI inclusion, sector-specific safeguards, and global consensus on norms and standards.
The discussion opened with an example of the Anthropic Claude model’s exploitation in a Chinese-backed cyberespionage campaign that targeted 30 organisations across sectors and geographies. In this operation, 80-90 percent of the hacking was done autonomously by AI. This incident highlights critical shortcomings in existing AI validation methods for handling real-world adversarial manipulation, necessitating adaptive standards that evolve with emerging threats.
Discussions highlighted that agentic AI chains operate at superhuman speeds, enabling poisoning, scraping, and cascades unaddressed by static/perimeter defences. The rapid rise of DPI amplifies these vulnerabilities exponentially. The healthcare sector demonstrates this risk. The deployment of AI in a hospital, for instance, leads to workflow optimisation, such as reducing wait times through staff scheduling, automating patient histories, and updating doctors’ duty rosters. However, vulnerabilities are also emerging due to insufficient guardrails, including exposure of patient/staff data, legitimate APIs that enable mass scraping of internal endpoints, and cascading failures in interconnected DPI agents. The speakers also highlighted how agentic AI exploits human biases, amplifying misinformation and malice to undermine core values and manipulate human behaviour—posing acute risks to youth in an era of pervasive digital influence.
The accountability of AI models then becomes a critical issue: who is responsible when agents “go rogue”? The existing endpoint-focused security approach is inadequate for addressing dynamic AI behaviours. In this context, speakers highlighted three levels of safeguards: technical (least-privilege sandboxing, human sign-off for critical actions, logging/monitoring of agent tasks, digital twins for pre-deployment stress testing); operational (revising incident response playbooks for AI threats); and regulatory (NIST AI Risk Management Framework).
In addition, citizen awareness and education are imperative to demystify AI as “non-magic”; to embed moral principles for proactive ethics; to learn from unforeseen societal shifts in the internet and social media; and to monitor the balance between innovation and safety. The Global South also needs to be proactive in addressing the challenges posed by agentic AI and other emerging technologies. It must strive to forge multistakeholder consensus to create enduring norms and principles.
This event report has been written by Sameer Patil.
The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.
PREV
