Information from Check Point's AI specialist, Lakera, shows that 2025 was the year of the agent. Not because agents suddenly transformed the world, but because we began to see the earliest practical applications of agentic behaviours: models reading documents, calling tools, browsing controlled sources, and coordinating simple multi-step tasks.
These systems are still early in their evolution. But Q4 made one thing clear: as soon as models begin interacting with anything beyond plain text, documents, tools, or external sources, attackers adjust immediately and probe any new pathways that appear.
To understand how attackers adapted, the company analysed a focused 30-day window of Q4 activity across Lakera Guard-protected applications and interactions in the Gandalf: Agent Breaker environment. While narrow in scope, this snapshot reflects the same patterns observed throughout the quarter and provides a grounded view of how adversaries probed both emerging agentic features and more traditional chatbot-style systems.
As soon as models began interacting with documents, tools and external data, the threat surface shifted. The moment a system can read an untrusted webpage or execute a structured workflow, attackers gain new paths to influence it.
This does not mean agents are mature or widely deployed. This means the rate of progress is fast enough for attackers to test every new capability as soon as it appears. Even early browsing, retrieval, or lightweight tool use creates new behaviours and weaknesses, and attackers immediately move to explore them.
Indirect attacks required fewer attempts
One of the clearest Q4 signals was that indirect attacks succeeded with fewer attempts than direct prompt injections. When harmful instructions arrive via external content rather than explicit user intent, early filters are less effective. This pattern is likely to grow as agents integrate more deeply with retrieval systems, browsers and structured data sources.
Find out more here.
© Technews Publishing (Pty) Ltd. | All Rights Reserved.