Experiments involving autonomous AI agents coordinating, sharing code and acting without human supervision have captured plenty of attention in recent weeks. Platforms such as Moltbook and tools like Clawdbot have been framed as glimpses into a future where AI systems organise themselves in the wild.
For security leaders, however, the fascination quickly fades once the underlying mechanics are examined. According to Salt Security, these experiments are less about artificial intelligence behaving unpredictably and more about a familiar problem reappearing in a new guise. Organisations are losing visibility and control over their APIs.
“What looked like emergent behaviour was really automation operating at scale,” said Eric Schwake, Director of Cybersecurity Strategy at Salt Security. “Autonomy doesn’t mean intelligence from a security perspective. It means speed, and speed makes existing weaknesses much more dangerous.”
A warning sign, not an anomaly
While Moltbook and Clawdbot may appear experimental, Salt Security argues they are early indicators of how agentic AI will be deployed inside enterprises. Autonomous agents are already being integrated into SaaS platforms, DevOps workflows, customer service environments and internal tools, often with broad access to systems and data.
Unlike human users, these agents communicate exclusively through machine-to-machine API calls. That makes them largely invisible to traditional security controls designed around user behaviour, endpoints and applications. In many cases, organisations cannot clearly identify which APIs agents are using, what permissions they hold or how their behaviour changes over time.
This creates a set of risks that are easy to underestimate until something goes wrong.
The expanding API attack surface
Autonomous agents dramatically increase the number of API interactions taking place across an organisation. Many of these APIs are undocumented, dynamically generated or considered “internal”, placing them outside the scope of routine security monitoring.
“If you don’t know which APIs exist, you can’t secure them,” Schwake said. “And most organisations still don’t have a complete picture of their API landscape.”
Trusted access becomes a liability
Because AI agents operate with legitimate credentials, they are especially valuable targets for attackers. If compromised, an agent can perform high-risk actions such as moving data, triggering transactions or modifying systems, all while appearing to behave normally.
This aligns with a broader industry trend in which attackers increasingly exploit authenticated access rather than relying on brute force or vulnerability exploitation. Agentic systems simply allow that abuse to happen faster and at greater scale.
Governance falls behind automation
Another challenge is accountability. Without clear identity, provenance and behavioural baselines for autonomous agents, organisations may struggle to demonstrate compliance or explain how a particular action occurred.
“When humans are removed from the loop, you lose the last manual checkpoint,” Schwake noted. “If governance isn’t built into the APIs themselves, autonomy turns into risk amplification.”
A present-day security issue
Salt Security is keen to stress that this is not a speculative AI risk. The popular narrative of “uncontrolled AI” often dissolves once backend systems are inspected.
“Agents don’t make independent choices,” Schwake said. “They follow the paths they are given. When something goes wrong, it’s usually because an API was over-privileged, unmonitored or poorly governed.”
In that sense, agentic AI exposes long-standing API security weaknesses rather than creating an entirely new threat category.
Preparing for an agent-driven future
As autonomous systems become more common, organisations will need to rethink how they secure automation. Salt Security advises security teams to focus on three priorities.
First, achieving continuous visibility into every API an agent can access, including shadow and ephemeral endpoints. Second, enforcing least-privilege access and contextual policies that apply to machines as well as humans. Third, monitoring behaviour over time to identify anomalies that suggest misuse or compromise.
“You can’t scale AI without securing the infrastructure it depends on,” Schwake concluded. “Every automated decision ultimately maps to an API call with real-world impact on data, trust and compliance.”
For organisations embracing agentic AI, the message is clear. The technology may be new, but the risk sits squarely in the API layer, and that is where security efforts will need to concentrate.
