Capability hunts down shadow AI, compromised agents, and AI systems behaving outside their
intended permissions
Coalfire, an industry-leading cybersecurity services and solutions company, today announced a new AI Threat Hunting capability from its DivisionHex practice. It’s designed to uncover hidden AI risks inside enterprise environments, including shadow AI, compromised AI agents, and a newly emerging threat category: agentic insider risk.
As organizations rapidly deploy generative and agentic AI tools across business workflows, security teams are struggling to maintain visibility into how these systems are being used, and misused. A recent survey from Richmond Advisory Group found that 63% of security teams have a primary mandate to use AI to reduce costs, yet nearly 90% of surveyed organizations have faced an AI-driven incident in the last 18 months. Coalfire’s new service extends traditional threat hunting methodologies to actively search for signs that AI systems are introducing new attack paths or acting outside their intended permissions.
Neil Wyler, vice president of defensive services, Coalfire, said: “AI agents are quickly becoming highly privileged actors inside corporate environments. They can access sensitive data, perform automated tasks, and interact with core systems. If those agents are manipulated, compromised or misconfigured, they don’t just behave like a malicious insider – they become one, exfiltrating data or enabling further compromise without anyone realizing it.”
While many organizations are familiar with the risks of shadow AI, the industry is overlooking a deeper issue: trusted AI agents that can be influenced or exploited. Agentic AI systems can be vulnerable to several forms of manipulation, including:
- Prompt injection attacks
- Data poisoning
- Unauthorized credential usage
- Privilege escalation through automation
- External influence that alters AI behavior
In these scenarios, AI systems may unintentionally access sensitive information, perform unauthorized actions, or assist attackers already present in the environment.
DivisionHex’s elite team of hackers conduct deep investigative reviews across enterprise environments to uncover:
- Shadow AI usage introduced by employees without security oversight
- Unauthorized AI integrations using corporate credentials or sensitive data
- AI agents accessing data or systems beyond their intended scope
- Indicators that threat actors are leveraging AI systems to expand access or persistence
- Signs that AI models or agents have been manipulated or influenced
The approach provides security teams with both visibility and remediation guidance, helping organizations safely adopt AI without introducing unseen vulnerabilities.
Coalfire’s AI Threat Hunting capability is available immediately through the DivisionHex practice and can be delivered as a standalone engagement or integrated with broader security assessments.
Christina Richmond, principal analyst, Richmond Advisory Group said: “AI adoption in the workplace is moving faster than most organizations’ ability to monitor and govern it. Without visibility into how employees use generative and agentic AI tools, companies risk creating a new wave of shadow AI and potentially unknown identities. Adoption without governance and monitoring introduces unexpected operational costs. Employing proactive AI threat hunting ensures organizations can harness AI safely while avoiding the downstream risks that come from unmanaged use.”
For more information, register to join Coalfire for an exclusive RSA happy hour at Sens on Tuesday, March 24th from 6:30–9:30 PM, or visit the Coalfire website.Â