When artificial intelligence (AI) first burst into the public consciousness with the launch of ChatGPT in late 2022, many people saw the technology as a helpful chatbot.

They found an AI-powered chatbot could help with anything from answering a question to generating everything from text to computer code. Popularity and usage grew exponentially.

Fast forward almost three years and things have changed significantly with the emergence of Agentic AI. This technology can perform multi-step tasks, invoke APIs, run commands, and write and deploy code autonomously.

AI agents go much further than responding to prompts – they’re actually making decisions. While this will make the tools even more useful, it also poses security risks. Once an IT system starts taking autonomous actions, safety and control become paramount.

A challenge two years in the making

The challenge posed by Agentic AI was first flagged back in 2023 with the release of the OWASP Top 10 for LLM Applications report[1]. In it the term ‘excessive agency’ was coined.

The argument was that, if an AI model is given too much autonomy, it begins to act more like a free agent than a bounded assistant. It might be able to schedule meetings or book conference rooms, however it could also delete files or perhaps provision excessive cloud infrastructure.

If not deployed and managed carefully, AI agents can start to behave like a confused deputy. They could even become sleeper agents just waiting to be exploited in a cybersecurity incident.

These are more than just idle predictions. In recent real-world examples agents from major software products like Microsoft Copilot[2] and Salesforce’s Slack tool[3] were both shown to be vulnerable to being tricked into using their escalated privileges to exfiltrate sensitive data.

Standards and protocols

During 2025, there has been a wave of new standards and protocols designed to handle the rising capabilities of AI agents. The most prominent of these is Anthropic’s Model Context Protocol (MCP) which is a mechanism for maintaining shared memory, task structures, and tool access across long-lived AI agent sessions.

MCP can be considered as the ‘glue’ that holds an agent’s context together across tools and time. It enables users to tell an agent what they are allowed to do and what they should remember.

While MCP is a much-needed step, it has also raised new questions. This is because the focus with MCP has been on expanding what agents can do, rather than reining them in.

While the protocol helps co-ordinate tool use and preserve memory across agent tasks, it doesn’t yet address critical concerns like prompt injection resistance which is when an attacker manipulates shared memory.

MCP also doesn’t tackle command scoping, where an agent is tricked into exceeding its permissions or token abuse which is when a ‘Leaked Memory Blob’ can be used to expose API credentials or user data.

Unfortunately, these are not theoretical problems. A recent examination of security implications revealed that MCP-style architectures are vulnerable to prompt injection, command misuse, and even memory poisoning, especially when shared memory is not adequately scoped or encrypted.

An issue requiring immediate attention

This is not a problem that can be ignored as it relates to tools that many developers are already using. Coding agents like Claude Code and Cursor are gaining real traction inside enterprise workflows and delivering significant benefits.

GitHub’s internal research showed Copilot could speed up tasks by 55%. More recently, Anthropic reported 79% of Claude Code usage was focused on automated task execution, and not just code suggestions.

This represents a significant productivity boost, but shows the tools are no longer simply copilots – they’re actually flying solo.

Also, it’s not just software development as MCP is now being integrated into tools that extend beyond coding. These cover activities such as email triage, meeting preparation, sales planning, document summarisation, and other high-leverage productivity tasks. 

While many of these use cases are still in their early stages, they’re maturing rapidly, and this changes the stakes. It demands attention from business unit leaders, CIOs, CISOs, and Chief AI Officers alike.

Preparation is essential

As these agents begin accessing sensitive data and executing cross-functional workflows, organisations must ensure that governance, risk management, and strategic planning are integral from the outset. Integrating autonomous agents into a business without proper controls is a recipe for outages, data leaks, and regulatory blowback.

There are some key steps that should be taken. One is to launch agent pilot programs, but also to require code reviews, tool permissions, and sandboxing.

Agent autonomy should also be limited to what’s actually necessary as not every agent needs root access or long-term memory. Developers and product teams should also be trained on safe usage patterns, including scope control, fallback behaviours, and escalation paths.

Organisations that regard AI agents as a part of core infrastructure – rather than novelty tools – will be best placed to enjoy the benefits. The time for considering and acting on the associated challenges is now. 

Tech billionaire Elon Musk has once again turned heads, this time by announcing that his AI company, xAI, is working to develop a version of software-giant Microsoft run exclusively on artificial intelligence. 

“Join @xAI and help build a purely AI software company called Macrohard,” Musk posted to his social network X. “It’s a tongue-in-cheek name, but the project is very real!”

While Musk has had a long history of trolling or making proclamations that have never come to fruition, there was some evidence that Macrohard was more than just an online joke. 

The U.S. Patent and Trademark Office website showed that xAI filed a trademark request for “macrohard” on Aug. 1, 2025. 

The application requested exclusive use of the Macrohard name in the arena of “downloadable computer programs and downloadable computer software.”  

In his post, Musk explained why he believed an exclusively AI software company was a realistic possibility. 

Want to go solar but not sure who to trust? EnergySage has your back with free and transparent quotes from fully vetted providers that can help you save as much as $10k on installation. To get started, just answer a few questions about your home — no phone number required. Within a day or two, EnergySage will email you the best local options for your needs, and their expert advisers can help you compare quotes and pick a winner.

“In principle, given that software companies like Microsoft do not themselves manufacture any physical hardware, it should be possible to simulate them entirely with AI,” he wrote.

Were Macrohard to become its own company, completely AI-run or not, it would become just the latest in a long list of Musk-led ventures, including xAI, Tesla, The Boring Company, SpaceX, Neuralink, and X Corp, according to Business Insider.

Across his many ambitious projects, Musk increasingly has placed his focus on artificial intelligence and robotics. 

Despite Tesla‘s being the No. 1 maker of EVs in the United States, Musk famously has said that Tesla’s self-driving technology was “the difference between Tesla being worth a lot of money and being worth basically zero,” per The Washington Post.  

Further, at a 2024 Tesla shareholder meeting, Musk boasted that he believed the company’s Optimus robot could one day lead the company to a $25 trillion market capitalization, CNBC reported at the time. 

As CNBC pointed out, when Musk made these remarks, the market capitalization for the entire S&P 500 was $45.5 trillion. 

Musk himself has admitted to being “pathologically optimistic,” per CNBC, about his own projects.

It’s difficult to assess the potential energy impact of using AI to create an entire software company and operating system to compete with Microsoft. It may require a lot of energy and cooling resources for data centers to accomplish, though as is always the case with AI, if an AI project can save significant human time that could include human resources such as commuting, food, and drink that could be applied toward enabling people to do other work, at some point the scale can tip — of course, as long as the ends justify the means with a functional product. 

In many cases, people have cited that AI has appeared impressive only to produce many flaws under the surface that rendered its use fruitless for a particular project. A famous example is a viral X post in which user @vasumanmoza jokingly summarized the results of using AI to refactor a code base: “It modularized everything. Broke up monoliths. Cleaned up spaghetti,” they wrote.

“None of it worked. But boy was it beautiful.”

While only time will tell whether Macrohard or some other exclusively AI-run software company poses a risk to the future of tech behemoths like Microsoft, one thing seems certain: Musk will continue to put his significant financial clout and social capital behind AI and robotics. 

Join our free newsletter for good news and useful tips, and don’t miss this cool list of easy ways to help yourself while helping the planet.