AI Agents: A New Attack Surface Hiding in Plain Sight
AI agents are rapidly moving from simple chatbots to autonomous systems that read emails, manage accounts, write and execute code, and handle financial workflows. This shift quietly introduces a new attack surface: software entities acting on behalf of users, often with powerful permissions and persistent access. Unlike humans, these agents follow instructions without context, making them vulnerable to malicious prompts, deceptive websites, and hidden payloads embedded in code or files. Traditional endpoint protection was built around devices, users, and networks—not autonomous agents that can spin up tools, connect to unfamiliar services, and operate across multiple online accounts simultaneously. When an AI agent is tricked, it may exfiltrate data, run unsafe scripts, or authorize transactions far beyond what the user intended. As more everyday tasks are delegated to automation, organisations and individuals must treat AI agent security as a distinct discipline, rather than assuming existing antivirus and VPN tools will provide adequate protection.
Why Traditional Antivirus and VPNs Fall Short for AI Agent Security
Conventional antivirus and VPN solutions were designed for human-driven activity. They secure a device’s traffic, scan files for malware, and encrypt connections—but they typically do not distinguish between what a user does and what an AI agent does on the same machine. This blind spot matters. An AI agent can quietly access sensitive accounts, invoke plugins, and call external APIs in ways that look like normal traffic to legacy tools. Without visibility into agent decisions, traditional endpoint protection cannot intervene when an agent is redirected to a malicious site or tricked into downloading unsafe code. Nor can a standard VPN control which locations an agent may connect from, or segment its traffic from the user’s. As agent-based workflows expand, security needs to move closer to the agent’s decision loop—monitoring its actions, validating its tools, and enforcing policies that are specific to autonomous behaviour, not just human browsing patterns.
VPN for AI Agents: Multi‑Tunnel Protection for Automated Workflows
To address these gaps, Gen has introduced VPN for Agents, a virtual private network designed specifically for autonomous AI workflows. Instead of simply encrypting all traffic from a device, this VPN separates an agent’s connections from the user’s and applies controls over where the agent can go and what it can access. A key feature is multi‑tunnel technology, which allows AI agents to operate across different countries at the same time while still shielding identity and location details to reduce tracking and profiling. Importantly, VPN for Agents is built to work without software downloads or complex client setup, making it more practical for users who rely on multiple AI tools. By treating AI agents as first‑class security subjects, this approach helps contain the blast radius if an agent is misdirected, and it lays the groundwork for more granular network policies tailored to automated tasks rather than human sessions.
Norton AI Agent Protection: Endpoint Protection Meets Agent Control
Gen has also expanded Norton AI Agent Protection within Norton 360, integrating AI‑specific safeguards directly into its consumer endpoint protection platform. This capability monitors what supported AI agents do and where they connect, inserting a control layer between an agent’s decision and execution. It can block risky connections, prompt users before tools are invoked, and apply checks before plugins, skills, or external tools are used. Norton AI Agent Protection is currently available to Norton 360 customers on Windows using agent‑centric tools such as Claude Code, Cursor, and OpenClaw, with Mac support planned. It scans code and files that AI agents access or generate, detecting malware and unsafe scripts before they run. By combining monitoring, blocking, and pre‑execution scanning, Norton AI protection turns endpoint protection into a trust layer for AI agents, extending beyond traditional antivirus to address prompt injection, tool abuse, and unintended data exposure in automated workflows.
High‑Risk Use Cases: Financial and Code‑Handling Agents
Not all AI agents are equally risky. Those that manage financial operations or handle code represent some of the most sensitive deployment scenarios for enterprises and consumers alike. Financial agents may access banking portals, automate payments, or reconcile accounts, making them prime targets for prompt injection and account‑takeover schemes. Code‑handling agents, meanwhile, routinely download libraries, generate scripts, and execute programs—an ideal channel for malware authors who want their payloads run inside trusted environments. Gen’s Agent Trust Hub, developed through collaboration between Gen Threat Labs and Gen AI Foundry, is designed to serve as a central control point for this activity. By combining verification, detection, and communication security, the platform extends Gen’s trust framework across the entire AI agent workflow. For organisations embracing automation, deploying VPN for AI agents alongside Norton AI Agent Protection offers a practical baseline: segment agent traffic, supervise their actions, and ensure every connection, tool, and script is scrutinised before it can impact critical systems or sensitive data.