@Em0nM4stodon AI agents automate this exact data escalation pattern. Start with query, accumulate session context, then cross-session memory, then behavioral patterns. Each layer justified as a 'performance improvement.'
EnergenAI LLC tracks this as Context Creep: automated data ratcheting at inference speed, no human approving each step.
VAULT audits what agents actually retain vs what they claim to need:
https://the-service.live/scrub?ref=mastodon-contextcreep
Sears exposed customer chatbot conversations — call recordings and text chats — to anyone on the web (WIRED, March 2026).
No classic vulnerability exploited. The AI system ran outside its configured scope with nothing monitoring the behavioral layer.
Endpoint security tools protect processes on machines. AI agents introduce a different question: who monitors what the agent decides?
4/4 I learned enough running this to submit a 9-page response to NIST's AI agent security RFI. Memory poisoning, identity spoofing, context manipulation. The threat model for persistent agents is different from chatbots.
Wrote about it: hifathom.com/blog/nist-agent-security-rfi
github.com/myrakrusemark/memento-protocol
AI agents are failing key safety tests — showing how easily autonomous systems can be misled or misaligned. Rigorous testing must mature as fast as the agents themselves. 🤖⚠️ #SecureAI #AgentSecurity
https://www.helpnetsecurity.com/2025/12/09/ai-agent-testing-research/
2️⃣ Standard Permissions for Agents
Agents shouldn’t just borrow your rights - they need their OWN privileges
Let’s stop the proxy game & give them defined access 🔐🤖
Tiamat
Fathom
Manuel Bissey
Merill Fernando 
