Likelihood: MODERATE
Impact: HIGH
Treatment: MITIGATE
Confidence: Moderate
Exploitation is unconfirmed but the structural exposure is active and expanding: agentic AI agents operating inside Falcon with inherited permissions across 1,800+ connected applications represent a broad, permissive attack surface that adversaries are known to target via prompt injection and supply-chain manipulation — attack patterns already observed in early agentic deployments. Impact is high because a misconfigured or manipulated agent operates at the privilege level of the platform itself, enabling potential exfiltration of investigation data, modification of security controls, or lateral movement across integrated enterprise applications — consequences that would be operationally and reputationally severe.
Treatment rationale: The exposure is structural and addressable through governance controls — least-privilege scoping, agent action logging, human-in-the-loop gates for high-risk actions, and prompt injection detection — making avoidance unnecessary and acceptance indefensible at this risk level.
Third-Party / Supply-Chain Risk
Dual third-party dependency: CrowdStrike (Falcon platform and AgentWorks framework) and OpenAI (GPT-5.4-Cyber via TAC program) both sit in the trust chain for agent behavior. Per NIST SP 800-161, neither vendor is under the deploying organization's direct security control, yet both can influence agent permissions, model outputs, and action scope across the customer's connected application estate. A supply-chain compromise or misconfiguration at either vendor propagates autonomously through the agent layer into the customer environment.
Loss Exposure (illustrative)
Magnitude: high — illustrative $500K–$5M per event, spanning incident response, forensic analysis of agent action logs, regulatory response, and operational disruption from security configuration rollback
Frequency: illustrative 1-in-5 to 1-in-10 years for an organization that has deployed agentic AI in production SOC operations without least-privilege controls and agent-specific monitoring in place
Annualized: illustrative ALE $50K–$1M depending on deployment maturity and control posture — wide range reflects high uncertainty in both frequency and containment effectiveness
Basis: Loss magnitude driven by: (1) broad permission inheritance across 1,800+ applications raising potential data exposure scope; (2) forensic complexity of reconstructing autonomous agent action chains; (3) regulatory exposure if agent actions touch PII or regulated data stores. Frequency driven by: early-stage governance maturity across the industry for agentic deployments, known adversarial interest in AI-enabled security tooling, and structural absence of agent-specific detection coverage in most current SOC environments. No external loss databases cited — derivation is methodological.
Illustrative estimate — not actuarially derived.
Insurance / Contractual / Legal — Potential Obligations
Potential triggers, not legal determinations. Verify with counsel/broker before acting.
• Agent-executed exfiltration of customer, employee, or investigation data may invoke state and federal breach-notification obligations — verify with counsel.
• Autonomous modification of security configurations by a compromised agent may constitute a covered security failure event under cyber-insurance policy definitions — verify with broker whether agentic AI actions fall within policy scope and whether AI-specific exclusions apply.
• Participation in the OpenAI TAC program and data flows between Falcon and OpenAI infrastructure may implicate data processing agreement obligations and cross-vendor liability clauses — verify with counsel and review current DPA terms with both vendors.
