* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [AI](https://www2.paloaltonetworks.com/blog/category/ai-2/?lang=zh-hant)
* 自主且具備憑證：AI 代理人正成為下一波雲端風險...

# 自主且具備憑證：AI 代理人正成為下一波雲端風險

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2025%2F10%2Fai-agents-cloud-risks%2F%3Flang%3Dzh-hant)  
[](https://twitter.com/share?text=%E8%87%AA%E4%B8%BB%E4%B8%94%E5%85%B7%E5%82%99%E6%86%91%E8%AD%89%EF%BC%9AAI+%E4%BB%A3%E7%90%86%E4%BA%BA%E6%AD%A3%E6%88%90%E7%82%BA%E4%B8%8B%E4%B8%80%E6%B3%A2%E9%9B%B2%E7%AB%AF%E9%A2%A8%E9%9A%AA&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2025%2F10%2Fai-agents-cloud-risks%2F%3Flang%3Dzh-hant)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2025%2F10%2Fai-agents-cloud-risks%2F%3Flang%3Dzh-hant&title=%E8%87%AA%E4%B8%BB%E4%B8%94%E5%85%B7%E5%82%99%E6%86%91%E8%AD%89%EF%BC%9AAI+%E4%BB%A3%E7%90%86%E4%BA%BA%E6%AD%A3%E6%88%90%E7%82%BA%E4%B8%8B%E4%B8%80%E6%B3%A2%E9%9B%B2%E7%AB%AF%E9%A2%A8%E9%9A%AA&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2025/10/ai-agents-cloud-risks/?lang=zh-hant&ts=markdown)  
\[\](mailto:?subject=自主且具備憑證：AI 代理人正成為下一波雲端風險)  
Link copied  
By [Anton Widodo](https://www.paloaltonetworks.com/blog/author/anton-widodo/?lang=zh-hant&ts=markdown "Posts by Anton Widodo")  
Oct 14, 2025  
1 minutes  
[AI](https://www.paloaltonetworks.com/blog/category/ai-2/?lang=zh-hant&ts=markdown)  
[Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-3/?lang=zh-hant&ts=markdown)

AI 代理人無法像人類那樣充分理解語境、意圖與後果，這使它們特別容易成為欺騙、操控與脅迫的對象。Anthropic 資訊安全長（CISO）於今年四月提出一項引人注目的預測：未來一年內，搭載 AI 的虛擬員工將具備企業憑證，在組織中正式上線運作。這些 AI 代理人不再只是輔助工具，而將真正融入企業團隊，成為工作流程中的一員。

從商業角度來看，導入 AI 代理人具有明確的價值主張：它們帶來可擴展的自動化、降低人力成本，並具備不知疲倦的高效生產力。Salesforce 已率先實現這一願景，近期[推出](https://urldefense.proofpoint.com/v2/url?u=https-3A__venturebeat.com_ai_salesforce-2Djust-2Dunveiled-2Dai-2Ddigital-2Dteammates-2Din-2Dslack-2Dand-2Dtheyre-2Dcoming-2Dfor-2Dmicrosoft-2Dcopilot&d=DwMFog&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=rlV3QLKXfVd47fRPwA7WrCCSjqFsgIzvhSPB3-jJ4YQ&m=ypd24zBEALPeRbJYQrpm7ymyn3akNKFR4Iqer586mYxGBU4abqIx3sNqt63M3-mC&s=eM2WlmJp9wXoWDHgU8Yt_Zb0M8OeIDyasC0W7d5Ucjc&e=)了 AI「數位工作夥伴」。預估在未來兩年內，AI 代理人的部署將成長高達 [327%](https://urldefense.proofpoint.com/v2/url?u=https-3A__www.zdnet.com_article_ai-2Dagent-2Ddeployments-2Dwill-2Dgrow-2D327-2Dduring-2Dthe-2Dnext-2Dtwo-2Dyears-2Dheres-2Dwhat-2Dto-2Ddo-2Dnow_&d=DwMFog&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=rlV3QLKXfVd47fRPwA7WrCCSjqFsgIzvhSPB3-jJ4YQ&m=ypd24zBEALPeRbJYQrpm7ymyn3akNKFR4Iqer586mYxGBU4abqIx3sNqt63M3-mC&s=khBFoj8gWPwnrpg3rR12bgTkUoLmasQ5ffR4SkMK7DA&e=)。然而，從資安的角度來看，這場轉型是創新與風險交織的劇變。我們現在賦予的不只是系統存取權限，而是身分、自治能力與決策權限---這徹底改變了企業對於安全防護的思維模式與策略。

**自主、具憑證，卻也脆弱**

我們必須說清楚：這些 AI 代理人已不再是傳統意義上的工具。與傳統的自動化腳本或服務帳號不同，AI 代理人以企業憑證登入，以驗證過的使用者身分行動，能夠自主決策、與系統及資料互動，甚至執行某些高敏感性任務。換句話說，它們擁有與人類員工相同的存取權限，而其所帶來的風險，也可與真實員工相提並論。

然而，與人類不同的是，AI 代理人無法像我們一樣理解語境、意圖或行為後果。它們可能因為遭遇[提示注入](https://unit42.paloaltonetworks.com/new-frontier-of-genai-threats-a-comprehensive-guide-to-prompt-attacks/)（Prompt Injection）或對抗性輸入（Adversarial Inputs）等技術手法而被誤導、操控甚至脅迫。長久以來，資安領域普遍認為人類是防線中最脆弱的一環------社交工程與網路釣魚攻擊正是利用人類心理弱點。然而，AI 代理人的出現，則讓攻擊者瞄準了更為脆弱的新目標：這些代理人傾向於字面理解指令、不會主動求助 IT 支援，且以機器速度執行任務。一旦遭到入侵，這類 AI 代理人可能成為潛藏於企業環境深處的高頻寬且持續性的攻擊管道，大幅擴大企業的攻擊面與風險暴露範圍。

**在** **AI** **時代重新思考資安防護**

傳統的資安工具設計是圍繞人類行為模式而建構，例如登入機制、密碼保護、權限控管等。然而，當「AI 員工」出現，這些根本假設正逐步被打破。目前在雲端環境中，非人類身份帳號數量早已遠超人類使用者，並快速成為主導力量。這代表資安策略必須從根本重新思考，不再只聚焦於人類使用者，而是全面納入這些擁有自主行為與身分憑證的 AI 實體。

隨著企業對雲端技術的投資持續飆升，AI 已[成為](https://urldefense.proofpoint.com/v2/url?u=https-3A__www.pwc.com_us_en_tech-2Deffect_cloud_cloud-2Dai-2Dbusiness-2Dsurvey.html&d=DwMFog&c=V9IgWpI5PvzTw83UyHGVSoW3Uc1MFWe5J8PTfkrzVSo&r=rlV3QLKXfVd47fRPwA7WrCCSjqFsgIzvhSPB3-jJ4YQ&m=ypd24zBEALPeRbJYQrpm7ymyn3akNKFR4Iqer586mYxGBU4abqIx3sNqt63M3-mC&s=SGX58K9cwxYApWb7f3cwv5UOCHQuKL3w6vwFE1IyHuU&e=)最主要的成長驅動力，大量 AI 代理人也隨之部署於雲端環境之中。在這樣的發展趨勢下，企業必須迎接AI 安全的新時代，並採用能夠全面保障 AI 能力的現代化資安工具，特別針對以下關鍵問題提出解方：

* AI 代理人在企業內部究竟擁有哪些自主性與決策權限？
* 如何持續監控其權限活動，並即時偵測異常行為？
* 這些代理人是否可能遭到提示注入（Prompt Injection）或對抗性輸入（Adversarial Input）等手法攻破或「越獄」？
* AI 代理人所接受的訓練數據來源是什麼？是否涉及敏感或機密資訊？

**下一波「內部威脅」：** **AI** **代理人**

AI 的導入，正為企業應用堆疊引入一系列尚未成熟的全新元素------包括基礎設施、模型、資料集、工具與外掛模組。而如今，隨著 AI 代理人（AI agents）的問世，這波創新正在進一步加速。與傳統的大型語言模型（LLMs）不同，AI 代理人具備推理能力、自主執行行動，甚至能與其他代理人協作。它們擁有持續性的系統存取權限，不會休眠、不請假，並且能大規模部署於企業各部門。這不僅大幅提升效率，同時也讓企業環境變得更為複雜，帶來全新的資安挑戰。一旦遭到入侵，單一 AI 代理人所造成的破壞，可能在數分鐘內超越惡意內部人員數月才能完成的攻擊規模。AI 的效能雖令人期待，但若無完善的安全機制，亦可能成為企業內部最具威脅性的來源。

AI 員工有可能很快成為甚至超越內部人員，成為企業最危險的威脅來源。資安組織 OWASP 最近發布了《Agentic AI 威脅與緩解指南》，揭示了包括提示注入（prompt injection）、工具濫用、身份偽造等新興攻擊手法。此外，Palo Alto Networks威脅情報小組[Unit 42](https://unit42.paloaltonetworks.com/agentic-ai-threats/) 的最新報告指出，提示注入仍是最具威力且多樣化的攻擊向量之一，攻擊者可藉此洩漏敏感資料、濫用系統工具，甚至顛覆 AI 代理人的行為。

我們多年來致力於構築以人為核心的防禦體系，現在必須以同等甚至更嚴謹的標準，來面對那些以我們名義行動的機器。

**採取行動**

Palo Alto Networks 最近推出了[Prisma AI Runtime Security (AIRS)](https://www.paloaltonetworks.tw/prisma/prisma-ai-runtime-security)，旨在幫助企業「發現、評估並保護環境中的每一個 AI 應用、模型、資料集與代理人」。透過 Prisma AIRS，企業將獲得一個全面的平台，提供：

* AI 模型掃描 --- 安全採用 AI 模型，並掃描漏洞。保護您的 AI 生態系，防範模型篡改、惡意腳本及反序列化攻擊等風險。
* [AI 安全態勢管理](https://www.paloaltonetworks.com/prisma/cloud/ai-spm) --- 深入了解您的 AI 生態系所面臨的安全風險，例如過度權限、敏感資料暴露、平台配置錯誤、存取錯誤配置等。
* AI 紅隊測試 --- 在惡意攻擊者行動之前，揭露潛在風險與隱藏威脅。使用我們的紅隊代理人，對 AI 應用與模型進行自動化滲透測試，模擬真實攻擊者的學習與適應行為。
* 運行階段安全防護 --- 保護基於大型語言模型（LLM）的 AI 應用、模型與資料，防範提示注入、惡意代碼、毒性內容、敏感資料外洩、資源過載、幻覺等運行時威脅。
* AI 代理人安全 --- 保障代理人（包含基於無碼/低碼平台所構建者）免受新型代理威脅，如身份冒用、記憶操控及工具濫用等攻擊手法。

隨著 AI 改變企業運作模式及攻擊手法，Prisma AIRS 同樣迅速演進。企業可以憑藉 Prisma AIRS，自信擁抱 AI 的未來。

更多詳見 [Palo Alto Networks Prisma AIRS](https://www.paloaltonetworks.tw/prisma/prisma-ai-runtime-security)------全球最全面的 AI 安全平台，如何協助組織保障所有 AI 應用、代理人、模型及資料的安全。

*** ** * ** ***

## Related Blogs

### [AI](https://www.paloaltonetworks.com/blog/category/ai-2/?lang=zh-hant&ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement-zh-hant/?lang=zh-hant&ts=markdown)

[#### 利用 Palo Alto Networks 和 NVIDIA 保護 AI 工廠安全](https://www2.paloaltonetworks.com/blog/2025/10/secure-ai-factory-palo-alto-networks-nvidia/?lang=zh-hant)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language