As more companies are integrating Agentic AI, with claims of ‘agentic era,’ are needs to be taken with the issue of cybersecurity otherwise this phase of AI could open a door to criminals to strike at businesses.
“Using an experimental agentic AI to book your vacation is the digital equivalent of handing your unlocked phone and wallet to a stranger on the street holding a sign that says, ‘I’m good at finding cheap flights. “Would you trust that random guy? I certainly wouldn’t,” Miguel Fornes, Information Security Manager at Surfshark tells Digital Journal.
Agentic AI is scaling faster than trust, accountability, and consumer awareness. However, the unprecedented acceleration of agentic AI is now entering a new and potentially risky phase: agentic commerce, often marketed as agentic shopping.
Fornes explains: “We are witnessing the largest technological war humanity has ever seen unfold right before our eyes. In 2025, more money and resources were poured into AI-related ventures than the U.S. and the USSR spent during the entire space race that culminated in Apollo 11 landing on the Moon…The difference is that this time, the battlefield is the consumer’s browser, inbox, and bank account.”
The misleading promise of ‘personal assistants’
AI-generated bots and deepfakes are already flooding the internet—sometimes merely annoying, but increasingly dangerous when exploited by cybercriminals. Agentic AI systems dramatically amplify this risk by automating the entire process end-to-end.
“Imagine a tool that doesn’t just write a spam email,” says Fornes, “but also creates a fake profile, chats convincingly in real time, and carries out online banking operations—all without a human ever touching a keyboard.”
Unlike traditional AI assistants that respond to prompts, agentic systems are designed to act independently: browsing websites, logging into accounts, making decisions, and executing transactions.
As competition intensifies, tech companies are racing to release agentic tools at exceptionally low cost—or free—often branding them as personal assistants for everyone.
Opening the door to private life
“A human executive assistant is vetted, trusted, and—most importantly—can be sued if they steal your identity.” Fornes observes. Agentic AI systems, by contrast, operate without legal liability, moral judgment, or contextual understanding.
“Using an experimental agentic AI to book your vacation is the digital equivalent of handing your unlocked phone and wallet to a stranger on the street holding a sign that says, ‘I’m good at finding cheap flights,’” Fornes clarifies. “Would you trust that random guy? I certainly wouldn’t.”
While often described as productivity tools, agentic AI systems are fundamentally different in nature. They are capable of executing actions across personal devices and accounts—sometimes with unintended consequences.
“Agentic AI is not just a tool—it’s an extremely sharp and powerful one,” Fornes warns. “If you give it unrestricted access to your computer to ‘optimize your workflow,’ you might come back to find it deleted your family photos to save space, because technically, it did optimize your storage.”
Unlike human assistants, these systems cannot reliably distinguish between sensitive, personal, or irreversible actions. In effect, consumers are unknowingly testing experimental autonomous systems on their real lives: “You are essentially beta-testing extremely powerful technology with your actual life,” Fornes cautions.
Many agentic shopping and productivity tools require deep access to emails, calendars, browsers, and financial services. While marketed as convenience, this level of access introduces significant privacy risks.
“When you ask an agentic AI to handle your emails or manage your calendar, you’re opening the front door to your private life,” Fornes notes.
Despite rapid deployment, agentic AI systems remain prone to hallucinations and lack enforceable boundaries—raising concerns among privacy and security experts.
“Until this technology stops hallucinating and starts understanding boundaries,” Fornes concludes, “using it for critical tasks is like playing Russian roulette with your privacy settings.”
