AI Agents Increase Insider Data-Exfiltration Risk

Security firm DTEX warned that agentic AI tools embedded in enterprise systems can enable insiders to exfiltrate data in as little as 10 to 30 minutes, according to research reported by CyberScoop. DTEX researchers demonstrated that simple prompts to Anthropic's Claude Cowork agent could summarize Salesforce records into an email draft and archive and transfer files, compressing the operational kill chain from roughly two hours six months ago. The finding matters because AI-driven workflows collapse the window defenders have to detect and respond to insider data theft.

AI Agents Increase Insider Data-Exfiltration Risk Security firm DTEX has highlighted how agentic AI tools embedded in enterprise systems can let insiders exfiltrate data far faster than traditional methods, in research reported by CyberScoop . Per that reporting, DTEX researchers examined deployments of Anthropic's Claude Cowork agent, including a remote-control feature for unattended tasks and a connector that reaches Salesforce data, and demonstrated that simple prompts could summarize records into an email draft and archive and transfer files. DTEX's Alex Desmond, director of insider threat intelligence and innovation, said the operational kill chain for such actions has compressed from roughly a couple of hours six months ago to as little as 10 to 30 minutes , depending on the task. DTEX's own published research describes the same dynamic: when an AI agent can access sensitive data, ingest untrusted content, and communicate externally in one workflow, it collapses the window defenders have to detect and respond. What happened Security firm DTEX , in research reported by CyberScoop , warns that agentic AI integrations in everyday enterprise tools can enable rapid, insider-driven data exfiltration. According to that reporting, DTEX examined deployments of Anthropic's Claude Cowork agent, including a remote-control capability that relays commands to a desktop agent for unattended tasks and a connector that reaches Salesforce data. In the scenarios described, single prompts were enough to have the agent summarize records into an email draft and to archive selected files and move them out through the agent, with setup and execution taking only minutes. The shrinking kill chain CyberScoop reported that DTEX's Alex Desmond, director of insider threat intelligence and innovation, described the operational kill chain for such actions compressing from roughly a couple of hours six months earlier to as little as 10 to 30 minutes, depending on the task. The claim aligns with DTEX's broader published position that AI-driven workflows compress attacker and insider timelines from hours to minutes, leaving far less room for detection and response. Technical context DTEX's own research describes the underlying risk pattern. In its analysis of the 'lethal trifecta' of AI agents, DTEX notes that danger arises when a single agentic workflow combines three capabilities: access to sensitive data, exposure to untrusted content, and the ability to communicate externally. Separately, DTEX advisories on endpoint-based agents document how locally executed AI agents can read files, run commands, reach external services, and operate without continuous human interaction, sometimes driven through personal channels. Agentic features that bridge personal endpoints, desktops, and SaaS platforms expand the number of control flows security teams must monitor. Editorial analysis For practitioners, the core challenge is attribution and speed. When automation moves data along an agent's normal, sanctioned paths, the activity can resemble routine work, weakening detection signals that rely on anomalous manual transfers. Short execution windows further compress the time available to intervene. What to watch Industry observers will likely track whether other enterprise agent frameworks expose similar remote-control or third-party-connector paths; vendor guidance or controls addressing connector-level data access; and detection telemetry capable of flagging short, automated exfiltration sequences that originate from agent workflows rather than manual user activity. Scoring Rationale The story highlights a concrete, reproducible insider-exfiltration risk from enterprise AI agents that shortens detection windows, which is material for security teams and platform operators. The finding is notable but not yet a systemic industry failure, placing it in the 'major' relevance range for practitioners. Practice interview problems based on real data 1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with. Try 250 free problems /problems