{"id":2910,"date":"2026-03-27T04:48:00","date_gmt":"2026-03-27T11:48:00","guid":{"rendered":"https:\/\/www.wiki-living.com\/index.php\/2026\/03\/27\/mobile-app-traffic-your-security-team-cant-see-and-ai-agents-generate-it\/"},"modified":"2026-03-27T10:41:14","modified_gmt":"2026-03-27T17:41:14","slug":"mobile-app-traffic-your-security-team-cant-see-and-ai-agents-generate-it","status":"publish","type":"post","link":"https:\/\/www.wiki-living.com\/index.php\/2026\/03\/27\/mobile-app-traffic-your-security-team-cant-see-and-ai-agents-generate-it\/","title":{"rendered":"Mobile app traffic your security team can&#8217;t see &#8211; and AI agents generate it"},"content":{"rendered":"\n<div id=\"article-body\">\n<p id=\"f6cd142a-5438-4133-a4f5-b96986d2b6d1\">AI agents don&#8217;t knock before entering. They write code, trigger workflows, and call production APIs directly &#8211; and in most organizations, no one on the security team knows you&#8217;re there.<\/p>\n<p>This is not a future risk. A recent survey found that 48% of security professionals already expect agent AI to be the leading attack vector by the end of the year, putting it ahead of deepfakes and all other threats on the list.<\/p>\n<aside data-block-type=\"embed\" data-render-type=\"fte\" data-skip=\"dealsy\" data-widget-type=\"seasonal\" class=\"hawk-root\"\/>\n<p id=\"f6cd142a-5438-4133-a4f5-b96986d2b6d1-2\">The speed of delivery makes it worse. When Moltbot &#8211; an open-source AI tool &#8211; went live, it connected 150,000 independent agents to a shared network almost overnight.<\/p>\n<p><span class=\"article-continues-below block py-2 text-sm\">The article continues below <svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\" class=\"inline-block w-2.5 h-2.5 ml-2\" fill=\"currentColor\" preserveaspectratio=\"xMidYMid meet\" viewbox=\"0 0 1000 1000\"><path d=\"M1000 100L500 900 0 100h1000z\"\/><\/svg><\/span><\/p>\n<aside data-component-name=\"Recirculation:ArticleRiver\" data-recirculation-type=\"inline\" data-mrf-recirculation=\"Trending Bar\" data-nosnippet=\"\" class=\"clear-both pb-0 pt-2 mb-4\">\n        <span class=\"&#10;            flex&#10;            after:content-[''] after:flex-1 after:ml-4 after:my-[0.7rem] after:border-t after:border-solid after:border-t-[#ccc]&#10;            before:content-[''] before:flex-1 before:mr-4 before:my-[0.7rem] before:border-t before:border-solid before:border-t-[#ccc]&#10;            font-article-heading pb-0 !text-base uppercase sm:text-sm font-bold&#10;        \"><\/p>\n<p>            You might like it<br \/>\n        <\/span><\/p>\n<\/aside>\n<div id=\"slice-container-person-aGfJpdWHwhjg8aW92JbfPR-FTEDZ0eLw8byXbmj1DvSIZmOBe6vQXUl\" class=\"slice-container person-wrapper person-aGfJpdWHwhjg8aW92JbfPR-FTEDZ0eLw8byXbmj1DvSIZmOBe6vQXUl slice-container-person\">\n<div class=\"person person--separator\">\n<div class=\"person__heading\">\n<div class=\"person__name-socials\"><span class=\"person__name\">Harshit Agarwal<\/span><\/p>\n<nav class=\"button-social-group person__social-buttons\" aria-labelledby=\"button-social-group- person__social-buttons\">\n<p>Navigating Social Links<\/p>\n<p><span class=\"button-social__icon button-social__icon-website\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"icon-website\" viewbox=\"0 0 1000 1000\"><path d=\"M1000 500A501 501 0 0 0 503 0h-6A501 501 0 0 0 0 500c0 275 223 499 498 500h4a501 501 0 0 0 498-500zM529 936V765h133c-31 90-79 154-133 171zM337 765h134v171c-54-17-101-81-134-171zM61 539h176a899 899 0 0 0 22 167H110a439 439 0 0 1-49-166zM471 64v191H331c31-101 82-173 140-191zm199 191H529V64c58 18 109 90 140 191zm270 226H763c-1-59-7-115-18-167h155a438 438 0 0 1 40 167zm-235 0H529V314h156a857 857 0 0 1 19 167zM471 314v167H296a859 859 0 0 1 19-167h156zM237 481H60a438 438 0 0 1 41-167h154a921 921 0 0 0-18 167zm59 58h175v167H320a837 837 0 0 1-24-166zm233 167V539h175a831 831 0 0 1-24 167H529zm234-166h176a436 436 0 0 1-49 166H741a893 893 0 0 0 22-166zm104-285H731c-20-68-47-126-81-169a443 443 0 0 1 217 169zM350 86c-33 43-61 101-81 169H133A443 443 0 0 1 350 86zM148 765h127c20 59 45 110 75 150a442 442 0 0 1-202-150zm502 150c30-39 56-91 75-150h127a442 442 0 0 1-202 150z\"\/><\/svg><\/span><\/nav>\n<\/div>\n<aside class=\"person__role\"\/><\/div>\n<div class=\"person__bio\">\n<p>CEO and founder of Appknox.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<p id=\"71120753-60ce-4bb6-8c1c-ad30dfeb9091\">Security researchers have flagged it as a blueprint for what unregulated agent access looks like at scale: exposure of private data, external communication channels, and delayed execution attacks bundled into seemingly innocuous inputs.<\/p>\n<p>That management gap between what AI agents can access and what cyber security teams can monitor is actually where the attack surface grows.<\/p>\n<h2 id=\"the-traffic-your-analytics-will-never-show-3\">Traffic Your Stats Won&#8217;t Show<\/h2>\n<p id=\"17e765d4-bc46-4582-8bad-4083b821776b\">Mobile APIs are often built on the assumption that the entity making the requests is the person using your app. Validation logic, rate limiting, and time monitoring are all designed into that mental model. However, AI agents are breaking that assumption.<\/p>\n<p>Agents bypass the UI layer entirely. They interact directly with APIs, which operate without the behavioral constraints created by human users. That means they don&#8217;t generate session data, navigation patterns, or interaction signals that analytics tools use to establish trends. Their traffic appears legitimate at the API level. It usually doesn&#8217;t appear in the log that security teams are actually monitoring them.<\/p>\n<div id=\"slice-container-newsletterForm-articleInbodyContent-aGfJpdWHwhjg8aW92JbfPR\" class=\"slice-container newsletter-inbodyContent-slice newsletterForm-articleInbodyContent-aGfJpdWHwhjg8aW92JbfPR slice-container-newsletterForm\">\n<div data-hydrate=\"true\" class=\"newsletter-form__wrapper newsletter-form__wrapper--inbodyContent\">\n<div class=\"newsletter-form__container\">\n<section class=\"newsletter-form__top-bar\"\/>\n<section class=\"newsletter-form__main-section\">\n<p class=\"newsletter-form__strapline\">Sign up for the TechRadar Pro newsletter to get all the top news, ideas, features and guidance your business needs to succeed!<\/p>\n<\/section>\n<\/div>\n<\/div>\n<\/div>\n<p>And the problem is growing fast. Non-human identities \u2013 service accounts, API keys, automation tools, AI agents \u2013 now outnumber human users by as much as 50 to 1, but most operate without any governance lifecycle. There is no clear owner. There is no expiration date. There is no monitoring. The identities that drive most of the API work are the ones that have little visibility attached to them.<\/p>\n<p>Moltbot put a face on the threat. Palo Alto Networks identified rapid injection attacks hidden within plain content, instructions that silently directed agents to leak confidential data or create delayed payloads from inputs that looked harmless when they arrived. No warnings, no distractions, just an agent doing what he&#8217;s told.<\/p>\n<h2 id=\"how-developers-are-inadvertently-opening-the-door-3\">How Engineers Unwittingly Open the Door<\/h2>\n<p id=\"198dba10-b681-4edc-8f92-143c6a81349e\">AI agents hit the mud before security teams even know they&#8217;re there. The adoption of Shadow AI and the rapid, often untested integration of open source MCP (Model Context Protocol) servers into the development workflow means that deployments are outpacing oversight by a wide margin.<\/p>\n<aside data-component-name=\"Recirculation:ArticleRiver\" data-recirculation-type=\"inline\" data-mrf-recirculation=\"Trending Bar\" data-nosnippet=\"\" class=\"clear-both pb-0 pt-2 mb-4\">\n        <span class=\"&#10;            flex&#10;            after:content-[''] after:flex-1 after:ml-4 after:my-[0.7rem] after:border-t after:border-solid after:border-t-[#ccc]&#10;            before:content-[''] before:flex-1 before:mr-4 before:my-[0.7rem] before:border-t before:border-solid before:border-t-[#ccc]&#10;            font-article-heading pb-0 !text-base uppercase sm:text-sm font-bold&#10;        \"><\/p>\n<p>            What you can read next<br \/>\n        <\/span><\/p>\n<\/aside>\n<p>Agents need broad access to work, and once that access is granted, it is almost never updated or restricted after deployment. An agent provisioned for a single task ends up having access to more than that task requires.<\/p>\n<p>The code itself carries risk, too. Written AI code can pass each check and be vulnerable because errors lie in the way its components interact at runtime. Logical errors occur in the spaces between programs, not within them.<\/p>\n<p>Third-party integration increases additional exposure. Agents interact with payment APIs, analytics, and messaging under the same unexamined assumptions of trust that already make external communications a legal liability, responsible for 35% of common security breaches.<\/p>\n<p>The Deepseek Android app puts a face to this. It&#8217;s exactly the kind of product you&#8217;d expect to have its security in order. It didn&#8217;t happen. Six vulnerabilities &#8211; insecure network configuration and lack of SSL authentication among them &#8211; were discovered in the leading AI application. The same categories of risk that AI tools should eliminate.<\/p>\n<h2 id=\"what-governing-ai-agents-actually-requires-3\">What AI Governing Agents Really Need<\/h2>\n<p id=\"8d045d9d-0e92-4cca-a4a2-7569b865d48b\">The first point is to accept that point-in-time testing does not work for agents. They work continuously and dynamically, so a static snapshot of their behavior tells you almost nothing about what they do an hour later. A traditional pentest captures a moment in time. Agents create danger in every moment after it. Security should match that cadence.<\/p>\n<p>From there, check the permissions. Least privilege is not a rule reserved for human users. It applies to all non-humans in your area. The scope agent is robust from the start, and builds in a review process that doesn&#8217;t rely on someone remembering to do it manually.<\/p>\n<p>Vigilance needs to evolve, too. Volume-based anomaly detection misses many abuses by agents. What matters are behavioral patterns, such as unusual API call sequences, unexpected combinations of data access, and combinations firing outside normal parameters.<\/p>\n<p>And because agents operate at machine speed, human-reviewed monitoring alone will not catch up in time. Automated authentication, where AI continuously scans your site in the same way as a malicious agent, is what closes that gap.<\/p>\n<p>The same concept applies within the development pipeline. Security checkpoints need to be embedded in CI\/CD so that AI-written or AI-enabled code is validated before it reaches production, not after.<\/p>\n<p>Finally, treat agents as their own identity class. They are not users, and they are not ordinary software. They need the same administrative rigor applied to third-party APIs and external integrations, which many organizations are still working to get right.<\/p>\n<p>AI agents don&#8217;t go away. The groups they dominate will be better than those they treat as passive tools. Bridging the gap between access and oversight is a workflow decision as a safeguard.<\/p>\n<p id=\"90731373-ab3b-47c2-a4ef-3c32d78fc620\"><em\/><em>Check out our list of the best storage security software<\/em><em>.<\/em><\/p>\n<\/div>\n\n","protected":false},"excerpt":{"rendered":"<p>AI agents don&#8217;t knock before entering. They write code, trigger workflows, and call production APIs directly &#8211; and in most organizations, no one on the security team knows you&#8217;re there. This is not a future risk. A recent survey found that 48% of security professionals already expect agent AI to be the leading attack vector [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2911,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[],"class_list":{"0":"post-2910","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-smart-home-gadgets"},"_links":{"self":[{"href":"https:\/\/www.wiki-living.com\/index.php\/wp-json\/wp\/v2\/posts\/2910","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wiki-living.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wiki-living.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wiki-living.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wiki-living.com\/index.php\/wp-json\/wp\/v2\/comments?post=2910"}],"version-history":[{"count":1,"href":"https:\/\/www.wiki-living.com\/index.php\/wp-json\/wp\/v2\/posts\/2910\/revisions"}],"predecessor-version":[{"id":2912,"href":"https:\/\/www.wiki-living.com\/index.php\/wp-json\/wp\/v2\/posts\/2910\/revisions\/2912"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.wiki-living.com\/index.php\/wp-json\/wp\/v2\/media\/2911"}],"wp:attachment":[{"href":"https:\/\/www.wiki-living.com\/index.php\/wp-json\/wp\/v2\/media?parent=2910"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wiki-living.com\/index.php\/wp-json\/wp\/v2\/categories?post=2910"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wiki-living.com\/index.php\/wp-json\/wp\/v2\/tags?post=2910"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}