As AI agents spread, security firms are finding it increasingly difficult to detect and respond to cases where AI is being misused.

According to a recent Semafor report, security companies have addressed fraud by detecting AI in phone and video calls and automatically blocking requests such as fund transfers or information sharing. They only had to confirm the other party was a machine.

But the situation changed with the arrival of personal AI agents. Agents now actually handle tasks on users' behalf, such as paying tuition, collecting health information and processing sensitive documents.

For security firms responsible for corporate, hospital and bank security, simply determining whether something is AI is no longer enough. The key is distinguishing whether a bot is malicious.

Cases are also emerging in which agents that initially operate without major issues turn into fraud tools when users loosen their controls. Security companies are in a situation where they must adapt to threats in real time, Semafor reported.

Vijay Balasubramaniyan (비제이 발라수브라마니얀), chief executive of deepfake detection company Findrop, said, "The binary decision of whether to grant an agent access is over." He said, "Agents claim identities on behalf of humans or institutions, or act entirely independently, so now we need to judge on a spectrum."

Findrop said it is developing tools to distinguish normal users, bots and malicious bots, but did not disclose details.