Eric DeGrass
October 16th, 2025
AI agents are now embedded across virtually every major enterprise platform. Agents plan, act, and decide on a wholly different scale than traditional enterprise operational automation. This shift to Agentic AI not only introduces new classes of software flaws, but it can also raise the impact of existing flaws whose severity was inhibited through human interaction.
As with traditional software operations, Agentic AI security vulnerabilities are heavily monitored, and scored through existing public registries. And, as is typically the case, non-security defects do not get the same careful handling even though they can disrupt operations just as severely.
An agent that stops responding, misinterprets an instruction, or fails to execute a workflow can halt business processes or introduce errors at scale. These are not exploits, they are flaws, and they can cause material harm.
For clarity:
Security defects expose systems to attack or data loss.
Non-security defects cause instability, inaccuracy, or failure to perform as intended. These can result in system outages or even follow-on security breaches when bad actors opportunistically exploit those disruptions.
In an agentic environment, non-security defects take on new significance.
The first two are non-security, and only the final category is a classic CVE.
Category | Description | Example | Risk Type |
Agent-Specific Defects | Bugs that only appear when an agent is active or orchestrating actions. | ServiceNow agents that stop working without explanation during testing. | Non-Security |
Existing Defects with New Risk Profiles | Known bugs become more severe because agents rely on them. | MongoDB or VMware operational bugs that block agent-driven tasks. | Context-Dependent |
Agent-Unique Security Vulnerabilities | Exploits that target how agents process natural language or external prompts. | Microsoft “EchoLeak” and Salesforce “ForcedLeak” prompt injection flaws. | Security |
The following vendors are all being tracked by BugZero’s ODD (Operational Defect Database) and all have active AI agent initiatives, either embedded in their platforms or offered as companion modules.
Vendor | Agent Capability Summary |
Microsoft | Copilot agents operate across 365, Azure, and Dynamics, automating tasks once handled manually. |
ServiceNow | Now Assist agents orchestrate multi-step workflows and decisions within the platform. |
Red Hat | OpenShift AI integrates agents into container orchestration and monitoring pipelines. |
VMware | Private AI Services and Agent Builder frameworks add autonomous workload management. |
MongoDB | Agents use MongoDB as a backend for learning and memory persistence. |
HPE | Agentless Management and GreenLake AI monitor and optimize hybrid infrastructure. |
F5 | AI-enabled agents manage observability and application delivery operations. |
Cisco, Palo Alto, Fortinet, Check Point, and others | Incorporate AI agents for network analysis, policy enforcement, and automation. |
Dell, Xerox, Veeam, Terraform, and Citrix | Integrating agent-driven capabilities into core service management and orchestration layers. |
AI agents magnify the importance of operational stability. A defect that once affected a single user session can now cascade through automated workflows. A configuration issue that once required manual correction can now replicate itself through agent-led actions.
This evolution creates two immediate priorities for IT and risk leaders:
Reassess existing defect risks in the context of AI agents. A low-priority bug may now pose systemic risk when an agent depends on it.
Track agent-specific operational defects as a distinct category. These issues are often non-security in nature but can have security-like consequences in scale and impact.
BugZero has long emphasized the importance of tracking non-security operational defects across third-party software. The arrival of AI agents makes that mission even more urgent. Every vendor is now in the agentic AI business, and every operational defect has the potential to ripple through an autonomous system.
Regardless as to how aggressive your organization has chosen to pursue Agentic AI, your critical vendors are refactoring their platforms for “native Agentic AI support.” Prepare your organization by taking the following steps:
Reassess the risk ratings and mitigation workflows currently in place for software likely to be activated through Agents.
Create an appropriate risk rating framework for Agent-specific defects that reflect your organization’s appetite for risk and operational exposure.
Contact BugZero to automate and operationalize this essential step on your organization’s road to AI onboarding.
1. Why do AI agents change how I should think about software defects? AI agents act autonomously, chaining decisions and actions without direct human intervention. This amplifies the consequences of existing bugs and exposes new failure modes that were previously mitigated by human oversight.
2. What is the difference between a security defect and a non-security defect in Agentic AI? Security defects expose systems to attack or data loss, while non-security defects disrupt operations, accuracy, or reliability. In agentic environments, non-security flaws can trigger widespread outages or unintended behaviors at scale, even without a security breach.
3. Are these agent-related issues already appearing in enterprise software? Yes. Vendors such as Microsoft, ServiceNow, Red Hat, and VMware have all reported operational or functional issues tied to agent behavior. These are not hypothetical problems—they are live operational defects affecting production systems.
4. Why should I re-evaluate existing bugs for agent relevance? A flaw once rated as “low impact” may become high risk if an AI agent depends on the affected component. BugZero recommends reassessing risk ratings and mitigation workflows to account for the new exposure created by agent-driven operations.
5. How can organizations prepare for this new class of risk? Track agent-specific defects as their own category, update operational risk frameworks to reflect agent dependencies, and use automated solutions like BugZero’s Operational Defect Database (ODD) to identify and manage both existing and emerging non-security defects.
Eric DeGrass
October 16th, 2025
Eric DeGrass
September 24th, 2025
Eric DeGrass
September 16th, 2025
Sign up to receive a monthly email with stories and guidance on getting proactive with vendor risk
BugZero requires your corporate email address to provide you with updates and insights about the BugZero solution, Operational Defect Database (ODD), and other IT Operational Resilience matters. As fellow IT people, we hate spam too. We prioritize the security of your personal information and will only reach out only once a month with pertinent and valuable content.
You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.