We’re In the Windows 95 Era of AI Agent Security
Source: https://www.honeycomb.io/blog/windows-95-era-of-ai-agent-security Author: Steve Newman Date: 2025-09-17
Summary
Steve Newman argues that AI agent security is at the “Windows 95 era” — the point where capability has outrun security design, but the ecosystem hasn’t yet built in security primitives. Analogous to early Windows: powerful, widely adopted, fundamentally insecure by design.
Key Claims
- The analogy: Windows 95 was designed for single-user PCs, then connected to the internet without rethinking the threat model. AI agents are designed for helpful tasks, then given access to systems without rethinking the threat model.
- Core vulnerability: agents that can take actions (send emails, run code, access files) can be manipulated via prompt injection.
- Prompt injection at scale: if an agent reads user-generated content (emails, documents, web pages) as part of its task, malicious content can redirect the agent’s behavior.
- The fix: security primitives need to be built into agent infrastructure — not bolted on later. Isolation, capability restrictions, audit logging.
- Timeline: this will get worse before it gets better — adoption is accelerating faster than security awareness.
Concepts
- Coding Agents — security design for agentic systems
- AI Alignment — agent security is an alignment-adjacent problem