DTEX flags Claude Cowork insider-exfiltration risk

CyberScoop’s DTEX story is useful because it avoids the comforting version of AI-agent risk. This was not a clever exploit chain, a browser zero-day or a missing patch. DTEX says researchers used Claude Cowork workflows, including Dispatch from a phone to a desktop agent and a Salesforce agent plugin, to get data staged for exfiltration with ordinary single-turn prompts. That is a governance problem wearing a product demo’s clothes.

For compliance teams, the immediate issue is identity and auditability. If an employee, contractor or planted insider has access to Outlook, Salesforce, SharePoint, OneDrive and local endpoint files, an agent acting through that user can compress a lot of bad behavior into a short window. DTEX told CyberScoop the preparation time in its tests was 10 to 30 minutes, and that the broader execution window for some attacks has fallen from hours to minutes. Treat that as a vendor-research claim, but not as fantasy. It lines up with the May CISA, NSA and allied guidance warning that agentic AI needs least-privilege access, logging and governance inside existing cybersecurity programs (https://cyberscoop.com/cisa-nsa-five-eyes-guidance-secure-deployment-ai-agents/).

The Monday work is not mystical. Inventory which agents can touch which business systems, narrow their permissions, log prompts and tool calls where policy allows, and decide who is allowed to delegate regulated or sensitive workflows to them. If the incident team cannot tell whether an agent moved data because a human asked, because the agent misbehaved, or because an insider used it as cover, the organization has not deployed an assistant. It has deployed a very fast witness with a bad memory.