Overview
As organizations expand beyond closed AI ecosystems, more open and extensible agentic platforms are emerging with far fewer guardrails.
Hermes Agent is one example. In DTEX research, Hermes enabled a fully automated red-team simulation, including command-and-control capabilities, with minimal restrictions. Designed for flexibility and autonomy, platforms like Hermes can blur the line between human and agent activity.
When abused, they can:
- Connect endpoint activity to external messaging platforms such as Telegram, WhatsApp, Slack, Discord, and Teams
- Pull and execute code from public repositories
- Automate multi-stage attack workflows
- Obscure attribution between a user and an AI agent
- Operate continuously using legitimate credentials and approved tools
Because these agents act as the user, their behavior rarely matches the malware and exploit patterns traditional security controls are designed to detect.
What you’ll learn:
- How Hermes activity appears across endpoints, files, browsers and mobile gateways
- Why unapproved agents can create data exposure, supply chain and attribution risk
- What indicators help teams detect agentic AI activity before exposure
RSVP for the workshop
View ITA library
The DTEX i³ Insider Risk Research Hub publishes regular insider threat research and advisories based on real-world investigations to help analysts stay ahead of insider threats as they arise.
Contact I3 team
DTEX i3 provides threat briefings on the latest insider risk research, early behavioral warning signs, and best practices, using data-driven insights from internal experts and partners like MITRE.


