Norton AI Agent Protection: A new layer of security in Norton 360

AI agents can answer emails, install software, fill out forms, and access your files and credentials for you. They have the potential to take a lot of the drudgery out of digital life. But, left unchecked, an AI agent could inadvertently expose your sensitive data, install malware, or make irreversible changes to your system.

Norton AI Agent Protection, currently in beta, is a new feature of Norton 360 that empowers users to experiment with AI agents while reducing associated security risks. It adds a real-time checkpoint between what an AI agent decides to do and what it actually executes. This gives you more visibility and control over what your agent is doing on your device.

Norton is the first consumer Cyber Safety brand to deliver a security layer for people using AI agents.

Read on to learn more about Norton AI Agent Protection, how it works, and how it can help protect you against the security risks associated with untethered AI agents.

What are AI agents?

AI agents are a new evolution of the LLM chatbots we’re already familiar with. The key difference is that, unlike other types of AI like generative AI chatbots, AI agents can take action, not just generate responses to prompts. This could mean running commands, making purchases for you, working with your files, writing emails, or coding. Up-and-coming AI agent tools include Claude Code, Cursor, and OpenClaw.

An AI agent is like a tireless personal assistant who’s available 24/7, never complains, and can seemingly do anything — but who is also a little too trusting, sometimes follows instructions blindly, and can unintentionally make serious mistakes.

AI agents’ naivety is problematic because they need a wide range of permissions to live up to their full potential. For example:

• If you want your AI agent to answer your emails or post on LinkedIn, it might need your account login credentials.
• If you want it to install software and set up new tools on its own, you will need to grant it administrator rights on your computer.
• If you want it to search for a cheap flight and book it for you, it will need permissions to roam the internet, interact with websites, and use your credit card.
• If you want your AI agent to sign a contract, it will need permission to use your electronic signature.

Given the high level of autonomy and trust they require to perform certain helpful tasks, AI agents can pose serious privacy and security risks without the right guardrails in place.

Risk of using AI agents without protection

AI agents’ high level of autonomy, the extensive permissions they require, and their liability to follow instructions make these powerful tools potentially risky.

In prompt injection attacks, bad actors can manipulate AI agents into performing undesirable actions simply by telling them to. For example, a cybercriminal could prompt your agent to install malware, leak your data, send money, grant remote access to your device, or make changes to your system without your knowledge. Here are some concrete examples of the risks associated with unchecked AI agents.

Malicious skills and extensions

Many AI agents can be extended with downloadable “skills” or plugins that give them new capabilities. These are often pulled from public repositories, like ClawHub. Unfortunately, many of these skills aren’t properly vetted, and some pose serious security risks.

In one study on AI agents carried out by Gen, the company behind Norton, threat researchers found that roughly 400 skills in a public agent registry — about 12% of all available skills — were malicious: they contained prompts instructing the AI agent to download malware.

Supply-chain attacks

A supply-chain attack is when you or your AI agent installs a malicious package (a bundle of files, programs, or software) that has been tampered with or created by a cybercriminal.

To complete tasks, AI agents may install packages or tools automatically, especially when writing code or setting up environments. If one of those tools is unsafe, it can cause harm once it’s installed. It might collect your data, make unwanted changes, or give someone else access to your system.

Credential exposure and data leaks

AI agents often have access to sensitive information like passwords, API keys, and account tokens so they can complete tasks on your behalf. That access can be useful, but it also puts your data at risk of exposure. For example, an agent could be tricked into sending credentials to an external server or including them in code it generates.

Once credentials are exposed, attackers can use them to access your accounts, move laterally across systems, or automate further attacks. Because agents act quickly and often without review, these personal data breaches can happen before you realize anything is wrong. If a threat actor obtains enough of your personal data by manipulating your AI agent, they could steal your identity.

Unauthorized system changes

AI agents can make changes directly on your device, including creating, modifying, or deleting files, as well as adjusting system settings. In many cases, these actions happen in the background, so you may not notice them right away.

If something goes wrong, those changes can have real consequences. An agent could overwrite important files, alter configurations, or run commands you didn’t intend. Without visibility or control, even a small mistake can lead to data loss or system issues.

Use AI agents more safely: Introducing Norton AI Agent Protection

If you want your AI agent to take on more responsibility, you need to be able to trust it. That can be hard when so much of what it does happens behind the scenes. That’s where Norton AI Agent Protection comes in: it adds a real-time layer of security that checks every action your agent takes, helping block threats and flag risky behavior.

AI Agent Protection works quietly in the background to help protect you from certain AI scams and threats, like prompt injections, so you put your agent to work without constantly second-guessing what it’s really doing.

Norton AI Agent Protection was developed by Gen’s AI Foundry, the team behind the company’s next generation of AI-powered security tools. It’s part of a broader vision to build an AI Agent Trust Layer, designed to help keep people safe as AI systems move from simple interactions to real-world actions. It is a feature of Norton 360, Norton’s advanced suite of consumer Cyber Safety tools.

How Norton AI Agent Protection works

With Norton AI Agent Protection enabled, every action an agent takes is analyzed in real time using 300+ detection rules designed to catch risks like credential leaks, malicious URLs, unsafe downloads, and unexpected system changes. Based on that analysis, each action your agent tries to take triggers one of three outcomes: Allow, Ask, or Deny.

Allow: Safe actions proceed without Interruption

If an AI agent's action is recognized as safe, it runs normally, with no friction or interruption to your workflow.

Ask: Suspicious actions are paused for your review

For actions that look risky but aren’t definitively malicious, Norton pauses execution and gives you the choice to block or allow it, putting you back in the driver’s seat.

Deny: Confirmed threats are blocked automatically

When an action matches a known threat pattern (e.g., sending credentials to a malicious URL, running a destructive command), Norton AI Agent Protection simply blocks it.

Norton AI Agent Protection works across tools like Claude Code, Cursor, and OpenClaw. It’s supported on Windows, with Mac support coming soon.

Get started with Norton AI Agent Protection

To start using Norton AI Agent Protection, you just need an active Norton 360 subscription. If you’re already a customer, you can enable it from your dashboard. Navigate to Security > Advanced Security > Computer. Then, click Add Protection for the platform of your AI agent.

Dip your toes in the exciting new world of AI agents, backed by a layer of trust and security that helps keep you in control.

FAQs

What is Norton AI Agent Protection?

Norton AI Agent Protection is a new security feature within Norton 360 that provides real-time monitoring and oversight of AI agent actions on your device. It blocks threats and pauses suspicious actions for your review.

Which AI agents does Norton AI Agent Protection work with?

Norton AI Agent Protection currently supports Claude Code, Cursor, and OpenClaw, with additional integrations planned.

What platforms does Norton AI Agent Protection support?

Norton AI Agent Protection works for Norton 360 customers on Windows, with Mac support coming soon.

How does Norton AI Agent Protection detect threats?

Norton AI Agent Protection uses over 300 detection rules across multiple layers to identify threats in real time, with its core engine running locally on your device. It analyzes commands, files, and code to flag risky behavior and potential credential leaks, checks URLs against Norton’s threat intelligence to block phishing and malicious sites, and verifies tools your agent installs to catch fake or suspicious packages.

Do I need a separate subscription for Norton AI Agent Protection?

No. All Norton 360 customers have access to Norton AI Agent Protection while it is in beta. Plan eligibility may change after the beta period and additional features are developed.

Will AI Agent Protection slow down my AI tools?

No. Safe actions proceed without interruptions or slowdowns. Only confirmed threats are blocked, and suspicious actions are paused. Your workflow stays smooth.