I think it depends on where you work. I do quite a lot of work with agentic AI, but it's not like it's much of a risk factor when they have access to nothing. Which they won't have because we haven't even let humans have access to any form of secrets for decades. I'm not sure why people think it's a good idea, or necessary, to let agents run their pipelines, especially if you're storing secrets in envrionment files... I mean, one of the attacks in this article is getting the agent to ignore .gitignore... but what sort of git repository lets you ever push a .env file to begin with? Don't get me wrong, the next attack vector would be renaming the .env file to 2600.md or something but still.

That being said. I think you should actually upscale your party doomsaying. Since the Russian invasion kicked EU into action, we've slowly been replacing all the OT we have with known firmware/hardware vulnerabilities (very quickly for a select few). I fully expect that these are used in conjunction with whatever funsies are being build into various AI models as well as all the other vectors for attacks.