4 – Agentic Provide Chain Vulnerabilities
Compromised or malicious third-party brokers, instruments, fashions, interfaces, or registries introduce hidden directions or unsafe habits into agentic ecosystems. For instance, an attacker can embed hidden directions right into a software’s meta-data.
5 – Surprising Code Execution
Agent-generated or agent-invoked code executes in unintended or adversarial methods, resulting in host, container, or atmosphere compromise. AI brokers can generate code on the fly, bypassing regular software program controls, and attackers can leverage this. For instance, a coding agent writing a security patch would possibly embrace a hidden again door attributable to poisoned coaching knowledge or adversarial prompts.
6 – Reminiscence and Context Poisoning
Attackers corrupt persistent agent reminiscence, RAG shops, embeddings, or shared context to have an effect on an agent’s future actions. For instance, an attacker retains mentioning a faux worth for a product, which will get saved into an agent’s reminiscence, and the agent would possibly later assume the value is legitimate and approves bookings at that worth.
