4 – Agentic Supply Chain Vulnerabilities
Compromised or malicious third-party agents, tools, models, interfaces, or registries introduce hidden instructions or unsafe behavior into agentic ecosystems. For example, an attacker can embed hidden instructions into a tool’s meta-data.
5 – Unexpected Code Execution
Agent-generated or agent-invoked code executes in unintended or adversarial ways, leading to host, container, or environment compromise. AI agents can generate code on the fly, bypassing normal software controls, and attackers can leverage this. For example, a coding agent writing a security patch might include a hidden back door due to poisoned training data or adversarial prompts.
6 – Memory and Context Poisoning
Attackers corrupt persistent agent memory, RAG stores, embeddings, or shared context to affect an agent’s future actions. For example, an attacker keeps mentioning a fake price for a product, which gets stored into an agent’s memory, and the agent might later think the price is valid and approves bookings at that price.
