About this episode
We explore the rapid paradigm shift from passive chatbots to autonomous "agentic" AI, where new standards like the Model Context Protocol (MCP) grant systems the power to execute code and access sensitive files. Drawing on a massive empirical study of over 31,000 agent skills and real-world espionage campaigns like GTG-1002, we expose how attackers leverage "tool poisoning" and indirect prompt injection to hijack these agents for data exfiltration. Finally, we unpack essential defense strategies, including the NIST AI Risk Management Framework and the new OWASP Top 10 for Agentic Applications, to help organizations close the dangerous "consent gap" between user permissions and agent actions.
https://cisomarketplace.com/blog/agentic-desktop-agents-ai-local-file-access-security
https://cisomarketplace.com/blog/agentic-browser-revolution-ciso-guide-ai-attack-surface
https://cisomarketplace.com/blog/workflow-automation-blind-spot-zapier-n8n-power-automate-security
https://cisomarketplace.com/blog/ai-agent-security-crisis-mcp-vulnerabilities
https://cisomarketplace.com/blog/agent-skills-next-ai-attack-surface
https://breached.company/over-1-000-clawdbot-ai-agents-exposed-on-the-public-internet-a-security-wake-up-call-for-autonomous-ai-infrastructure/
Sponsors:
https://airiskassess.com
https://compliance.airiskassess.com
https://cloudassess.vibehack.dev
https://vibehack.dev
