# agents
48 articlestagged with “agents”
Agent Delegation Attacks
Exploiting multi-agent delegation patterns to achieve lateral movement, privilege escalation, and command-and-control through impersonation and insecure inter-agent communication.
Agent Goal Hijacking
Techniques for redirecting AI agent objectives through poisoned inputs, indirect prompt injection, and multi-step manipulation -- the #1 ranked risk in OWASP's 2026 Agentic Top 10.
Agent Identity and Credential Theft
Exploiting how AI agents authenticate to external services -- credential theft through agent manipulation, MFA bypass, and impersonation attacks including BodySnatcher and CVE-2025-64106.
Agent Memory Poisoning
Techniques for injecting malicious content into agent memory systems -- conversation history, RAG stores, and vector databases -- to achieve persistent cross-session compromise.
Agent Supply Chain Attacks
Compromising AI agents through poisoned packages, backdoored MCP servers, malicious model registries, and weaponized agent frameworks -- including the Postmark MCP breach and NullBulge campaigns.
Autonomous Goal Drift
How autonomous AI agents drift from intended objectives through reward hacking, specification gaming, safety system bypass, and cascading failures in multi-agent systems.
Manipulating Reasoning Chains
Techniques for influencing an AI agent's chain-of-thought reasoning to steer its planning, decision-making, and tool selection toward attacker-desired outcomes.
Function Calling Exploitation
Practical attacks against OpenAI function calling, Anthropic tool use, and similar APIs -- injecting function calls through prompt injection, exploiting parameter validation gaps, and chaining calls.
Agent & Agentic Exploitation
Security overview of autonomous AI agents, covering the expanded attack surface created by tool use, persistent memory, multi-step reasoning, and multi-agent coordination.
MCP Security: Understanding and Defending the Protocol
A comprehensive guide to Model Context Protocol security — understanding the attack surface, known vulnerabilities (30+ CVEs in early 2026), and implementing robust defenses for MCP-enabled AI agent systems.
Attacking Multi-Agent Systems
Exploitation techniques for multi-agent architectures including inter-agent injection, trust boundary violations, cascading compromises, and A2A protocol attacks.
Rogue and Shadow Agents
How compromised, misaligned, or unauthorized AI agents operate within systems -- rogue agents that act harmfully while appearing legitimate, and shadow agents deployed without security review.
Exploiting Agent Tool Use
How to manipulate AI agents into calling tools with attacker-controlled parameters, abusing tool capabilities for data exfiltration, privilege escalation, and unauthorized actions.
Tool Use Exploitation
Comprehensive techniques for exploiting how AI agents call external tools and APIs, including tool description poisoning, overly permissive access abuse, and tool output manipulation.
Zero-Click Agent Compromise
Attacks where AI agents are compromised without any user interaction -- processing malicious content triggers autonomous execution, data exfiltration, and system compromise.
API Orchestrator Attacks
Attack techniques targeting AI agents that orchestrate multiple API calls, including parameter injection across API chains, confused deputy attacks in multi-API workflows, and exploiting trust relationships between orchestrated services.
Browser Agent Exploitation
Attack techniques targeting AI agents that control web browsers, including DOM injection, navigation hijacking, credential theft, and cross-origin exploitation of browser-controlling agents.
Code Agent Manipulation
Techniques for manipulating AI agents that generate, execute, and review code, including injection through code context, repository poisoning, execution environment attacks, and code review manipulation.
Computer Use Agent Attacks
Comprehensive analysis of attack vectors targeting AI systems with computer use capabilities, including GUI manipulation, pixel-level injection, and desktop environment exploitation techniques.
Email Agent Exploitation
Techniques for exploiting AI agents that process, summarize, draft, and act on emails, including injection through email content, attachment-based attacks, and workflow manipulation.
File System Agent Risks
Security risks of AI agents with file system access, including path traversal exploitation, symlink attacks, file content injection, data exfiltration through file operations, and privilege escalation via file system manipulation.
AI Agent Exploitation
Methodology for exploiting AI agent architectures through confused deputy attacks, goal hijacking, privilege escalation, and sandbox escape.
Agent Memory Poisoning
Techniques for poisoning AI agent short-term and long-term memory systems to achieve persistent compromise, inject behavioral backdoors, and survive conversation resets.
Scheduling Agent Attacks
Attack techniques targeting AI scheduling assistants that manage calendars, book meetings, and coordinate schedules, including calendar injection, availability manipulation, and scheduling-based social engineering.
Voice Agent Attacks
Attack techniques targeting voice-controlled AI agents, including adversarial audio injection, ultrasonic commands, voice cloning for authentication bypass, and conversation hijacking in voice-first AI systems.
Function Calling Exploitation
Overview of how LLM function/tool calling works, the attack surface it creates, and systematic approaches to exploiting function calling interfaces in AI systems.
Agentic Exploitation
Comprehensive coverage of security vulnerabilities in agentic AI systems, including MCP tool exploitation, multi-agent protocol attacks, function calling abuse, memory system compromise, framework-specific weaknesses, and workflow pattern attacks.
AWS Bedrock Agent Security Assessment
Security assessment of AWS Bedrock Agents including action groups, knowledge bases, and guardrail configurations.
AWS Bedrock Agents Security
Security assessment of AWS Bedrock Agents including action groups, knowledge bases, and guardrail integration.
GCP Vertex AI Agent Builder Security
Security assessment of Google Vertex AI Agent Builder including grounding, tool use, and safety settings.
Summer 2026 CTF: Agentic AI Security
An agentic AI security focused CTF with escalating agent challenges covering tool exploitation, multi-agent attacks, indirect injection, and agent persistence.
Agent Architectures & Tool Use Patterns
How ReAct, Plan-and-Execute, and LangGraph agent patterns work — tool definition, invocation, and result processing — and where injection happens in each architecture.
World Model Exploitation in AI Agents
Exploiting learned world models in AI agents to cause unsafe behavior through environmental manipulation.
Lab: Computer Use Agent Exploitation
Hands-on lab exploring attack vectors against GUI-based computer use agents that interact with screens through vision and action primitives.
Lab: Exploiting AI Agents
Hands-on lab for exploiting AI agents with tool access through indirect prompt injection, tool-call chaining, and privilege escalation techniques.
Lab: Agent Memory Manipulation
Hands-on lab for injecting persistent instructions into an agent's memory and context that affect future interactions and conversations.
Lab: Agent Prompt Leaking
Hands-on lab for extracting system prompts from tool-using AI agents by exploiting tool interactions, observation channels, and multi-step reasoning to leak protected instructions.
Lab: Data Exfiltration Techniques
Hands-on lab for extracting sensitive data from AI systems including system prompt extraction, context leakage via markdown rendering, and URL-based data exfiltration.
Lab: Function Calling Injection
Hands-on lab for exploiting function calling mechanisms by crafting inputs that manipulate which functions get called and with what parameters.
Lab: MCP Tool Abuse Scenarios
Hands-on lab for exploiting Model Context Protocol tool definitions through malicious tool descriptions, tool confusion attacks, and server impersonation.
Lab: Agent Permission Escalation
Hands-on lab for tricking AI agents into performing actions beyond their intended scope through privilege escalation techniques.
Lab: Tool Result Poisoning
Hands-on lab for poisoning tool outputs to redirect agent behavior by injecting malicious content through tool results.
Lab: Workflow Hijacking
Hands-on lab for redirecting multi-step agent workflows to perform unintended actions by manipulating intermediate states and control flow.
Agent Privilege Escalation Walkthrough
Walkthrough of escalating privileges in multi-agent systems through trust chain exploitation.
AWS Bedrock Red Team Walkthrough
Complete guide to red teaming AWS Bedrock deployments: testing guardrails bypass techniques, knowledge base data exfiltration, agent prompt injection, model customization abuse, and CloudTrail evasion.
CrewAI Agent Application Security Testing
End-to-end walkthrough for security testing CrewAI agent applications: crew enumeration, agent role exploitation, task injection, tool security assessment, delegation chain manipulation, and output validation.
LangChain Application Security Testing
End-to-end walkthrough for security testing LangChain applications: chain enumeration, prompt injection through chains, tool and agent exploitation, retrieval augmented generation attacks, and memory manipulation.
LlamaIndex RAG Application Security Testing
End-to-end walkthrough for security testing LlamaIndex RAG applications: index enumeration, query engine exploitation, data connector assessment, response synthesis manipulation, and agent pipeline testing.