When Your AI Becomes the Breach: The Hidden Dangers of Agentic Skills
CISO Insights: Voices in Cybersecurity
Audio is streamed directly from the publisher (mcdn.podbean.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
We explore the rapid paradigm shift from passive chatbots to autonomous "agentic" AI, where new standards like the Model Context Protocol (MCP) grant systems the power to execute code and access sensitive files. Drawing on a massive empirical study of over 31,000 agent skills and real-world espionage campaigns like GTG-1002, we expose how attackers leverage "tool poisoning" and indirect prompt injection to hijack these agents for data exfiltration. Finally, we unpack essential defense strategies, including the NIST AI Risk Management Framework and the new OWASP Top 10 for Agentic Applications, to help organizations close the dangerous "consent gap" between user permissions and agent actions.
- https://cisomarketplace.com/blog/agentic-desktop-agents-ai-local-file-access-security
- https://cisomarketplace.com/blog/agentic-browser-revolution-ciso-guide-ai-attack-surface
- https://cisomarketplace.com/blog/workflow-automation-blind-spot-zapier-n8n-power-automate-security
- https://cisomarketplace.com/blog/ai-agent-security-crisis-mcp-vulnerabilities
- https://cisomarketplace.com/blog/agent-skills-next-ai-attack-surface
- https://breached.company/over-1-000-clawdbot-ai-agents-exposed-on-the-public-internet-a-security-wake-up-call-for-autonomous-ai-infrastructure/
Sponsors:
https://compliance.airiskassess.com
https://cloudassess.vibehack.dev