Agentic AI is reshaping how software is built, tested, and deployed. Instead of static pipelines, we now see flexible workflows where autonomous agents select tools, call external services, modify infrastructure, and generate code on the fly. This shift brings speed and scale, but it also cracks open an entirely new category of supply-chain risk. When agents act as intermediaries, every tool invocation becomes a trust decision, and every prompt becomes an entry point for influence.
This talk covers how these systems expand familiar threats like dependency confusion, credential misuse, and malicious third-party integrations. It shows how agent-specific behaviors such as chaining tool adapters, delegating tasks to ephemeral sub-agents, and interpreting unstructured instructions create fresh opportunities for attackers to slip into the automation layer. We walk through real-world failure patterns, including hostile capability plugins, poisoned retrieval sources, and prompt-level attacks that steer agents toward unsafe tool choices.

The second half of the talk also covers mitigation. We outline a practical defense strategy built around secure trust registries, signed capability manifests, and verifiable agent identities. We explore how SLSA-aligned controls, artifact signing, and federated RA/CA models can bring the same rigor we expect in human-driven pipelines into autonomous workflows. The goal is to give engineering and security teams a blueprint for hardening agentic automation without slowing it down. Audience will walk away with a clear understanding of the new supply-chain threats introduced by agent-driven tools and a concrete path to making those systems resilient, predictable, and trustworthy

HackMiami 2026- May 26