AI agents are no longer simple chatbots they autonomously execute code, call external APIs, and make decisions across complex workflows. But what happens when the tools they trust are compromised?

This hands-on workshop explores ASI04: Supply Chain Vulnerabilities from the OWASP Top 10 for Agentic Applications (2026). Participants will attack a deliberately vulnerable AI agent system to understand how adversaries exploit the trust agents place in their dependencies.

Through five progressive challenges, attendees will:

-Install typosquatted packages that exfiltrate secrets on import

-Exploit a trojanized MCP (Model Context Protocol) server masquerading as legitimate tooling

-Execute dependency confusion attacks against "internal" packages

-Discover hidden prompt injections buried in tool descriptions

-Poison RAG knowledge bases to manipulate agent behavior

Each attack demonstrates a real-world vector currently affecting production AI systems. Participants will observe exfiltrated data in real-time on an attacker dashboard, making abstract threats tangible.

Key Takeaways:

Hands-on experience exploiting AI supply chain vulnerabilities

Understanding of OWASP's agentic AI threat landscape

Practical detection and mitigation strategies

Portable lab environment for continued learning

No prior AI/ML security experience required. Participants leave with the complete lab to continue practicing.

https://www.cloud-village.org/rsa26

24 March 26