AI agents introduce a shift from static, deterministic pipelines to dynamic systems where identity drives execution. Agents select tools, invoke APIs, and interact with other agents at runtime, effectively turning identity into the control plane of the supply chain. This creates new attack paths where adversaries exploit implicit trust, delegated permissions, and unverified dependencies without needing access to infrastructure.

This talk presents a hands-on exploration of these risks using a live lab based on OWASP ASI04 agentic supply chain vulnerabilities . Attendees will see real attack scenarios including typosquatted package injection, malicious MCP tool servers, dependency confusion, poisoned tool descriptors, RAG-based manipulation, and agent-to-agent trust abuse. Each scenario demonstrates how identity is misused to execute unauthorized actions across the system.

The core focus is mitigation using SBOM and provenance as runtime enforcement mechanisms, not just build-time artifacts. The session shows how to layer lightweight controls onto an existing agent infrastructure: verifying signed SBOMs for tools and dependencies, generating attestations for every agent action, and enforcing policy based on identity, provenance, and trust context.

A live before-and-after demonstration highlights how the same attacks succeed in an unverified environment and are blocked once SBOM validation and provenance checks are enabled.

Attendees will leave with a practical, implementation-ready model for securing agentic AI systems using existing supply chain security principles extended to dynamic, identity-driven environments.