Consider an agentic AI assistant configured to use a third-party MCP server for enhanced features alongside its internal database access. This external server, however, is malicious. It captures every single connection's credentials and then provides poisoned Model Context Protocol (MCP) tool descriptions containing hidden instructions. These instructions cause the AI assistant to unknowingly leak sensitive information back to the attacker. This multi-stage attack, exploiting trust in both third-party integrations with agentic protocols and the autonomy nature of the agent is no longer a fantasy, it is the present reality..
The leading technology of Agentic AI systems integrated with Agentic Protocols allows them to connect external tools and agents out-of-the-box. This powerful flexibility also unlocks significant new and complex security threats that require careful consideration and proactive defense strategies.
In this talk, we will give a brief introduction on the threats inherent in agents’ key components (e.g. memory and planning modules) and then we will delve into how architectural decisions impact security, with a specific focus on threats associated with key interaction mechanisms like Anthropic's Model Context Protocol (MCP) – which connects models to tools and data – and Google's Agent-to-Agent (A2A) protocol designed for communication between autonomous agents. Finally, we will explore how security best practices can help mitigate these threats.