You audited your code. You didn't audit the model, the dataset, the MCP server, or the npm package your AI coding assistant just suggested. Modern AI apps pull trust from everywhere and every one of those is an injection point. In this talk I'll poison an AI agent's supply chain: a backdoored dependency, a tampered RAG document, and a malicious MCP tool that quietly redirects what the agent does. Then we lock it down: pinning and verifying model and data provenance, sandboxing tool execution, and treating AI-suggested code as hostile until proven otherwise.