Agentic systems don't just "get prompts wrong" - they fail across boundaries: agent to agent messaging, tool invocation and shared memory. In this short talk, we'll use OWASP FinBot - an open source tool by OWASP GenAI Security Project to reproduce three high impact failure modes mapped to the OWASP Agentic Top 10: goal hijack, tool-chain misuse, and memory/context poisoning. You'll see how each attack looks in traces, why it's hard to spot with traditional controls and what signals reliably indicate the system is drifting (even if outputs look reasonable). The talk is demo first: every scenario is compact, bite sized, repeatable micro CTF-challenge you can run internally to educate teams and evaluate your own agent designs. You will leave with a mental model of agentic risk boundaries and a checklist when reviewing real agent flows.