OWASP FinBot is an intentionally vulnerable agentic AI application designed to teach real-world security risks in AI agents beyond prompt injection alone. This Arsenal session demonstrates how an AI assistant connected to business tools can be manipulated through indirect prompts, unsafe tool use, broken authorization, and weak runtime controls. Attendees will see and experience first-hand how attacker-controlled inputs can influence agent behavior, trigger unsafe actions, and expose sensitive data.