Agentic AI and Model Context Protocol's Security Vulnerabilities

Explore the critical security vulnerabilities emerging in the transition from conversational AI chatbots to autonomous AI agents in this 51-minute conference talk. Delve into how the Model Context Protocol (MCP) has created unprecedented attack surfaces, with recent research showing over 50% of agentic tasks are vulnerable to injection attacks that can lead to file deletion, data exfiltration, and code execution. Examine the paradigm shift from informational harm to instrumental harm, where AI agents move beyond simple input/output interactions to observation/thought/action workflows that can be exploited for operational compromise. Learn about the "Agentic Gap" phenomenon, where cognitive load during tool execution degrades a model's safety training, causing it to prioritize task completion over security constraints. Discover advanced attack vectors including Indirect Prompt Injection (IPI), Tool Poisoning, Context Manipulation techniques like TopicAttack and WebInject, Schema Poisoning, Output-Based Poisoning, and the "Evil Twin" attack for tool impersonation. Understand why traditional defenses such as defensive prompting and standard RLHF prove insufficient against sophisticated adversarial attacks, and explore the detection paradox where large context windows and Chain of Thought reasoning actually increase vulnerability. Gain insights into the necessary evolution from model safety to system-level security, emphasizing defense-in-depth strategies and the architectural approach to securing agentic AI systems in the MCP ecosystem.