Agentic applications expand the attack surface through complex workflows, autonomous decision-making and dynamic tool invocation, making them more vulnerable to certain vulnerabilities and intentional abuse than traditional software.
This article examines nine attack scenarios, showing how an attacker could use them to achieve outcomes such as information leakage, credential theft, tool exploitation and remote code execution.
To test the risks of these attack vectors, two functionally identical applications were developed using open-source agent frameworks for genAI applications, with the same attacks executed on both implementations and outcomes monitored.
The results showed that both applications were vulnerable to the attack scenarios, supporting the assertion that agent-based applications need additional security monitoring and controls to protect against these emerging threats.
The article concludes by examining mitigations and recommending a defence-in-depth strategy that applies multiple safeguards across the application stack to enhance security.
