As AI assistants evolve from passive models into autonomous tool users, their risk profile is fundamentally changing. Protocols like MCP enable agents to execute code, query databases, and chain workflows, expanding capability, but also exposing a largely unmonitored attack surface. While much of the industry focuses on prompt injection and alignment, a more critical vulnerability is emerging in the tools these agents trust and invoke.

The session explores how adversaries exploit tool discovery and execution pathways, turning utility into a vector for compromise, and highlights why traditional security models fail to detect or mitigate these risks.

In this session, you will learn: 

• Why AI toolchains create a new, invisible attack surface beyond prompts and models;
• How attackers exploit dynamic tool discovery and execution in agent workflows;
• Rethinking security from endpoint protection to distributed AI attack graph defense.