Risk
Incomplete Red-Team Coverage
Description
Only the core model is tested; agent reasoning, tool-calling, plugins, MCP servers, system prompts, and inter-agent paths are excluded
Example
Plugin flaw or MCP description poisoning lets an attacker hijack an AI assistant; the red team only tested the underlying model.
Assets Affected
Framework
Tool
Skill
System Prompt
MCP Server
Agentic Platform
AI Agent
Mitigation
- Inventory all tools, agents, MCP servers, and inter-agent paths
- include system-level and protocol-level attack scenarios in threat scenarios
- simulate multi-agent and tool misuse
- cover endpoint, SaaS, and code/pipeline zones.
Standards Mapping
- ISO: A.6.2.4, A.5.2
- OWASP agentic: ASI04, ASI07
- EU AI Act: Art. 9(2)
- DASF: Platform 12.2
- AIUC-1: B001, C010