Risk
Untested Tool Chain and Multi-Agent Workflows
Description
Red team only tests single-agent behavior, not full orchestration paths โ multi-agent workflows, A2A handoffs, and tool-chain attacks remain unexamined.
Example
Each agent passes individual red-team review; an attacker chains them via A2A to escalate from a low-privilege agent into a high-privilege one (agent session smuggling pattern).
Assets Affected
AI Agent
Tool
Agent Communication Protocol (ACP)
Framework
Mitigation
- Include multi-agent and A2A scenarios in red-team scope
- test full tool chains and orchestration paths
- simulate cross-agent privilege escalation
- cover MCP-gateway routes.
Standards Mapping
- ISO: A.6.2.4
- OWASP agentic: ASI02, ASI07
- OWASP LLM: LLM06:2025
- EU AI Act: Art. 15
- DASF: Agents-Core 13.2, Agents-Core 13.12
- AIUC-1: B001, D004