{"id":8400,"date":"2026-06-05T17:20:34","date_gmt":"2026-06-05T17:20:34","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=8400"},"modified":"2026-06-05T17:20:34","modified_gmt":"2026-06-05T17:20:34","slug":"microsoft-identifies-seven-new-ways-ai-agents-can-be-hacked","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=8400","title":{"rendered":"Microsoft identifies seven new ways AI agents can be hacked"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Microsoft has identified seven new failure modes in agentic AI systems, in addition to those it identified last year in its first <a href=\"https:\/\/cdn-dynmedia-1.microsoft.com\/is\/content\/microsoftcorp\/microsoft\/final\/en-us\/microsoft-brand\/documents\/Taxonomy-of-Failure-Mode-in-Agentic-AI-Systems-Whitepaper.pdf\" target=\"_blank\" rel=\"noopener\">Taxonomy of Failure Modes in Agentic AI Systems<\/a>.<\/p>\n<p>Four things contributed to the growing list of <a href=\"https:\/\/www.infoworld.com\/article\/4040909\/why-ai-fails-at-business-context-and-what-to-do-about-it.html\">ways agentic AI can go wrong<\/a>: the speed at which the technology went mainstream, the growing maturity of the Model Context Protocol (MCP) ecosystem, the rise of computer-use agents, and finally the gathering of more empirical evidence as researchers obtained more real-life findings.<\/p>\n<p>The <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/06\/04\/updating-taxonomy-failure-modes-agentic-ai-systems-year-red-teaming-taught-us\/\">seven new failure modes<\/a> it has identified are:<\/p>\n<p>Agentic Supply Chain Compromise \u2014agent behavior can be affected by natural language rather than malicious code;<\/p>\n<p>Goal Hijacking \u2014 adversarial instructions appear aligned with legitimate task completion, while silently redirecting the agent\u2019s terminal goal;<\/p>\n<p>Inter-Agent Trust Escalation \u2014a compromised agent asserts false identity or inflates claimed permissions to an orchestrator;<\/p>\n<p>Computer Use Agent (CUA) Visual Attack \u2014 agents operating through graphical interfaces can be manipulated through content that carries adversarial instructions for the agent;<\/p>\n<p>Session Context Contamination \u2014an adversary introduces data that biases the agent\u2019s reasoning in subsequent steps, without triggering safety controls at any individual step;<\/p>\n<p>MCP \/ Plugin Abuse \u2014 an update on the original taxonomy\u2019s coverage of function compromise around MCP and plugin protocols, specifically attack surfaces specific to those protocols;<\/p>\n<p>Capability \/ Architecture Disclosure \u2014an agent reveals internal implementation details such as tool names and schemas, system-prompt structure, memory interfaces, or consent\/human-in-the-loop trigger logic.<\/p>\n<p>Microsoft advises security teams using these definitions to influence their planning to inventory their your supply chain, generating a software bill of materials (SBOM) for every deployed agent, to verify agent identity cryptographically, not positionally, by issuing <a href=\"https:\/\/www.csoonline.com\/article\/4163365\/what-cisos-need-to-get-right-as-identity-enters-the-agentic-era.html\">attestable credentials<\/a> at provisioning, to add the seven new failure modes to their red-team coverage matrix, and to audit the human-in-the-loop user experience as a security control.<\/p>\n<p><em>This article first appeared on <a href=\"https:\/\/www.infoworld.com\/article\/4181844\/microsoft-identifies-seven-new-ways-ai-agents-can-be-hacked.html\">InfoWorld<\/a>.<\/em><\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Microsoft has identified seven new failure modes in agentic AI systems, in addition to those it identified last year in its first Taxonomy of Failure Modes in Agentic AI Systems. Four things contributed to the growing list of ways agentic AI can go wrong: the speed at which the technology went mainstream, the growing maturity [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":8401,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-8400","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8400"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8400"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8400\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/8401"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8400"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8400"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8400"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}