The seven new failure modes it has recognized are:
- Agentic Provide Chain Compromise —agent conduct may be affected by pure language fairly than malicious code;
- Purpose Hijacking — adversarial directions seem aligned with authentic activity completion, whereas silently redirecting the agent’s terminal purpose;
- Inter-Agent Belief Escalation —a compromised agent asserts false id or inflates claimed permissions to an orchestrator;
- Pc Use Agent (CUA) Visible Assault — brokers working by means of graphical interfaces may be manipulated by means of content material that carries adversarial directions for the agent;
- Session Context Contamination —an adversary introduces information that biases the agent’s reasoning in subsequent steps, with out triggering security controls at any particular person step;
- MCP / Plugin Abuse — an replace on the unique taxonomy’s protection of operate compromise round MCP and plugin protocols, particularly assault surfaces particular to these protocols;
- Functionality / Structure Disclosure —an agent reveals inner implementation particulars equivalent to instrument names and schemas, system-prompt construction, reminiscence interfaces, or consent/human-in-the-loop set off logic.
Microsoft advises safety groups utilizing these definitions to affect their planning to stock their your provide chain, producing a software program invoice of supplies (SBOM) for each deployed agent, to confirm agent id cryptographically, not positionally, by issuing attestable credentials at provisioning, so as to add the seven new failure modes to their red-team protection matrix, and to audit the human-in-the-loop person expertise as a safety management.
This text first appeared on InfoWorld.
