AI Agent Tool
Adversaries may target AI agent tools as a means to compromise a victim's AI supply chain. Tools add capabilities to AI agents, allowing them to interact with other services, connect to data sources, access internet resources, run system tools, and execute code. They are an attractive target for adversaries because com
- Framework
- MITRE ATLAS
- Maturity
- Realized
- Platforms
- Predictive AI, Generative AI, Agentic AI
- Release
- 2026.05
Overview
Adversaries may target AI agent tools as a means to compromise a victim's AI supply chain. Tools add capabilities to AI agents, allowing them to interact with other services, connect to data sources, access internet resources, run system tools, and execute code. They are an attractive target for adversaries because compromising an AI agent can provide them with broad accesses and permissions on the victim's system via the agent's other tools.
Poisoned agent tools (See AI Agent Tool Poisoning) can contain malicious code or LLM Prompt Injections that manipulate the agent's behavior and even modify how other tools are called. Adversaries have successfully used a poisoned MCP server to exfiltrate private user data First Malicious MCP in the Wild: The Postmark Backdoor That's Stealing Your Emails.
Agent tools have exploded in popularity, with thousands of MCP servers available publicly Glama. They are often released on open-source software repositories such as GitHub, indexed on hubs specific to MCP servers MCP HubMCP Server Hub, and published to package registries such as NPM. AI agents can also be connected to remotely-hosted tools Remote MCP Servers. This creates an environment where malicious tools can proliferate rapidly and safeguards are often not in place.