Attackers are evolving from “living off the land” and “living off the cloud” to “living off the AI,” abusing AI agents, MCP connectors, prompts, and shared vector stores to exfiltrate data, execute actions, and deploy malware through legitimate workflows. Defenders must treat agents as privileged users—apply least privilege, harden prompts and retrieval, enforce external policy controls, centralize logging and detections, and run adversarial tests to contain these risks. #MCP #ChromeCredentialStealer
Keypoints
- AI agents and MCP connectors can be abused to access and exfiltrate sensitive data through sanctioned workflows.
- Prompt injection and memory/retrieval poisoning can steer models to reveal secrets or perform malicious tasks.
- Overbroad tool permissions and uncontrolled connectors expand trust boundaries and enable “tooljacking.”
- Apply least privilege, egress allow‑lists, prompt versioning, and input/output validation to harden AI systems.
- Centralize agent logs, detect unusual tool chaining, run adversarial regression tests, and train users to spot prompt injection.
Read More: https://www.securityweek.com/living-off-the-ai-the-next-evolution-of-attacker-tradecraft/