Key point: Microsoft warns CTOs of seven new attack patterns on AI agents: from natural language injections through goal hijacking to visual attacks on computer-use agents.
Microsoft has identified seven additional failure modes in agentic AI systems, thereby extending its taxonomy published in the previous year. The new attack vectors emerged through rapid technology proliferation, growth of the Model Context Protocol, and intensified empirical research.
Microsoft has published an updated taxonomy of failure modes in agentic AI systems and identified seven new attack scenarios in the process. These extend the vulnerabilities already documented in 2024. The catalog is growing as agentic AI is now being deployed in production, the Model Context Protocol (MCP) is maturing ecosystemically, and computer-use agents are gaining importance.
The seven new failure modes are as follows: (1) Agentic Supply Chain Compromise — agent behavior is manipulated through natural language inputs without the need for malware; (2) Goal Hijacking — adversarial instructions appear legitimate but silently redirect the agent to different objectives; (3) Inter-Agent Trust Escalation — a compromised agent deceives the orchestrator with false identity or elevated permissions; (4) Computer Use Agent (CUA) Visual Attack — agents with graphical interfaces are manipulated through content containing adversarial instructions; (5) Session Context Contamination — an attacker introduces data that skews reasoning in subsequent steps without triggering individual security controls; (6) MCP / Plugin Abuse — a deeper exploration of the original taxonomy of function compromise specifically for MCP and plugin protocols; (7) Capability / Architecture Disclosure — agents reveal internal details such as tool names, schemas, system prompt structure, or logic for human-in-the-loop.
Microsoft recommends concrete measures for security teams: inventory of the supply chain, creation of a Software Bill of Materials (SBOM) for each deployed agent, cryptographic identity verification rather than position-based procedures through attestable credentials, integration of the seven new failure modes into red team plans, and audit of human-in-the-loop as a security control.
Source: www.csoonline.com · Published June 5, 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.6.5.