Emerging AI Attack Vectors: The Rising Threat of MCP-Enabled Attacks on Agentic AI
About This Session
As generative AI systems become increasingly embedded within enterprise applications and critical infrastructure, attackers are rapidly evolving new methods to subvert their behavior. This session provides a deep dive into the emerging landscape of prompt injection vulnerabilities, with a particular focus on Model Context Protocol (MCP)—a rapidly growing surface for sophisticated, indirect exploitation.
We begin by mapping out the new attack vectors that go beyond traditional prompt manipulation, including:
• Advanced indirect injections through RAG systems and stored memory,
• Multimodal injections leveraging audio, images, and steganography,
• And most critically, MCP-based attacks that exploit tool descriptions, agent planning logic, and retrieval-agent deception techniques.
Attendees will gain insight into how MCP tool poisoning, RADE attacks, and “rug pull” strategies exploit the trust models embedded within AI agents, allowing attackers to hijack LLM behavior without direct interaction.
We also explore the “distraction effect”—a novel mechanism where attackers manipulate internal attention weights within transformer architectures—and the “policy puppetry attack”, which uses leetspeak, roleplay, and structured inputs to bypass safety filters across models.
The session closes by reflecting on the fundamental architectural challenges in mitigating these threats, examining why traditional input/output filtering, prompt engineering, and adversarial training may fall short.
This is a must-attend session for AI researchers, security professionals, and developers who want to stay ahead of evolving threats and understand how protocols like MCP are transforming both AI capabilities and their associated risks.
We begin by mapping out the new attack vectors that go beyond traditional prompt manipulation, including:
• Advanced indirect injections through RAG systems and stored memory,
• Multimodal injections leveraging audio, images, and steganography,
• And most critically, MCP-based attacks that exploit tool descriptions, agent planning logic, and retrieval-agent deception techniques.
Attendees will gain insight into how MCP tool poisoning, RADE attacks, and “rug pull” strategies exploit the trust models embedded within AI agents, allowing attackers to hijack LLM behavior without direct interaction.
We also explore the “distraction effect”—a novel mechanism where attackers manipulate internal attention weights within transformer architectures—and the “policy puppetry attack”, which uses leetspeak, roleplay, and structured inputs to bypass safety filters across models.
The session closes by reflecting on the fundamental architectural challenges in mitigating these threats, examining why traditional input/output filtering, prompt engineering, and adversarial training may fall short.
This is a must-attend session for AI researchers, security professionals, and developers who want to stay ahead of evolving threats and understand how protocols like MCP are transforming both AI capabilities and their associated risks.
Speaker
Madan Singhal Singhal
Head of AI - Singulr AI
Madan Singhal is the AI Head at Singulr AI, where he leads the mission to secure AI builders and responsible AI usage across mid-to-large enterprises. Previously, he was a Staff Engineer 2 at VMware, working on cutting-edge innovations in virtualization and network infrastructure.
Madan was also a founding member of Arkin, a company focused on simplifying network virtualization for enterprises, which was later acquired by VMware. Earlier in his career, he held engineering roles at Microsoft, where he contributed to the development of large-scale software systems.
Madan was also a founding member of Arkin, a company focused on simplifying network virtualization for enterprises, which was later acquired by VMware. Earlier in his career, he held engineering roles at Microsoft, where he contributed to the development of large-scale software systems.