Stenobird

Episode

Along The Edge e3: Breaking AI Agents: From Jailbreaks to MCP Exploits with Javi Rivera

Podcast
Along The Edge Podcast: Breaking, Defending, and Understanding Agentic AI
Published
Feb 13, 2026
Duration seconds
3361
Processing state
processed
Canonical source
https://share.transistor.fm/s/d219fca3
Audio
https://media.transistor.fm/d219fca3/85e93a4b.mp3
JSON
/v1/public/podcasts/along-the-edge-agentic-ai/episodes/along-the-edge-e3-breaking-ai-agents-from-jailbreaks-to-mcp-exploits-with-javi-rivera
Markdown
/podcast/along-the-edge-agentic-ai/along-the-edge-e3-breaking-ai-agents-from-jailbreaks-to-mcp-exploits-with-javi-rivera.md

Actions

  • POST https://stenobird.com/v1/public/podcasts/along-the-edge-agentic-ai/episodes/along-the-edge-e3-breaking-ai-agents-from-jailbreaks-to-mcp-exploits-with-javi-rivera/transcription-requests
    Idempotently request low-priority transcript generation for this episode.
  • GET https://stenobird.com/podcast/along-the-edge-agentic-ai/along-the-edge-e3-breaking-ai-agents-from-jailbreaks-to-mcp-exploits-with-javi-rivera.md
    Read the agent-friendly Markdown representation of this episode resource.

Summary

AI agents introduce a new attack surface where traditional vulnerabilities like SQL injection and XSS are weaponized through model capabilities. This episode explores how the integration of tools and web access transforms prompt injection into a high-impact supply chain risk.

Topics

  • AI Security
  • Agentic AI
  • Prompt Injection
  • Model Context Protocol
  • Penetration Testing
  • LLM Vulnerabilities
  • Cybersecurity
  • Supply Chain Attacks

Highlights

  • Main idea: Agentic AI security is less about breaking the LLM and more about exploiting the tools and environments the agent can access
  • Failure mode: Using unverified MCP servers creates a massive supply chain risk by allowing malicious code execution through trusted agent workflows
  • Practical takeaway: Defense requires a 'defense in depth' approach, including sandboxing, least privilege, and strict input/output sanitization
  • Technical distinction: Security researchers must differentiate between manipulating the model's weights/logic and manipulating the agent's tool-use capabilities
  • Future threat: The rise of autonomous, thinking bots will enable automated, large-scale offensive campaigns that can adapt to defenses in real-time

Chapters

  1. 1:00 The Evolution of Offensive Security: Javi Rivera discusses his transition from traditional network and web application penetration testing to focusing on the vulnerabilities within agentic workflows.
  2. 5:05 Classic Exploits in an Agentic World: An analysis of how SQL injection, XSS, and command injection remain viable threats when agents are granted access to external APIs and web tools.
  3. 13:15 System Prompts and Constraints: How developers use system prompts to define agent boundaries and how attackers attempt to bypass these instructions to manipulate agent behavior.
  4. 21:35 Data Exfiltration Techniques: Exploring how attackers use structured patterns to trick models into leaking sensitive information like credentials or internal file contents.
  5. 30:10 Indirect Prompt Injection Demo: A walkthrough of the Gray Swan AI Arena, demonstrating how an attacker can manipulate an agent by poisoning the data sources it retrieves.
  6. 42:50 The MCP Supply Chain Risk: A critical look at the security implications of the Model Context Protocol (MCP) and the dangers of connecting agents to unverified third-party servers.
  7. 47:20 Defensive Strategies and Best Practices: Practical advice on implementing guardrails, sanitizing tool outputs, and maintaining strict access controls to mitigate agentic risks.