# Along The Edge e3: Breaking AI Agents: From Jailbreaks to MCP Exploits with Javi Rivera Page: https://stenobird.com/podcast/along-the-edge-agentic-ai/along-the-edge-e3-breaking-ai-agents-from-jailbreaks-to-mcp-exploits-with-javi-rivera Text version: https://stenobird.com/podcast/along-the-edge-agentic-ai/along-the-edge-e3-breaking-ai-agents-from-jailbreaks-to-mcp-exploits-with-javi-rivera.md Podcast: [Along The Edge Podcast: Breaking, Defending, and Understanding Agentic AI](https://stenobird.com/podcast/along-the-edge-agentic-ai) Published: 2026-02-13T01:23:40+00:00 Episode link: https://share.transistor.fm/s/d219fca3 Audio file: https://media.transistor.fm/d219fca3/85e93a4b.mp3 Processing state: processed JSON: https://stenobird.com/v1/public/podcasts/along-the-edge-agentic-ai/episodes/along-the-edge-e3-breaking-ai-agents-from-jailbreaks-to-mcp-exploits-with-javi-rivera Duration seconds: 3361 ## Resource AI agents introduce a new attack surface where traditional vulnerabilities like SQL injection and XSS are weaponized through model capabilities. This episode explores how the integration of tools and web access transforms prompt injection into a high-impact supply chain risk. ## Highlights - Main idea: Agentic AI security is less about breaking the LLM and more about exploiting the tools and environments the agent can access - Failure mode: Using unverified MCP servers creates a massive supply chain risk by allowing malicious code execution through trusted agent workflows - Practical takeaway: Defense requires a 'defense in depth' approach, including sandboxing, least privilege, and strict input/output sanitization - Technical distinction: Security researchers must differentiate between manipulating the model's weights/logic and manipulating the agent's tool-use capabilities - Future threat: The rise of autonomous, thinking bots will enable automated, large-scale offensive campaigns that can adapt to defenses in real-time ## Topics AI Security, Agentic AI, Prompt Injection, Model Context Protocol, Penetration Testing, LLM Vulnerabilities, Cybersecurity, Supply Chain Attacks ## Chapters - 1:00 — The Evolution of Offensive Security: Javi Rivera discusses his transition from traditional network and web application penetration testing to focusing on the vulnerabilities within agentic workflows. - 5:05 — Classic Exploits in an Agentic World: An analysis of how SQL injection, XSS, and command injection remain viable threats when agents are granted access to external APIs and web tools. - 13:15 — System Prompts and Constraints: How developers use system prompts to define agent boundaries and how attackers attempt to bypass these instructions to manipulate agent behavior. - 21:35 — Data Exfiltration Techniques: Exploring how attackers use structured patterns to trick models into leaking sensitive information like credentials or internal file contents. - 30:10 — Indirect Prompt Injection Demo: A walkthrough of the Gray Swan AI Arena, demonstrating how an attacker can manipulate an agent by poisoning the data sources it retrieves. - 42:50 — The MCP Supply Chain Risk: A critical look at the security implications of the Model Context Protocol (MCP) and the dangers of connecting agents to unverified third-party servers. - 47:20 — Defensive Strategies and Best Practices: Practical advice on implementing guardrails, sanitizing tool outputs, and maintaining strict access controls to mitigate agentic risks. ## Actions - request_transcript: `POST https://stenobird.com/v1/public/podcasts/along-the-edge-agentic-ai/episodes/along-the-edge-e3-breaking-ai-agents-from-jailbreaks-to-mcp-exploits-with-javi-rivera/transcription-requests` — Idempotently request low-priority transcript generation for this episode. - read_markdown: `GET https://stenobird.com/podcast/along-the-edge-agentic-ai/along-the-edge-e3-breaking-ai-agents-from-jailbreaks-to-mcp-exploits-with-javi-rivera.md` — Read the agent-friendly Markdown representation of this episode resource. A page view does not enqueue transcription. Agents should invoke `request_transcript` explicitly when they need this episode processed. ## Transcript Full transcripts are not published on public pages unless there is a clear rights basis.