Agentic AI Attack Surface · Live Demos
Access code provided at the session.
InfoSec Taiwan 2026

The Agentic AI Attack Surface

智慧代理 AI 攻擊面的內幕

The Next Frontier of Cyber Threats · 下一代網路威脅的最前線

Aaron Ang · Hesed & Emet Advisory
3 Live Demos · 三場實機示範
01

Poisoned Webpage

被污染的網頁

The agent reads a normal-looking page. Hidden instructions inside it hijack the agent and exfiltrate its secrets.

代理讀取一個看似正常的網頁,藏在其中的指令劫持代理並外洩機密。

Indirect Prompt Injection · 間接提示注入
START DEMO
02

Tool Response Poisoning

工具回應污染

A trusted tool returns poisoned data. The agent treats it as a command and leaks the user's API keys.

受信任的工具回傳被污染的資料,代理將其當成命令執行,洩漏使用者的金鑰。

Compromised Tool Output · 工具信任濫用
START DEMO
03

Full Agentic Kill Chain

完整代理攻擊鏈

One poisoned page compromises three agents: persistence in memory, lateral movement, and full data exfiltration.

一個被污染的網頁攻陷三個代理:記憶體持久化、橫向移動、完整資料外洩。

Multi-Agent Compromise · 多代理攻陷
START DEMO