DEV Community • 2h
The Rise of Agentic AI: New Attack Surfaces in Coding Agents and MCP
The transition from passive LLM suggestions to agentic AI introduces critical vulnerabilities via Indirect Prompt Injection and Model Context Protocol (MCP) tool poisoning. By exploiting the LLM's inability to distinguish between data and instructions, attackers can embed malicious commands in external sources that agents process. When agents possess privileged toolsets—including Git write access and filesystem interaction—these injections enable remote code execution (RCE), silent supply chain compromise through unauthorized repository commits, and the exfiltration of environment variables or SSH keys. This expands the attack surface from simple prompt manipulation to automated, privileged system exploitation.