My AI agent talks to your AI agent -- what could possibly go wrong?
23 Oct 2025
Level 1 | Exhibition Hall, Sands Expo and Convention Centre
Securing AI in Practice
As AI Agents increasingly collaborate to work and carry out actions on behalf of users, a new attack surface is emerging -- where the trust between AI Agents is exploited. This talk explores cyber risks enabled by the Model Context Protocol (MCP) for inter-agent communication, and how malicious actors can hijack AI Agents workflows.
The root cause? LLMs treat all input as a prompt, and inherently do not differentiate between instructions and data. Until this improves, attackers will keep exploiting this weakness.
We’ll examine the MCP Attack on GitHub, where clever hackers can hijack the agent instructions and cause data leak in GitHub — with no code exploit needed. We map such risks to the OWASP Top 10 for LLMs, including Prompt Injection, Sensitive Information Disclosure, and Supply Chain risks.
Through real-world attack scenarios, we reveal why blindly trusting AI-to-AI collaboration is risky — and suggest some ways to mitigate such risks in your enterprise.
The root cause? LLMs treat all input as a prompt, and inherently do not differentiate between instructions and data. Until this improves, attackers will keep exploiting this weakness.
We’ll examine the MCP Attack on GitHub, where clever hackers can hijack the agent instructions and cause data leak in GitHub — with no code exploit needed. We map such risks to the OWASP Top 10 for LLMs, including Prompt Injection, Sensitive Information Disclosure, and Supply Chain risks.
Through real-world attack scenarios, we reveal why blindly trusting AI-to-AI collaboration is risky — and suggest some ways to mitigate such risks in your enterprise.
