Entra.News - Your weekly dose of Microsoft Entra
Entra.Chat
Attackers Are Targeting The AI Ecosystem You Cannot See
0:00
-44:18

Attackers Are Targeting The AI Ecosystem You Cannot See

Practical AI threat intelligence playbook

AI agent security is not just about attackers using AI.

It is also about attackers targeting the agent ecosystem most organizations cannot see clearly yet: MCP servers, agent skills, packages, API keys, prompts, tools, and the identity layer underneath all of it.

In this episode, I sit down with Thomas Roccia, founder of Security Break and a former Microsoft threat researcher, to look at AI agents from the threat-intelligence side. Thomas explains why the easiest path for attackers may not be futuristic autonomous hacking. It may be the boring weak spots that already exist: malicious packages, untrusted MCP servers, hostile agent skills, leaked API keys, and AI-generated code that chooses the fastest path instead of the safest one.

For Entra admins and security teams, this is where Agent ID, non-human identity, workload identity, logging, sponsorship, and governance start to matter. Entra Agent ID gives teams a way to identify and govern agents, but identity is only one part of the picture. You still need to understand what agents can discover, what tools they can call, what context they consume, and whether you can replay what they actually did.

Thomas also breaks down his practical AI threat-intelligence work, including how teams can use agents for CTI, how adversarial prompts and context flooding change the risk model, and why defenders need to understand the attacker side of agent security before these systems become invisible production infrastructure.


Sponsored by

Secure BYOD WiFi Without MDM enrollment

Keytos Connect is a new mobile and desktop app that makes it easy for users to connect personal and BYOD devices to enterprise and campus WiFi without shared passwords, manual certificate installs, or traditional MDM enrollment. Users simply download the app, sign in with their work or school account, and Keytos handles the rest. It also works alongside Intune, allowing organizations to continue managing corporate-owned devices while simplifying connectivity for personal devices.

  • Connect in minutes: users download the app, sign in, and get securely onboarded to WiFi

  • No MDM required: enable secure access for personal devices without giving IT full control of them

  • Works alongside Intune: keep your existing management workflows for corporate devices while enabling secure BYOD access

  • Automatic certificate management: certificate issuance and renewal happen behind the scenes

  • Secure by default: EAP-TLS authentication eliminates shared WiFi passwords and provides unique credentials for every user

  • Multi-OS: Available across iOS, Android, Windows, and macOS devices

  • Included at no additional cost with existing EZRADIUS and EZCA subscriptions

Learn more about Keytos Connect and see how easy secure BYOD connectivity can be.

Learn more about Keytos Connect


About Thomas Roccia

Thomas Roccia is a threat researcher and founder of SecurityBreak, focused on AI threat intelligence, malware analysis, and AI agent security. He previously worked in incident response, malware analysis, threat intelligence, Microsoft Defender, and AI threat research. He is also the author of Visual Threat Intelligence and teaches practical AI for threat intelligence and agentic workflows.

LinkedIn - https://au.linkedin.com/in/thomas-roccia


Subscribe with your favorite podcast player or watch on YouTube 👇


Related Links


Chapters

00:00 Intro

00:33 Meet Thomas Roccia

01:48 From Malware Analysis to AI Threat Intel

03:30 Why AI Security Is Moving So Fast

05:49 Agentic Resource Discovery and New Standards

09:25 Attackers Are Already Using AI Agents

11:47 The AI Ecosystem Is The Target

15:26 Prompt Injection, MCP, Skills, and API Keys

20:28 Vibe Coding vs Production Security

23:47 Agent ID and Identity for AI Agents

32:30 Practical AI for Threat Intelligence

39:13 Monitoring Agents Like Threat Actors Do

42:28 Context Flooding and What’s Next


Podcast Apps

Apple Podcast - https://entra.chat/apple

YouTube - https://entra.chat/youtube

Spotify - https://entra.chat/spotify

Overcast - https://entra.chat/overcast

Pocketcast - https://entra.chat/pocketcast

Others - https://entra.chat/rss


Merill’s socials

YouTube - youtube.com/@merillx

LinkedIn - linkedin.com/in/merill

Twitter - twitter.com/merill

TikTok - tiktok.com/@merillf

Bluesky - bsky.app/profile/merill.net

Mastodon - infosec.exchange/@merill

Threads - threads.net/@merillf

GitHub - github.com/merill

Discussion about this episode

User's avatar

Ready for more?