Red-Team Your AI Agents: A 10-Min Harness Setup for Protocol Attacks

5 Protocol Attacks Your AI Agents Aren't Ready For (And How to Test Them) CVE-2026-25253 exposed 135K agent instances to gateway attacks—don't let yours be next. As someone who's published 5 DOI-citable papers on agent governance (e.g., zenodo.19343034), I've seen these vectors in production. Here's a quick-hit list of top threats, with test code from our open-source harness (PyPI: agent-security-harness). Run them in 5 min to audit your setup. One : Tool Poisoning: When Your Agent's Tools Turn Against It The Risk : Malicious payloads in tool outputs hijack the agent's next action (e.g., injecting ransomware via a "summarize" tool). 12% of marketplaces are contaminated per CVE data. Test It : pip install agent-security-harness harness run --target your-agent-endpoint --category mcp --test output-poisoning Fix : Enforce output sanitization + constitutional constraints (our CSG paper: zenodo.19162104). TWO : Auth Bypass: Faking Permissions Without Cracking Keys The Risk : Protocol downgr