
Attackers Are Targeting The AI Ecosystem You Cannot See
Show notes
AI agent security is not just about attackers using AI.
It is also about attackers targeting the agent ecosystem most organizations cannot see clearly yet: MCP servers, agent skills, packages, API keys, prompts, tools, and the identity layer underneath all of it.
In this episode, I sit down with Thomas Roccia, founder of Security Break and a former Microsoft threat researcher, to look at AI agents from the threat-intelligence side. Thomas explains why the easiest path for attackers may not be futuristic autonomous hacking. It may be the boring weak spots that already exist: malicious packages, untrusted MCP servers, hostile agent skills, leaked API keys, and AI-generated code that chooses the fastest path instead of the safest one.
For Entra admins and security teams, this is where Agent ID, non-human identity, workload identity, logging, sponsorship, and governance start to matter. Entra Agent ID gives teams a way to identify and govern agents, but identity is only one part of the picture. You still need to understand what agents can discover, what tools they can call, what context they consume, and whether you can replay what they actually did.
Thomas also breaks down his practical AI threat-intelligence work, including how teams can use agents for CTI, how adversarial prompts and context flooding change the risk model, and why defenders need to understand the attacker side of agent security before these systems become invisible production infrastructure.
Sponsored by
Secure BYOD Wi‑Fi Without MDM enrollment
Keytos Connect is a new mobile and desktop app that makes it easy for users to connect personal and BYOD devices to enterprise and campus Wi‑Fi without shared passwords, manual certificate installs, or traditional MDM enrollment. Users simply download the app, sign in with their work or school account, and Keytos handles the rest. It also works alongside Intune, allowing organizations to continue managing corporate-owned devices while simplifying connectivity for personal devices.
* Connect in minutes: users download the app, sign in, and get securely onboarded to Wi‑Fi
* No MDM required: enable secure access for personal devices without giving IT full control of them
* Works alongside Intune: keep your existing management workflows for corporate devices while enabling secure BYOD access
* Automatic certificate management: certificate issuance and renewal happen behind the scenes
* Secure by default: EAP-TLS authentication eliminates shared Wi‑Fi passwords and provides unique credentials for every user
* Multi-OS: Available across iOS, Android, Windows, and macOS devices
* Included at no additional cost with existing EZRADIUS and EZCA subscriptions
Learn more about Keytos Connect and see how easy secure BYOD connectivity can be.
About Thomas Roccia
Thomas Roccia is a threat researcher and founder of SecurityBreak, focused on AI threat intelligence, malware analysis, and AI agent security. He previously worked in incident response, malware analysis, threat intelligence, Microsoft Defender, and AI threat research. He is also the author of Visual Threat Intelligence and teaches practical AI for threat intelligence and agentic workflows.
LinkedIn - https://au.linkedin.com/in/thomas-roccia
Subscribe with your favorite podcast player or watch on YouTube 👇
Related Links
* Thomas Roccia on LinkedIn - https://au.linkedin.com/in/thomas-roccia
* SecurityBreak - https://securitybreak.io/
* Practical AI for Threat Intelligence training - https://securitybreak.io/training-genai
* SHIELD.md: A Security Standard for OpenClaw and AI Agents - https://blog.securitybreak.io/shield-md-a-security-standard-for-openclaw-and-ai-agents-b38637031460
* Microsoft Entra Agent ID - https://learn.microsoft.com/en-us/entra/agent-id/what-is-microsoft-entra-agent-id
* Microsoft Entra Agent ID key concepts - https://learn.microsoft.com/en-us/entra/agent-id/key-concepts
* Agentic Resource Discovery specification - https://agenticresourcediscovery.org/
* GitHub Agent Finder - https://github.blog/changelog/2026-06-17-agent-finder-for-github-copilot-now-available/
Chapters
00:00 Intro
00:33 Meet Thomas Roccia
01:48 From Malware Analysis to AI Threat Intel
03:30 Why AI Security Is Moving So Fast
05:49 Agentic Resource Discovery and New Standards
09:25 Attackers Are Already Using AI Agents
11:47 The AI Ecosystem Is The Target
15:26 Prompt Injection, MCP, Skills, and API Keys
20:28 Vibe Coding vs Production Security
23:47 Agent ID and Identity for AI Agents
32:30 Practical AI for Threat Intelligence
39:13 Monitoring Agents Like Threat Actors Do
42:28 Context Flooding and What’s Next
Podcast Apps
Apple Podcast - https://entra.chat/apple
YouTube - https://entra.chat/youtube
Spotify - https://entra.chat/spotify
Overcast - https://entra.chat/overcast
Pocketcast - https://entra.chat/pocketcast
Others - https://entra.chat/rss
Merill’s socials
YouTube - youtube.com/@merillx
LinkedIn - linkedin.com/in/merill
Twitter - twitter.com/merill
TikTok - tiktok.com/@merillf
Bluesky - bsky.app/profile/merill.net
Mastodon - infosec.exchange/@merill
Threads - threads.net/@merillf
GitHub - github.com/merill
Get full access to Entra.News - Your weekly dose of Microsoft Entra at entra.news/subscribe