AI tool poisoning exploits enterprise agent security flaw

A significant vulnerability has been discovered in enterprise AI agent security, where tool registries can be poisoned due to a lack of verification for natural-language descriptions. This flaw allows malicious actors to manipulate tool selection and execution, bypassing traditional software supply chain controls like code signing and SBOMs. The issue stems from the distinction between artifact integrity and behavioral integrity, as current defenses focus on the former while the latter, concerning how a tool actually behaves, remains unaddressed. This could lead to attacks like prompt injection and behavioral drift, where tools change their functionality after initial verification.