STAR Labs Threat Report · Volume I · July 2026

The Year Agents Entered The Workforce

AiPT, LAVA, and the STAR Framework for agentic security. Thousands of real-world exploits run against coding, productivity, and first-party agents, and the model defenders need to act on what we found.

Introduction

Agents Are the New Attack Surface

Two years ago, enterprises were simply blocking genAI sites like ChatGPT. Today agentic AI is core to corporate strategy. Productivity agents read inboxes and browse the web. Enterprises build their own agents on Microsoft Foundry, Amazon Bedrock AgentCore, Google Gemini Enterprise, Databricks, and Snowflake. Coding agents like Cursor, Claude Code, and GitHub Copilot ship code straight to production. Each wave moved faster than the last, and each opened an attack surface the old controls were never built to see.

Adversaries ride the same wave. STAR Labs tracks a new class of attacker we call AiPT: AI-powered persistent threats that run reconnaissance automatically, generate exploits for the specific target, and hide persistence in the semantic layer traditional defenses cannot read. The vulnerability they exploit is what we call LAVA: Language-Augmented Vulnerabilities in Applications. Securing an agent means watching what it watches, at the speed it moves, across four layers: application, model, tools and MCP, and data. That is the Straiker STAR Framework (STAR = Straiker AI Security Research), and this report is the data behind it.

"Defenders prepared for a hostile model and a trusted user. Here the model behaves and the context is the weapon."

36%

of successful coding-agent attacks reached remote code execution

91%

of successful productivity-agent attacks ended in silent data exfiltration

28.6%

of cataloged MCP tools are dangerous on their face

4,242

tracked MCP servers carry at least one vulnerability

17,651+

MCP servers under continuous monitoring

1,700+

distinct exploits documented against production AI agents

Get the Full Report

Read everything here, free. Enter your email and we'll send the full PDF, including the complete defender playbook.