◀︎ // Home

Section 08 // Methodology, Glossary & Sources

How We Know This Is Real

The findings draw from STAR Labs' adversarial-engagement corpus and continuous MCP catalog: 1,700+ distinct exploits documented against production AI agents across five form factors (productivity, coding, browser, desktop, CLI) and ten attack categories, plus 17,651+ MCP servers under continuous static, behavioral, and metadata analysis.

// 01

Real adversarial payloads

STAR Labs builds the attack infrastructure real attackers would: malicious websites, weaponized documents, poisoned READMEs, adversarial MCP servers. Findings reproduce attacker capability, not approximate it.

// 02

Severity-rated findings

Each exploit is rated critical, high, or medium using a CVSS-aligned rubric (impact, exploitability, and reproducibility). Headline numbers reflect successful-attack rates against deployed agents under realistic conditions.

// 03

Coverage breadth

STAR Labs prioritizes finding novel patterns across many agents over deep examination of one. The patterns here recur across vendors and form factors.

Glossary of terms used in this report.

TermDefinition
AiPTAI-Powered Persistent Threats. Adversaries operating with agentic offensive toolkits; Cyberspike Villager is the canonical example.
LAVALanguage-Augmented Vulnerabilities in Applications. The threat class at the intersection of traditional application vulnerabilities and AI-driven language capabilities.
Straiker STAR FrameworkSTAR = Straiker AI Security Research. Straiker's framework for AI agent security: four architectural layers across three agent types, with MCP as a shared cross-cutting surface. Distinct from the STAR interview method.
CascadeA multi-step compromise where one agent's compromise propagates across connected systems.
MCPModel Context Protocol. The standardized integration protocol for agent tools and resources.

Stay Current

STAR Labs publishes new agentic threat research continuously. Subscribe to the Straiker newsletter on the blog, and bookmark straiker.ai/research for the latest findings.

Sources

Public reporting & incidents

  • Cursor-Opus agent snuffs out startup's production database (The Register)
  • Google Unveils Gemini Enterprise Agent Platform (AIwire)
  • Snowflake Cortex Agents: Enterprise AI Agent Platform (Snowflake)
  • Amazon Bedrock AgentCore general availability (AWS)

Framework references

  • OWASP Top 10 for LLM Applications · OWASP Top 10 for Agentic Applications 2026
  • Google Secure AI Framework (SAIF) · MITRE ATLAS · NIST AI Risk Management Framework (AI 100-1)

Data points were current at time of analysis and may be refreshed in subsequent volumes. Source: Straiker AI Security Research (STAR Labs), July 2026.

Get the Full Report

Read everything here, free. Enter your email and we'll send the full PDF, including the complete defender playbook.