EchoLeak (CVE-2025-32711) showed that agentic AI attacks chain across trust boundaries that component-level threat models treat as separate concerns. This talk introduces a five-zone decomposition for agentic AI architectures — input surfaces, planning, tool execution, memory, and inter-agent communication — and walks through realistic attack paths including RAG poisoning and MCP tool-chain abuse. You leave with a mapping template, cross-zone attack-path checklist, and worked attack trees.