When Threat Models Stop at the Prompt: Mapping Cross-Zone Attacks in Agentic AI
June 27, 2026
3:10 PM
Golden Wave 1
About this session
EchoLeak (CVE-2025-32711) showed that agentic AI attacks chain across trust boundaries that component-level threat models treat as separate concerns. This talk introduces a five-zone decomposition for agentic AI architectures — input surfaces, planning, tool execution, memory, and inter-agent communication — and walks through realistic attack paths including RAG poisoning and MCP tool-chain abuse. You leave with a mapping template, cross-zone attack-path checklist, and worked attack trees.
About the speaker
About the speakers
Christian Schneider is a security architect, pentester, and trainer helping development teams integrate threat modeling into engineering workflows. He advises organizations adopting agentic AI and builds threat models that reveal cross-boundary attack paths. His work bridges offensive security and architecture: finding systemic gaps and helping teams close them.
.png){kind=logo}
