AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

Updating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught us

infonewsLLM-Specific

securityresearch

Source: Microsoft Security BlogJune 4, 2026

Summary

Microsoft's AI Red Team updated their taxonomy of failure modes in agentic AI systems (AI systems that can autonomously perform tasks) from v1.0 to v2.0 based on 12 months of real-world security testing. The update added seven new failure mode categories, including agentic supply chain compromise (injecting malicious instructions into tool registries), goal hijacking (redirecting an agent's objectives through disguised commands), and inter-agent trust escalation (one compromised agent deceiving others about its permissions). The revision was driven by rapid adoption of open-source agentic frameworks, widespread vulnerabilities in tool ecosystems, and the emergence of computer-use agents that interact with graphical interfaces.

Classification

Attack Type

Prompt InjectionModel PoisoningSupply ChainJailbreak

Affected Vendors

Microsoft

Related Issues

medium

CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e

Similar attackNVD/CVE Database

high

Anthropic accuses Chinese AI labs of mining Claude as US debates AI chip exports

Similar attack

Monthly digest — independent AI security research

Original source: https://www.microsoft.com/en-us/security/blog/2026/06/04/updating-taxonomy-failure-modes-agentic-ai-systems-year-red-teaming-taught-us/

First tracked: June 4, 2026 at 08:00 PM

Classified by LLM (prompt v3) · confidence: 92%