Agentic AI Tooling: Why Runtime Security Is the Missing Layer

This report analyzes emerging attack surfaces in AI agent stacks (MCPs, skills, SDKs, managed platforms, orchestration) and documents real-world techniques — MCP tool poisoning, prompt-injection via tool responses, and coding-agent credential theft — citing specific disclosures (CVE-2025-32711 and a July 2025 Supabase+Cursor demonstration). It maps techniques to MITRE ATLAS (AML.T0080–T0086), demonstrates detection examples (Falco rules), and prescribes layered mitigations: syscall-level runtime instrumentation, strict capability scoping, MCP auditing, and tool-call-level auditing.