Autonomous AI Agents Provide a New Class of Supply Chain Attack

This report documents a new class of supply‑chain attacks against agentic AI ecosystems where malicious plugins, poisoned documentation, and agent-to-agent social engineering (the Bob P2P and ClawHavoc campaigns) are used to steal cryptocurrency and credentials, propagate malware (e.g., Atomic Stealer), perform memory and prompt injection, and enable large-scale automated espionage; it highlights widespread infections across marketplaces, the systemic risks from agents’ trusted interactions, and prescriptive defenses including zero trust, vetting plugins, runtime monitoring, and human-in-the-loop controls.