When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps

This Microsoft Defender Security Research blog warns that many AI and agentic applications on cloud-native platforms are being deployed with insecure defaults or misconfigurations—publicly exposed endpoints combined with weak or missing authentication—that attackers actively abuse. It documents concrete examples (MCP servers, Mage AI, kagent, AutoGen Studio), cites observed exploitation (unauthenticated Mage AI leading to internet-accessible shell with privileged tokens), and recommends enforcing authentication, least-privilege, continuous auditing, and using Defender for Cloud detections to reduce attack surface.