Updating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught us

Key Points:

• The Microsoft AI Red Team has updated the Taxonomy of Failure Modes in Agentic AI Systems to address new vulnerabilities identified over the past year, including CVE-2026-25253, which allows for remote code execution via WebSocket hijacking.
• The update highlights seven new failure modes such as Agentic Supply Chain Compromise and Goal Hijacking, which can lead to significant security risks in agentic systems, particularly with the rapid adoption of open-source frameworks.
• Recommended actions include generating a Software Bill of Materials (SBOM) for all deployed agents, implementing zero-trust architectures for inter-agent communications, and enhancing human-in-the-loop controls to mitigate consent fatigue and other identified vulnerabilities.

Technical Details: CVE-2026-25253 allows attackers to execute arbitrary code through WebSocket hijacking. The update reflects operational insights gained from red team engagements that revealed high-frequency exploitation patterns.

MITRE ATT&CK Techniques:

• None mentioned

IOCs Mentioned:

• CVE-2026-25253