Agents
Help Net Security: Agentic Attack Chains Advance as Infostealers Adapt to Harvest AI Agent Credentials and MCP Tokens
A Help Net Security investigation published March 12 documents how infostealer malware previously designed for browser credential theft is being actively adapted to target AI agent infrastructure — specifically agent configuration files, MCP server tokens, stored API keys, and agent session state. The adaptation is significant because agent credentials carry far greater blast radius than human credentials: a stolen agent token can trigger automated file system access, API calls, and code execution at machine speed. The report correlates the infostealer evolution with the rapid expansion of MCP server deployments and the growth of agent configuration stored in developer home directories.
↳ Follow the thread