AI Agent Security in 2026: The Boundary Is No Longer the Prompt

As agents move from chat s to production workflows, the real security boundary is no longer the prompt. It is what the agent can see, call, edit, execute, approve, and remember. In June 2025, Microsoft patched a vulnerability called EchoLeak, tracked as CVE-2025-32711 with a CVSS score of 9.3. It was the first documented zero-click attack on an AI agent. An attacker sent a single crafted email to anyone in an organization.