Glossary · Term

Agent Flayer

← all terms

Definition

Plain language

A named real-world attack where an AI coding assistant gets tricked into leaking SSH keys via a poisoned ticket.

As stated in the literature

A 2025 indirect-prompt-injection attack chain documented by Zenity Labs in which adversarial instructions embedded in Jira tickets cause MCP-connected coding agents to exfiltrate credentials.

Why it matters: It's a concrete demonstration that connecting AI coding agents to project management tools creates a real exfiltration channel, not a theoretical risk.

For example, an attacker files a Jira ticket containing hidden instructions that tell a connected coding agent to read the user's SSH keys and post them to an external URL.

Heard on the show

“That attack chain has a name in the wild — it's called Agent Flayer, documented by Zenity Labs in twenty-twenty-five — and the paper we're talking about today emulates it as one of its test cases.”
Episode 057 — How Uber Caught 206 Leaked Credentials With an LLM-Powered Security Stack

Mentioned in 1 episode

  1. 057
    How Uber Caught 206 Leaked Credentials With an LLM-Powered Security Stack

Related terms