Microsoft has identified seven new failure modes in agentic AI systems, in addition to those it identified last year in its first Taxonomy of Failure Modes in Agentic AI Systems.
Four things contributed to the growing list of ways agentic AI can go wrong: the speed at which the technology went mainstream, the growing maturity of the Model Context Protocol (MCP) ecosystem, the rise of computer-use agents, and finally the gathering of more empirical evidence as researchers obtained more real-life findings.
The seven new failure modes it has identified are:
Microsoft advises security teams using these definitions to influence their planning to inventory their your supply chain, generating a software bill of materials (SBOM) for every deployed agent, to verify agent identity cryptographically, not positionally, by issuing attestable credentials at provisioning, to add the seven new failure modes to their red-team coverage matrix, and to audit the human-in-the-loop user experience as a security control.
This article first appeared on InfoWorld.
Maxwell began writing about technology in 1984, when mainframes ruled the world. Since then he has written for just about every business computing title in the UK, and for a few in the US, covering everything from Artificial intelligence to Zero-day exploits and all points in between. He has also been editor-in-chief of several award-winning titles, including Network Week, Techworld, and Cloud Pro, and a regular contributor to Whatsonstage.com. In his spare time he coaches a junior rugby team.
About the Author
