Analysis of AI Agent Security Incidents in 2025

The author verified AI agent security incidents in 2025, confirming attacks such as EchoLeak (CVE-2025-32711), data leaks via Microsoft Copilot or Slack AI, and a cascading compromise affecting 700 organizations through a Drift chatbot. Multi-agent attacks, where a compromised agent manipulates other agents, showed high success rates (up to 100% in some cases). Frameworks like CrewAI and LangGraph are not inherently vulnerable, but their default configurations and poor developer practices expose them to risks, such as a CVSS 9.2 vulnerability patched in 2025.