Interrogators: Attack Surface Mapping in an Agentic World
This research introduces the concept of AI agent interrogators and the open-source project Agent Interrogator, an opaque box interrogation framework designed to map the attack surface of agentic systems.
As the adoption of AI agents rapidly expands, there is a growing need to develop the ability to map the attack surface behind their natural language interface, which traditional security tooling cannot accomplish. Through Agent Interrogator, a two-stage AI-assisted interrogation process is employed. Identifying the agent's high-level capabilities in the initial interrogation stage and then enumerating the supporting invokable tools for each capability.
This research validates the approach against test targets utilizing LangChain and Model Context Protocol (MCP) to deliver agentic capabilities. The product of the interrogation is a structured profile mapping the agent's attack surface, enabling security practitioners to identify vulnerabilities such as excessive agency and conduct targeted fuzzing. This work provides a critical foundation for securing the next generation of AI systems and the development of automated attack surface mapping in complex, multi-agent ecosystems.
SANS-Interrogators-Attack-Surface-Mapping-Agentic-World (PDF, 1.00MB)
23 Oct 2025Related Content
Enhancing Security Operations with Google Threat Intelligence
Research PaperThis product review examines how Google Threat Intelligence's extensive data sources, real-time insights, and investigative capabilities can elevate SecOps workflows and strengthen an organization’s defensive posture.
- 24 Nov 2025
- Dave Shackleford
The Mimic Octopus: Weaponizing File Corruption and Recoverability to Bypass Antivirus and Email Filtering
Research PaperThis paper investigates a novel tactic in phishing operations where threat actors intentionally corrupt document and archive files, such as DOCX, DOCM, PDF, and ZIP , to evade antivirus (AV) and email filtering systems.
- 3 Sep 2025
From Crash to Compromise: Unlocking the Potential of Windows Crash Dumps in Offensive Security
Research PaperThis research explores how offensive security practitioners can incorporate crash dump analysis into their workflows to extract sensitive data such as plaintext credentials, encryption keys, and files from memory.
- 9 May 2025
- SANS Institute
CloudFront Real-Time Logs Rate Sampling and Detection
Research PaperAs businesses aim to optimize their AWS CloudFront expenses, some disable CloudFront Real-Time logs....
- 29 Jan 2024
The Evolution of the Digital Predator: Using AI to Evade Security Controls
Research PaperSince the advent of the computer, there has been a never-ending game of cat and mouse between those...
- 20 Dec 2023
- Foster Nethercott
Who Needs a Pentest: Validating the Configuration of an EDR Solution Using the MITRE ATT&CK Framework
Research PaperIs that EDR suite fully configured, and providing the expected protection? Do we have a scalable way...
- 7 Nov 2023
Tearing up Smart Contract Botnets
Research PaperThe distributed resiliency of smart contracts on private blockchains is enticing to bot herders as a...
- 22 Oct 2018
Clickbait: Owning SSL via Heartbleed, POODLE, and Superfish
Research PaperIn the twilight of SSL's effectiveness as a method of secure communication,demonstration of...
- 23 Dec 2015
- SANS Institute