What is OWASP ASI04 Agentic Supply Chain Vulnerabilities?
Agentic supply chain risk is dynamic: tools, registries, and personas loaded at runtime from third parties. Static SBOM thinking misses MCP and A2A composition in production.
What this looks like in production
LiteLLM-style package compromises and malicious MCP endpoints show the same pattern - you integrated convenience; attackers integrated persistence.
What teams usually do about it
- Verify and pin runtime dependencies.
- Treat agent marketplaces like untrusted package registries.