CERT-FR CERTFR-2026-ACT-016 — Agentic AI tool risks: prompt injection, MCP supply chain, sandboxing

France's CERT-FR published advisory CERTFR-2026-ACT-016 warning that deploying agentic AI orchestration platforms (LLM-driven workflows with tool-calling, MCP server integration, or autonomous execution capabilities) introduces novel attack vectors. The advisory identifies three risk classes: prompt-injection via processed documents or websites (attacker embeds instructions in content the agent processes, redirecting its actions); MCP server supply-chain compromise (a malicious or compromised Model Context Protocol server can issue instructions to all connected agents); and insufficient sandboxing of agent execution environments, where agents with filesystem or network access can be weaponised. CERT-FR recommends input/output guardrails, strict allowlisting of permitted tool calls, human-in-the-loop gates for high-impact actions, and treating all AI agent outputs as untrusted until validated. Relevant for organisations deploying Claude Agents, Microsoft Copilot Studio, AutoGen, or similar agentic frameworks for workflow automation.

France's CERT-FR published CERTFR-2026-AVI-0551 (April 29, 2026) covering seven CVEs in GLPI, the open-source IT Service Management platform widely deployed in European public-sector organisations and healthcare networks. Vulnerability types include SSRF (CVE-2026-32312), stored and reflected XSS (CVE-2026-42317, CVE-2026-42318, CVE-2026-42320, CVE-2026-42321), security policy bypass (CVE-2026-5385), and data integrity compromise (CVE-2026-40108). CVSS scores are not published in the advisory. No exploitation in the wild is confirmed. GLPI administrators should upgrade to version ≥ 10.0.25 (10.0.x branch) or ≥ 11.0.7 (11.x branch). Swiss federal and cantonal administrations and hospitals using GLPI as their ITSM are advised to schedule patching within the standard change window.