The tool dependency layer agents rely on — MCP servers, npm packages, config parsers — has no established security standards, threat modeling, or trust verification, creating an attack surface that entirely bypasses agent-level safeguards. Confirmed exploits this week include a fake Gemini npm package harvesting auth tokens and a CustomMCP node executing arbitrary JavaScript with full system privileges from attacker-controlled config strings. Regulatory and safety frameworks focus on agent behavior while the tool layer they depend on remains structurally undefended.

Agent tool dependencies (MCP servers, npm packages, config parsers) are unaudited attack surfaces where exploits like token-harvesting fake packages and arbitrary code execution bypass all agent-level safety — and no registry exists to verify or score them.

Engineering teams and platform builders shipping AI agents in production who integrate third-party MCP servers, tool plugins, and config-driven dependencies.

Container security (Snyk, Wiz) proved enterprises pay $50K-500K+/yr for supply chain trust layers the moment exploits become real — active agent tool exploits this week confirm the pain is live and unaddressed, and no incumbent covers agent-specific tool graphs.

MVP is a registry and CLI scanner that indexes public MCP servers and agent tool packages, runs static analysis plus sandboxed behavioral analysis, and outputs a trust score and risk report; integrate as a GitHub Action and MCP client middleware that blocks unverified tools at install/runtime.

Software supply chain security is a $3B+ market growing 20%+ YoY; the agent tool sub-segment alone will reach hundreds of millions as every enterprise deploying agents needs tool-layer assurance.