Total Recon: How We Discovered 1000s of open Agents in The Wild
Recon Village @ DEF CON 34 • August 7-9, 2026
Abstract
AI agents quietly created a new external attack surface: copilots, custom agents, AI cakends and various deployments that ship to the internet, often without anyone realizing they are reachable, enumerable, or over-permissive.
In this talk, we’ll show how attackers can already find your agents in the wild, shedding light on the technical details that enable this kind of malicious activity, including how we used these details to find 1000s of exposed agents of different kinds. We’ll follow up with explaining how to measure exposure, see the proof for obscurity failing, and understand how to detect threat-actor agent-focused recon before it turns into an impactful attack. Capping it all off by showcasing PowerPwn, a recon tool you can use to test your own exposure
Speakers
Senior Security Researcher at Zenity
Avishai Efrat is a senior security researcher at Zenity, specializing in securing AI agents and low-code/no-code platforms. His work focuses on uncovering vulnerabilities in enterprise AI deployments, from Copilot Studio to ChatGPT and beyond - and exploring how attackers discover and exploit these weaknesses. Passionate about all aspects of security, with experience spanning web security, anti-bot protection, OSINT, blockchain, and data engineering and aim on bridging the gap between cutting-edge research and practical defense strategies. Previously presented at BSidesTLV, Black Hat USA & Europe Arsenal and SecTor.
View full speaker profile →Staff Engineer at Zenity
Roey Ben Chaim is an engineer focused on AI and agent security, with a particular interest in how agentic systems fail in practice. His work centers on stress-testing agents, building benchmarks for long-horizon behavior, and developing practical defenses against risks such as prompt injection, unsafe tool use, privacy leakage, and adversarial workflows. Prior to this, he spent a decade at Microsoft building large-scale security systems. He is a co-author of SkillsBench, a benchmark on agent skills efficacy over diverse tasks, and contributes to safety and privacy tooling, including Presidio. Roey is also a speaker on agentic systems and AI security, a co-organizer of AI Tinkerers Tel Aviv, and an active participant in hackathons and builder communities, where he explores emerging systems through hands-on experimentation.
View full speaker profile →
