Community Webinar: Prompt Injection to Playbook - Detecting Compromised AI Agents in Google Cloud

 AI agents and MCPs have expanded the attack surface of LLM applications. Prompt injection, model tampering, and agent misbehavior can now pivot from your chatbot into your cloud infrastructure—and most organizations have zero visibility into when it happens. This webinar walks through the AI attack chain: from initial prompt injection through MCP exploitation to cloud resource compromise.

Come join David Nehoda, Technical Solutions Consultant, and we'll show you how to instrument Google Cloud logging, parse events through SecOps with YARA-L detection rules, and automate response with SOAR playbooks. By the end, you'll have a detection framework and working rules you can deploy today.

What you can expect to learn from this session:

• The AI Agent Attack Surface — Understanding MCP security model, agent prompt handling, and how prompt injection pivots into infrastructure compromise.
• Detecting Prompt Injection and Model Tampering — What signals appear in GCP logs when agents are manipulated, and how to distinguish malicious input from legitimate use.
• Building YARA-L Rules for AI Events — Writing production-grade detection rules for agent misbehavior, unauthorized API calls, and privilege escalation via compromised agents.
• End-to-End Cloud Logging Architecture — Instrumenting GCP logging, choosing which agent/MCP events to ingest, and integrating with SecOps for real-time analysis.
• From Alert to Playbook — Automating response: isolating compromised agents, revoking API keys, alerting security teams, and containing lateral movement in a SOAR playbook.