Total Recon: How We Discovered 1000s of Open Agents in the Wild
Avishai Efrat, Roey Ben Chaim
[un]prompted 2026 — AI Security Practitioner Conference · Day 2 · 2
Zenity researchers discovered tens of thousands of publicly accessible AI agents across Microsoft Copilot Studio, OpenAI Agent Builder, custom GPTs, and open-source middleware — thousands of which required no authentication. The attack surface is created by predictable URL patterns, default configurations, and platform-specific design choices that make agents enumerable. Zenity open-sourced a tool called PowerPon to help defenders identify their own exposed agents. ---
AI review
Zenity found tens of thousands of exposed agents and built an open-source tool to prove it. The attack surface is embarrassingly basic — tenant ID resolution from a domain name, default solution prefixes with a five-to-eight character search space, backlink queries surfacing 2,500 live agents in one shot. No zero-days required, which is precisely the point.