Poisoned documents can turn reasoning-based AI guardrails into DoS weapons by leveraging security systems themselves as resource sinks—a new attack vector with concentration risks in shared governance infrastructure.
Attackers can exploit reasoning guardrails of AI agents through deliberately manipulated inputs to cause resource exhaustion without bypassing the security mechanisms themselves.
Legitimate AI agents inherently satisfy all three criteria of the “lethal trifecta” (data access, external content, external communication), so security must shift from architectural design to runtime monitoring.
