TRENDAI ™ at [un]prompted 2026: From KYC Exploits to Agentic Defense showcased how documents can be used to exploit AI-driven KYC pipelines, with a passport embedded with hidden injects that can cause an AI agent to leak data across customer records.
According to TrendAI™ Research, the talk demonstrated a real‑world stack using FastAPI, Claude Code, and a SQLite MCP backend to show how 2,600 automated tests across 13 models yielded high‑success injects and underscored that documents can become executable attack surfaces even when governed by strict schemas.
The conference also unveiled FENRIR, a multi‑stage system for AI hunting of AI zero days at scale, designed to eliminate more than 90 percent of false positives before human review and to provide exploit proofs, auto‑generated reports, and threat intel artefacts. Since its inception, the pipeline has produced more than 60 published CVEs across AI and MCP components, over 100 additional vulnerabilities in pre‑disclosure with ZDI, and more than 3000 findings queued for review.
The event, held in San Francisco from 3–4 March 2026, brought together researchers and security leaders to discuss securing AI across expanding ecosystems.