The industry is fixated on the model. Jailbreaking it, guarding it, aligning it. But the most consequential AI security vulnerabilities aren't in the AI. They reside in the orchestration layer: serialization boundaries, state management, credential stores, and trust boundaries between agents. Old bug classes, new topology.
Julie Davila (VP of Product Security, GitLab) opens with a confession: her own team found two critical RCEs in GitLab's AI agent platform, one before and one after general availability. Neither was caused by prompt injection. Both lived in the plumbing. From there, she traces the same structural pattern across LangChain, MCP tooling, and cross-platform agent integrations, and borrows an idea from early twentieth-century mathematics to explain why this class of failure keeps showing up, why most security teams haven't threat-modeled the layer that produces it, and what to do about it on Monday.
