A deep dive into AI agent security. We map the attack surface using OWASP & MITRE, explain why prompt injection remains largely unsolved, and suggest a risk-based framework for secure deployment.