Threat landscape
The AI agent threat landscape.
Research from nxthreat, a Tampa Dynamics product, on the runtime risks that appear when healthcare AI agents can call tools, touch FHIR endpoints, and act on untrusted output.
RSS feedFeatured quarterly report
What the MCP CVE wave means for healthcare AI deployments
MCP made agent tooling portable. It also made tool definitions, transports, and server registries part of the healthcare attack surface.
Market signals
Filed November 2025
CIPA exposure: Saucedo v. Sharp HealthCare
A California Invasion of Privacy Act action involving a healthcare AI vendor alleged that patient-provider conversations were recorded without adequate consent. The matter is unresolved, but the theory of liability has direct implications for healthcare AI deployments that lack operation-level evidence of what an agent did with PHI.
nxthreat's signed receipts and evidence packs give a healthcare deployment a defensible artifact for this class of claim: per agent, per operation, what was attempted, what was permitted, and what was rejected.
Upcoming deep dives
Queued research
Indirect prompt injection in healthcare tool output: the case for output inspection
Queued research
Agent identity sprawl: why workload tokens beat user-token reuse
Queued research
Schema poisoning: making MCP tool definitions content-addressable
Queued research