The AgentFlayer class of zero-click cross-agent prompt-injection attacks (Zenity Labs disclosure at Black Hat USA 2025) and the EchoLeak CVE-2025-32711 disclosure earlier the same year describe a structural failure mode in agentic AI rather than incidental bugs; the procurement-relevant signal is the vendor-response split — which vendors patched and committed to a response-SLA versus which classified the behaviour as 'intended functionality' — answered before the contract closes, not after.

Claim created at publish; review on 60-day cadence. Anchor disclosures: AgentFlayer (Zenity Labs research, Black Hat USA, August 2025); EchoLeak (CVE-2025-32711, NVD record, August 2025). Sister claims: AM-130 (four evidence classes for procurement readers, EchoLeak listed as canonical structural failure mode), AM-140 (procurement-committee pre-pilot question 4 = cross-agent threat model), AM-010 (CIO playbook scoped-experimentation governance characteristic), AM-029 (Stanford 12/88 distribution). Trigger conditions to revisit before next cadence: (a) a major vendor in the 'declined to patch' cohort reverses position publicly with a documented patch + response-SLA; (b) a new disclosure of a higher-severity cross-agent class that supersedes AgentFlayer's procurement weight; (c) regulatory action (EU AI Act post-market monitoring, US FTC, sectoral regulator) treating an unpatched cross-agent vulnerability as a compliance breach independent of vendor classification.