It's shown that the LLM (Specially agentic systems) can be used as an attack surface to perform vast number of attacks.

If the agent have access to terminal (Nearly all Coding tools have access to it), an attacker can use it for RCE. If it have access to the database, the attacker can retrieve/alter data.