Ecosystem-Level Failures: AI-Enabled Attacks Against Agentic Infrastructure at Scale

When AI-enabled attack capabilities meet agentic infrastructure at scale — with delegation chains, cross-system tool access, and behavioral drift that no single agent's audit log captures — the result is not larger incidents. The result is a categorically different class of incident: structural, distributed, and often invisible until the damage is already encoded into the system's state. This paper argues that AI-enabled attacks against agentic infrastructure produce ecosystem-level failures that break every existing security model simultaneously. The locus of risk shifts from individual agents to the interactions, handoffs, and interpretations between them. Traditional security controls fail because there is no stable perimeter, no stable identity, no stable intent, and no stable log of truth. Attack capabilities become compositional, audit logs become epistemically useless, behavioral drift becomes an attack vector, and cross-system tool access creates automated privilege propagation. The paper introduces a taxonomy of six emergent failure modes specific to agentic infrastructure: identity collapse, interpretive drift, planner hallucinated affordances, delegation-driven privilege inflation, cross-turn state contamination, and multi-agent emergent behavior. It argues that these failure modes converge into a new class of AI-native incident — semantic supply-chain attacks, behavioral distributed denial of service, lineage corruption, governance overflow, and distributed intent hijacking — that are ecosystem-level failures, not bugs. The conclusion is structural: when AI-enabled attack capabilities meet agentic infrastructure at scale, security becomes a governance problem, not a technical one. Governance must operate at the substrate layer — continuity, identity, lineage, drift — not at the output layer.