I downloaded an AI agent. It was wired to invoke malware. Six months ago a Mickai engineer downloaded an AI agent from a public MCP (Model Context Protocol) marketplace. It was wired to invoke a Living-Off-the-Land Binary (LOLBAS) chain that downloaded a remote payload through a signed Microsoft binary, executed without writing to disk, and left no signature for any static scan to catch. None of the marketplaces caught it. So we built the one that does. ## What LOLBAS is, and why MCP agents are the perfect carrier LOLBAS = Living Off the Land Binaries And Scripts. The technique abuses legitimate signed system binaries (powershell.exe, certutil.exe, mshta.exe, regsvr32.exe, msbuild.exe, wmic.exe and dozens of others) to download or execute a remote payload. Signature is genuine. Static scan is clean. Behavioural anomaly is buried inside arguments most endpoint protection products do not parse. Catalogued at [lolbas-project.github.io](https://lolbas-project.github.io).…