Standard prompt attacks are merely the beginning. A structured framework to map and mitigate the backend attack vectors of agentic workflows.