AutoJack exploit chain allows malicious web pages to hijack AI agents for host RCE (opens in new tab)

Microsoft researchers identified a vulnerability chain named AutoJack in the development branch of AutoGen Studio, a framework for building multi-agent AI systems. The exploit allows a malicious webpage to execute arbitrary commands on a host machine if an AI agent with web-browsing capabilities renders the page. This attack effectively turns the local AI agent into a delivery vehicle for remote code execution by bypassing traditional localhost security boundaries. <a href="