Microsoft is warning of a novel remote code execution (RCE) path possible through web-enabled AI agents, demonstrating the technique against AutoGen Studio, its open-source interface for building and testing multi-agent applications. The demonstration showed that a malicious webpage rendered by an AutoGen-powered browsing agent could reach a local Model Context Protocol (MCP) service and run arbitrary processes on the host machine. Microsoft researchers dubbed the technique “AutoJack” because...

Read the original article