Back to article

When prompts become shells: RCE vulnerabilities in AI agent frameworks (opens in new tab)

Covered by 7 sources including DEV Community, venturebeat.com

Covered in 9 articles

DEV Community·

"It's not a bug, it's spec": a zero-click RCE in AI coding agents that three vendors won''t patch

Discussed on DEV

venturebeat.com·

Valid certificates, stolen accounts: how attackers broke npm's last trust signal

venturebeat.com·

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

thehackernews.com·

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

thehackernews.com·

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

Malware Analysis, News and Indicators·

AutoJack: How a single page can RCE the host running your AI agent

hyperautomation.substack.com·

Out of Band, Not Out of Prompt: Intent Verification for Agentic Tool Calls

Discussed on Substack

armorerlabs.com·

How are people threat-modeling local agents with tool access?

Discussed on r/mcp

In other languages

10 минут назад