AutoJack: How a single page can RCE the host running your AI agent  

AutoJack is a novel exploit chain showing how a single malicious webpage can turn an AI browsing agent into a remote code execution vector on the host machine. By abusing trust in localhost, missing authentication, and unsafe parameter handling, attackers can trigger arbitrary process execution through AutoGen Studio’s MCP WebSocket. The research highlights a broader pattern – when agents can browse untrusted content and access local services, traditional boundaries like localhost are no longer secure.
The post AutoJack: How a single page can RCE the host running your AI agent  appeared first on Microsoft Security Blog.Microsoft Security BlogRead More