𝗔𝘂𝘁𝗼𝗝𝗮𝗰𝗸 𝗘𝘅𝗽𝗹𝗼𝗶𝘁 𝗖𝗵𝗮𝗶𝗻 𝗔𝗰𝗵𝗶𝗲𝘃𝗲𝘀 𝗥𝗖𝗘 𝘃𝗶𝗮 𝗔𝗜 𝗔𝗴𝗲𝗻𝘁 𝗕𝗿𝗼𝘄𝘀𝗶𝗻𝗴

𝗔𝘂𝘁𝗼𝗝𝗮𝗰𝗸 𝗘𝘅𝗽𝗹𝗼𝗶𝘁 𝗖𝗵𝗮𝗶𝗻 𝗔𝗰𝗵𝗶𝗲𝘃𝗲𝘀 𝗥𝗖𝗘 𝘃𝗶𝗮 𝗔𝗜 𝗔𝗴𝗲𝗻𝘁 𝗕𝗿𝗼𝘄𝘀𝗶𝗻𝗴

Microsoft researchers found a major security risk in AutoGen Studio.

A malicious web page can take control of your computer through an AI agent.

The attack works in three stages:

• An AI agent visits a bad website.
• The website reaches your local Model Context Protocol socket.
• The attacker runs any command on your host machine.

This happens because of three main errors:

• An allowlist that attackers bypass easily.
• Security middleware that ignores MCP endpoints.
• Commands that take input from URLs without checking them first.

The vulnerable code never reached PyPI users. Still, this shows a big risk for all AI agent frameworks.

If you connect an AI agent to the internet and give it access to local services, you create a path for hackers.

Read the full technical report here: https://gridthegrey.com/posts/autojack-exploit-chain-achieves-rce-via-ai-agent-browsing-local-mcp-socket/

Source: https://dev.to/bansac1981/autojack-exploit-chain-achieves-rce-via-ai-agent-browsing-local-mcp-socket-39i4

Optional learning community: https://t.me/GyaanSetuAi