{"data":{"id":"b7086641-1462-43cd-8d76-07940d6ec152","title":"AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution","summary":"Microsoft researchers discovered AutoJack, an exploit that lets a malicious web page hijack an AI browsing agent to run commands on the host computer through weaknesses in AutoGen Studio's MCP (Model Context Protocol, a system for agents to call external tools) WebSocket handler. The attack requires no credentials or user interaction beyond the agent loading the attacker's page, and affects only users who installed pre-release versions 0.4.3.dev1 or 0.4.3.dev2 from PyPI, not the stable release.","solution":"Pull from GitHub main at or after commit b047730. Until a patched PyPI release is available, do not run AutoGen Studio on the same machine as a browsing or code-execution agent that touches untrusted content. If they must run together, isolate them in separate containers or VMs and run AutoGen Studio under a low-privilege account.","labels":["security"],"sourceUrl":"https://thehackernews.com/2026/06/autojack-attack-lets-one-web-page.html","publishedAt":"2026-06-19T15:30:47.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection"],"issueType":"news","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["Microsoft","AutoGen","AutoGen Studio"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-19T15:30:47.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}