{"data":{"id":"d8ec1dff-3908-40df-9260-bdf635dccd3f","title":"AutoJack: How a single page can RCE the host running your AI agent ","summary":"AutoJack is an exploit that lets a malicious webpage take over an AI browsing agent (a system that can visit websites on your behalf) and run arbitrary commands on the host machine where the agent runs. The attack works by exploiting three weaknesses: trust in localhost (the local computer itself), missing authentication checks, and unsafe handling of user inputs, which allow attackers to trigger code execution through AutoGen Studio's MCP WebSocket (a communication protocol that connects different AI components). This research shows that when AI agents can visit untrusted websites and connect to local services, normal security boundaries break down.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://www.microsoft.com/en-us/security/blog/2026/06/18/autojack-single-page-rce-host-running-ai-agent/","publishedAt":"2026-06-19T00:17:54.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"news","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["Microsoft","AutoGen Studio"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-19T00:17:54.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}