AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

OpenHands and the Lethal Trifecta: How Prompt Injection Can Leak Access Tokens

highnews

securitysafety

Source: Embrace The RedAugust 9, 2025

Summary

OpenHands, an AI agent tool created by All-Hands AI, has a vulnerability where it can render images in chat conversations, which attackers can exploit through prompt injection (tricking an AI by hiding instructions in its input) to leak access tokens (security credentials that grant permission to use services) without requiring user interaction. This type of attack has been called the 'Lethal Trifecta' and represents a significant data exfiltration (unauthorized data theft) risk.

Classification

Attack Type

Prompt InjectionData Extraction

Attack SophisticationModerate

Impact (CIA+S)

confidentiality

Affected Vendors

Related Issues

critical

CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive

Similar attackNVD/CVE Database

high

CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint

First tracked: February 12, 2026 at 02:20 PM

Classified by LLM (prompt v3) · confidence: 85%