AutoJack: How a single page can RCE the host running your AI agent
Summary
AutoJack is an exploit that lets a malicious webpage take over an AI browsing agent (a system that can visit websites on your behalf) and run arbitrary commands on the host machine where the agent runs. The attack works by exploiting three weaknesses: trust in localhost (the local computer itself), missing authentication checks, and unsafe handling of user inputs, which allow attackers to trigger code execution through AutoGen Studio's MCP WebSocket (a communication protocol that connects different AI components). This research shows that when AI agents can visit untrusted websites and connect to local services, normal security boundaries break down.
Classification
Affected Vendors
Related Issues
Original source: https://www.microsoft.com/en-us/security/blog/2026/06/18/autojack-single-page-rce-host-running-ai-agent/
First tracked: June 19, 2026 at 02:00 AM
Classified by LLM (prompt v3) · confidence: 92%