AIntelligenceHubMicrosoft's Defender Security Research team published AutoJack, a 3-bug chain in AutoGen Studio that turns one malicious webpage rendered by a browsing AI agent into a full RCE on the developer's host. The vulnerable code was fixed before the PyPI release, but the pattern (a local control plane protected by origin and localhost assumptions, accessed by a browsing agent) keeps showing up. https://go.aintelligencehub.com/ma-autojackrce2026 #AutoJack #AIsecurity #MCP #AgentSecurity
A single webpage can hijack a browsing AI agent and run code on the host, Microsoft finds
Microsoft's Defender Security Research team found a chain in AutoGen Studio that turns a single malicious webpage into an RCE on the developer's host. PyPI users are not exposed, but the pattern is broader than one bug.