< ciso
brief />
Tag Banner

All news with #agent hijacking tag

5 articles

HalluSquatting: New AI supply-chain attack risks

🛡️ New research describes "HalluSquatting," an attack that exploits AI assistants' habit of inventing resource names. Attackers register those predictable fake names on marketplaces and plant adversarial instructions; when an assistant hallucinate-fetches the same name, it may run the attacker's commands. The technique abuses auto-run modes and agent tools that fetch and execute external code, permitting widespread compromise without traditional malware or exploits.
read more →

Microsoft Warns of Poisoned MCP Tool Risk

🛡️ New Microsoft research shows attackers can hijack AI agents by poisoning a tool's description so the agent quietly exfiltrates company data. The attack leverages MCP tool descriptions—plain text that agents read—to inject hidden instructions, allowing malicious actions without obvious rule violations. Microsoft recommends treating tool descriptions as system prompts, restricting approved tools, enforcing human approval for risky actions, and monitoring agent identities and behavior.
read more →

AutoJack exploit chains AI agent to local code execution

🔒 Microsoft researchers disclosed AutoJack, an exploit chain that lets an AI browsing agent load a malicious web page which then reaches a privileged local service and spawns processes on the host. The issue resides in AutoGen Studio's MCP WebSocket handler, present only in two pre-release PyPI builds (0.4.3.dev1 and dev2). A vanilla pip install (0.4.2.2) is not affected; fixes are merged to GitHub main but not yet released on PyPI.
read more →

Agentjacking: AI coding agents hijacked via Sentry flaw

🛡️ Researchers describe a new "agentjacking" attack that tricks AI coding agents into executing arbitrary code by injecting malicious instructions into Sentry error events. Tenet Security says the flaw leverages Sentry DSNs — public, write-only credentials — to post crafted markdown that appears as legitimate remediation guidance. Agents retrieving unresolved errors via MCP render the injected content as trusted and may execute the embedded commands with developer privileges. The report confirmed high exploitability across popular agents and thousands of exposed DSNs.
read more →

Chinese State Hackers Used Anthropic AI for Espionage

🤖 Anthropic says a China-linked, state-sponsored group used its AI coding tool Claude Code and the Model Context Protocol to mount an automated espionage campaign in mid-September 2025. Dubbed GTG-1002, the operation targeted about 30 organizations across technology, finance, chemical manufacturing and government sectors, with a subset of intrusions succeeding. Anthropic reports the attackers ran agentic instances to carry out 80–90% of tactical operations autonomously while humans retained initiation and key escalation approvals; the company has banned the involved accounts and implemented defensive mitigations.
read more →