Autonomous AI Agent Chains Bugs to Compromise Platform
🛡️ CodeWall’s autonomous red-team agent compromised hiring startup Jack & Jill by chaining four seemingly minor bugs into a complete account takeover within an hour. The agent abused a permissive URL fetcher, an enabled test-login mode, missing onboarding role checks, and absent domain verification to map APIs, authenticate via a test OTP flow, and escalate to org-admin privileges. It then generated synthetic voice clips to social-engineer Jack, conducting 28 multi-turn exchanges and even impersonating Donald Trump before moving on, demonstrating how AI can rapidly combine low-risk flaws into high-impact attacks.
