Microsoft disclosed AutoJack, a chain of vulnerabilities in AutoGen Studio that could let a malicious webpage trick an AI agent into executing arbitrary commands on the host machine. The issue was fixed before any PyPI release, but developers who built AutoGen Studio from the main GitHub branch during a short window were exposed. #AutoJack #AutoGenStudio #Microsoft #MCP
Keypoints
- AutoJack is a vulnerability chain in Microsoftโs AutoGen Studio.
- A malicious webpage could induce an agent to run attacker-controlled commands.
- The attack relied on trust in localhost WebSocket connections and missing authentication.
- A base64-encoded server_params value could be used to launch PowerShell, Bash, or executables.
- Microsoft says the flaw was patched before PyPI release and recommends isolated, low-privilege deployment.