AI Agents Flawed, Let Hackers Run Code via Prompts

A critical argument injection flaw in several widely used AI agent platforms allows attackers to bypass human approval and execute remote code using crafted prompts. Security firm Trail of Bits identified the design weakness, noting how AI Agents Flawednaturally rely on system tools like grep, git, and go test to streamline operations. These tools, while efficient, open a dangerous attack surface when user input influences command arguments.

Many systems validate commands using allowlists but fail to account for dangerous flags. This oversight enables attackers to inject payloads using standard parameters, bypassing filters and triggering unauthorized code execution. In one case, a prompt exploited the `-exec` flag in go test to run shell commands. Another attack used git and ripgrep to create and execute files. The AI Agents Flawednaturally due to developers’ reliance on pre-approved commands without robust input sanitization.

Researchers recommend sandboxing, argument separators, and disabling shell execution to reduce risk.

Critical Argument Injection Vulnerability in Popular AI Agents Let Attackers Execute Remote Code