In a nutshell: A vulnerability chain in AutoGen Studio enabled remote code execution through manipulated websites; Microsoft has patched the security flaw.
Microsoft has closed a vulnerability chain called AutoJack in its AutoGen Studio platform that allowed attackers to trick AI agents into executing arbitrary commands on the host system. The flaw could be triggered through a manipulated website.
Microsoft has patched a security vulnerability in AutoGen Studio, which is used for prototyping AI agents. The vulnerability chain, referred to as AutoJack, could allow attackers to execute code on the system running the AutoGen Studio instance through manipulated websites.
For CTOs, this represents a direct risk when developing and testing AI agent applications. When developers or agents interact with externally supplied content – such as through data inputs, web scraping, or browsing functions – attackers could exploit these as an entry point to compromise the execution environment.
The update should be deployed promptly, particularly in development environments where AutoGen Studio works with untrusted data sources or is accessible across network boundaries.
Source: www.bleepingcomputer.com · Published 22 June 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.7.1.