The Hacker News · Jun 19, 2026 15:30 UTC

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Summary

Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote code execution. Steer the agent to load an attacker's web page, and that page's JavaScript can reach a privileged local service on the same machine and spawn a process on the host. No credentials, no sign-in screen, and no further user interaction once

Original reporting

Open original source

Related coverage

Read full article on The Hacker News

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

Original reporting

Related coverage

Aging Air Force One replaced by Qatar gifted Boeing 747

Military unveils $400 million Qatar gifted Boeing 747 for Air Force One

One Nation gains ground in rural Australian town

AI jobs impact chart compared to past tech advances

Israeli firms supply World Cup drone cyber defense

Governor Abbott Launches One Stop Shop Website For NWS Information