AutoJack: A single page can RCE the host running your AI agent

Microsoft security researchers discovered a vulnerability in AutoGen Studio, an open-source prototyping user interface for AI agents, that allows untrusted web content to reach a local Model Context Protocol (MCP) WebSocket and spawn arbitrary processes on the host, dubbed "AutoJack".