Cross-Agent Privilege Escalation: When Agents Free Each Other
During the Month of AI Bugs, I described an emerging vulnerability pattern that shows how commonly agentic systems have a design flaw that allows an agent to overwrite its own configuration and security settings.
This allows the agent to break out of its sandbox and escape by executing arbitrary code.
My research with GitHub Copilot, AWS Kiro and a few others demonstrated how this can be exploited by an adversary with an indirect prompt injection.