A reported exploit chain aimed at Microsoft’s AutoGen Studio shows how a single URL can become a control channel when agentic AI is allowed to browse and act on live web content.
A reported exploit chain tied to AutoGen Studio shows how untrusted web content may cross from browsing into host-side process execution when an AI agent is given too much local power.