Incident · curated 27 Jun 2026
First reported 19 Jun 2026 · 7d ago
Single-source incident — first reported, latest, and curated coincide.
It shows that AI browsing agents can be weaponized into a path for remote code execution on the host, turning a single malicious web page into a full system compromise vector.
Microsoft researchers detailed an exploit chain called AutoJack that hijacks an AI browsing agent to achieve host code execution. By steering the agent to load an attacker's web page, the page's JavaScript reaches a privileged local service and spawns a process on the host with no credentials or further user interaction.
Why it matters
It shows that AI browsing agents can be weaponized into a path for remote code execution on the host, turning a single malicious web page into a full system compromise vector.