AI Agents Expose Critical New Security Threat

Codewall's autonomous AI agent chained four vulnerabilities into a complete takeover of Jack & Jill, a London-based recruiting platform used by Anthropic, Stripe, and Cursor. The attack took one hour and achieved a CVSS severity score of 9.8—maximum risk level. The agent gained full admin access, then independently decided to test the voice infrastructure, conducting 28 conversation rounds to probe guardrails.

Why this matters: AI agents are now weaponized security tools. Unlike human hackers, they work 24/7, chain exploits instantly, and think tactically about how to circumvent defenses. When Codewall's agent impersonated Donald Trump claiming a $500 million acquisition, the AI assistant "Jack" addressed him as "Mr. President" without questioning the premise.

Your action: Audit authentication systems, test email domain verification, and eliminate hardcoded test credentials. AI agents outperform human security teams but also exploit weaknesses faster than ever. Companies treating AI security as a checkbox rather than existential risk will be breached.

The paradox: The same capabilities make AI agents superior at detecting real threats—but the attack surface keeps expanding.