Codewall, an AI security firm, demonstrated alarming vulnerabilities in London-based AI recruiting platform Jack & Jill. By deploying an autonomous AI agent, Codewall exploited four security flaws, achieving a CVSS severity score of 9.8 that allowed for complete organizational takeover. The flaws included an API documentation exposure, a test mode authentication issue, and inadequate role checks during onboarding. The agent created a fake account, gained admin privileges, and accessed sensitive data, including team communications and recruitment listings. Codewall’s agent even tested the platform’s voice infrastructure, impersonating Donald Trump in a simulated scenario where “Jack,” the AI, referred to him as “Mr. President.” This incident highlights emerging cybersecurity challenges posed by AI agents, which can exploit vulnerabilities but also enhance threat detection and response capabilities. The growing autonomous nature of AI systems necessitates stringent security measures, as they introduce new risks that companies must address proactively.
Source link
