AI agents are here, there, and everywhere. Smarter, faster, and more skilled, they gain greater autonomy and trust. We trust their capabilities to do many tasks much faster and sometimes better than we can. We trust them as they usually demonstrate their eagerness to please us and fulfill our commands. Isn’t that too good to be true, and we might be dealing with a double-edged sword here? Can attackers use the same capabilities of the AI agents to attack their own users? Can they exploit their eagerness to please their users to fulfill the attackers’ intentions? And most importantly: what’s the worst that could happen if you fully trust some random AI Agent?
In this blog post, I present the results of my research on an extension for Visual Studio Code, which has one of the highest installation counts in AI agents category. I demonstrate several techniques of prompt injection, further exploitation, and even human emotional manipulation to achieve maximum impact on its users.
Continue reading “BlackBoxAI: AI Agent can get your computer fully compromised”
Continue reading