Microsoft researchers have detailed ‘AutoJack’, an exploit chain that transforms an AI browsing agent into a vector for remote code execution. By steering the agent to a malicious web page, JavaScript on that page can interact with a privileged local service on the host machine, leading to process spawning. This attack requires no credentials or user interaction beyond the initial navigation, posing a significant risk for systems utilizing AI browsing agents.