TL;DR A command injection vulnerability in the function tool run_ssh_command_with_credentials() available to AI agents in cai-framework <= 0.5.9 allows to achieve Remote Command Execution. This post describes a vulnerability I discovered in the CAI framework in which incomplete shell escaping inside a tool accessible to AI agents allowed hostile targets to trigger command execution on […]
- info@hacktivesecurity.com
- Mon - Fri: 9.00 am - 6.00 pm
Advanced Security Solutions to protect the Cyberspace.