A security vulnerability has been discovered in Microsoft’s NLWeb technology, a method that allows AI agents to interact with websites on behalf of users. Researcher Aonan Guan found a path traversal bug that enables any remote user to access sensitive files such as system configurations and cloud credentials via a malformed URL.
Guan demonstrated how he was able to download a list of system passwords along with Google Gemini and OpenAI keys, allowing an attacker to run additional AI applications “for free” without being charged. Microsoft’s Security Response Center confirmed the issue and released a patch in June, but users do not need to take any action.
The vulnerability highlights the rapid pace of AI development and the blurring of lines between user input and system commands. Guan warned that future attack vectors could involve crafting sentences that translate into malicious file paths or actions when parsed by an agent. This discovery comes amid concerns about the leaked interactions of popular AI chatbots, such as ChatGPT, which have been exposed in Google’s search results.
Source: https://www.pcworld.com/article/2870297/microsofts-agentic-html-found-to-leak-passwords-ai-keys.html