Research
Microsoft Security: When Prompts Become Shells — RCE Vulnerabilities Found in AI Agent Frameworks
Microsoft Security researchers published findings showing that once an AI model is wired to tools, prompt injection crosses from content manipulation to code execution. They discovered two critical RCE vulnerabilities in Semantic Kernel where attackers could cross that boundary. The blog post details how AI agent frameworks create a thin line between prompt injection as a content security problem and as a code execution primitive, with practical guidance for framework developers on securing tool-calling interfaces.
↳ Follow the thread