{"id":"05e9ba1f-11c5-5d4e-b907-4feecc857ae5","kind":"official","name":"Agentic ProbLLMs: Exploiting AI Computer-Use and Coding Agents","slug":"agentic-probllms-exploiting-ai-computer-use-and-coding-agents","url":"https://api.events.ccc.de/congress/2025/event/05e9ba1f-11c5-5d4e-b907-4feecc857ae5/?format=json","track":"security","assembly":"ccc","room":"62251a07-13e4-5a72-bb3c-8528416ee0f2","location":null,"language":"en","description":"During the Month of AI Bugs (August 2025), I responsibly disclosed over two dozen security vulnerabilities across all major agentic AI coding assistants. This talk distills the most severe findings and patterns observed.\r\n\r\nKey highlights include:\r\n* Critical prompt-injection exploits enabling zero-click data exfiltration and arbitrary remote code execution across multiple platforms and vendor products\r\n* Recurring systemic flaws such as over-reliance on LLM behavior for trust decisions, inadequate sandboxing of tools, and weak user-in-the-loop controls.\r\n* How I leveraged AI to find some of these vulnerabilities quickly\r\n* The AI Kill Chain: prompt injection, confused deputy behavior, and automatic tool invocation\r\n* Adaptation of nation-state TTPs (e.g., ClickFix) into AI ClickFix techniques that can fully compromise computer-use systems.\r\n* Insights about vendor responses: from quick patches and CVEs to months of silence, or quiet patching\r\n* AgentHopper will highlight how these vulnerabilities combined could have led to an AI Virus\r\n\r\nFinally, the session presents practical mitigations and forward-looking strategies to reduce the growing attack surface of probabilistic, autonomous AI systems.","schedule_start":"2025-12-28T13:30:00+01:00","schedule_duration":"01:00:00","schedule_end":"2025-12-28T14:30:00+01:00"}