AI/ML

Shell injection flaw found in 10 of 11 open-source AI agents

Close-up of Hands Typing on Keyboard with AI Graphics and Symbols Representing Technology, Innovation, and Digital Communication

A recent survey conducted by Adversa AI examining open-source AI coding and computer-use agents has uncovered a significant security vulnerability, dubbed GuardFall, affecting 10 out of 11 popular tools. This flaw allows attackers to bypass command filters, potentially leading to unauthorized access and execution of malicious commands, based on information published by Security Affairs.

The GuardFall vulnerability stems from a fundamental mismatch between how security filters inspect commands and how the Bash shell interprets and executes them. Attackers can exploit this by crafting commands that appear benign to filters but are rewritten by Bash into destructive operations. This bypass can grant attackers access to sensitive information such as SSH keys and cloud credentials. Five classes of bypasses were identified, including using alternative command syntax, embedding commands within other commands, and utilizing destructive flags with seemingly innocuous utilities like "find" and "dd".

While some agents employ tokenized guards that offer improved protection, they still fail to address all bypass classes, particularly those involving command substitutions or specific flag combinations. The research highlights that the convention of using string-matching guards is structurally unsound, offering a false sense of security. Only one agent, Continue, demonstrated a robust defense mechanism by employing a multi-component evaluation process that successfully blocked all tested bypasses.

Source: Security Affairs

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds