AutoJack Exploit Enables AI Agent Hijacking Through a Single Web Page

AutoJack is a chained exploit against AutoGen Studio's Model Context Protocol (MCP) WebSocket that lets an attacker-hosted web page (accessed by a local headless browsing agent) connect to localhost:8081, bypass origin and authentication checks, and deliver base64-encoded server_params that are executed as OS commands under the developer's account; Microsoft patched the issue in commit b047730 and the vulnerable MCP route is not present in the published PyPI package.