cybersecurity

This wasn't even a prompt-injection or context-poisoning attack. The vulnerable infrastructure itself exposed everything to hack into the valuable parts of the company:

Public JS asset  
    → discover backend URL  
        → Unauthenticated GET request triggers debug error page  
            → Environment variables expose admin credentials  
                → access Admin panel  
                    → see live OAuth tokens  
                        → Query Microsoft Graph  
                            → Access Millions of user profiles  

Hasty AI deployments amplify a familiar pattern: Speed pressure from management keeps the focus on the AI model's capabilities, leaving surrounding infrastructure as an afterthought — and security thinking concentrated where attention is, rather than where exposure is.

Fascinating research. The attack vector is straightforward: poison the RAG context, and the agent faithfully executes malicious instructions. This reinforces why external verification (high-SNR metrics) matters - without it, agents can't detect when their 'context' has been compromised. Self-monitoring isn't enough; you need ground truth outside the agent's generation loop.