Outsiders Could Exploit Misconfig to Stream Commands, Credentials. A misconfiguration in Microsoft’s Azure SRE Agent may have allowed any Azure account holder from any company to tap into another organization’s agent conversations in real time, watching commands, outputs and credentials, leaving no trace.
First seen on govinfosecurity.com
Jump to article: www.govinfosecurity.com/token-flaw-turned-azures-ai-agent-into-spy-a-31462
