Thinking Outside the Box: New Attack Surfaces in Sandboxed AI Agents (www.lasso.security)

A recent study has highlighted significant vulnerabilities in the security of sandboxed AI agents like NVIDIA's NemoClaw and OpenShell. As these autonomous agents gain advanced functionalities, including the ability to autonomously write code and access user files, the immediate response in the security realm has been to sandbox such agents to protect the host environment. However, the study reveals that merely placing agents in locked-down containers does not mitigate the risks inherent in AI-native attacks. Researchers demonstrated that required external access for these agents—essential for using basic tools—also introduces a new attack surface that can be exploited. The significance of these findings lies in the revelation that established egress policies within sandboxed environments may not be sufficient to prevent data exfiltration. Two distinct attack scenarios were presented, where an agent was tricked into cloning a malicious GitHub repository and executing unauthorized scripts, effectively exfiltrating sensitive information like API keys. The attacks showcased the ability to weaponize the agent’s permitted actions through clever disguising techniques, such as emoji encoding, which allowed malicious scripts to bypass security protocols. As AI agents evolve and integrate with additional platforms, the potential pathways for such exploits will likely expand, underscoring the need for more robust and intent-aware security measures in AI/ML applications.