Security researchers discovered that ServiceNow's Now Assist AI platform is vulnerable to second-order prompt injection attacks through its agent-to-agent discovery feature. Attackers can exploit default configurations to make benign AI agents recruit more privileged agents, enabling unauthorized data exfiltration, record modification, and privilege escalation. The vulnerability stems from intended behavior rather than a bug, with agents automatically grouped into teams and marked as discoverable by default. Organizations can mitigate risks by configuring supervised execution mode, disabling autonomous overrides, segmenting agent duties, and monitoring for suspicious behavior.
Sort: