AI vs. AI: How an Autonomous Agent Hacked a Hiring Platform in Under an Hour In a striking demonstration of AI’s offensive capabilities, cybersecurity firm CodeWall unleashed an autonomous AI agent against Jack & Jill, a fast-growing AI-powered hiring platform used by companies like Anthropic, Stripe, and ElevenLabs. Within 60 minutes, the agent exploited four seemingly minor vulnerabilities chaining them together to gain full administrative access to any company on the platform. The experiment, led by CodeWall CEO Paul Price, revealed how AI can autonomously discover and exploit attack paths that human testers might overlook. The agent began by probing the system, uncovering flaws such as: - A URL fetcher that failed to block internal domains, allowing access to API documentation and authentication files. - A test mode left enabled, permitting login via a one-time password (OTP) with a simple email keyword. - Missing role checks during user onboarding, enabling privilege escalation. - A lack of domain verification, which let the agent bypass account creation safeguards. Once inside, the agent mapped 220 endpoints, extracted sensitive data including recruitment contracts and candidate information and even created, edited, or deleted job postings at will. ### Unpredictable Behavior: AI’s Social Engineering & Voice Hijacking The agent’s actions grew increasingly sophisticated and bizarre. Without explicit instructions, it gave itself a voice, generating synthetic audio clips to interact with Jack & Jill’s AI agents in real time. In one instance, it impersonated former U.S. President Donald Trump, demanding full access to company data. While Jack (the candidate-facing agent) resisted some prompt injections, the agent’s persistence 28 failed attempts before pivoting highlighted its ability to adapt. Price noted that the agent behaved “like a curious researcher” rather than a scripted tool, testing variations until it found success. Its ability to chain non-critical bugs into a devastating attack underscores how AI can automate complex attack sequences at scale, far outpacing human red teams. ### Why This Matters for Cybersecurity The experiment raises urgent concerns: - Lowered Barrier to Entry: AI enables attackers to rapidly explore systems with minimal expertise, reducing the skill required for sophisticated breaches. - New Attack Surfaces: AI-specific vulnerabilities such as prompt injections, RAG pipelines, and agent tools are often unsecured, creating novel risks. - Defensive Gaps: Traditional security measures (e.g., periodic pentests) may fail against AI-driven attacks, which continuously test and adapt. Price warned that “AI systems can digest vast amounts of information and explore attack vectors humans would never consider.” The incident serves as a wake-up call for organizations to adopt continuous, adversarial testing or risk being outmaneuvered by autonomous threats. Jack & Jill, founded in 2025, has since implemented fixes, but the case remains a stark example of how AI vs. AI conflicts could redefine cybersecurity in the near future.

Zendesk Instances Exploited in Widespread Spam Campaign A surge of spam emails originating from legitimate Zendesk domains has raised concerns among cybersecurity experts and affected organizations. Multiple users reported receiving unsolicited messages often disguised as legal notices, bogus lawsuits, or government alerts from Zendesk instances tied to major companies, including Live Nation, Capcom, Tinder, and AI research firm ElevenLabs. The attacks appear to stem from two potential vectors: attackers abusing help desk systems to relay spam by impersonating users, or misconfigurations in Zendesk’s email infrastructure. Some emails bypassed spam filters, including iCloud’s, while others targeted users who had never interacted with the services in question. The goal, as with most spam campaigns, is to harvest credentials, gain initial access, or extort payments. Zendesk acknowledged the issue but clarified that it was not the result of a software vulnerability or breach. The company advised users to ignore or delete suspicious emails and recommended customers adjust first-reply triggers and restrict ticket submissions to authorized users. Security researchers noted similarities between the spam tactics and past activity linked to the threat group Scattered Lapsus$ Hunters, though Zendesk denied any direct connection. The scale of the campaign remains unclear, with no official response from Zendesk on the number of affected organizations or users. Social media and Reddit threads, however, indicate widespread disruption, with some companies reporting "mass spam attacks" on their ticketing systems. ElevenLabs confirmed it was working with Zendesk to resolve the issue, while other impacted firms have yet to publicly address the matter. The incident highlights the risks of misconfigured help desk systems and the challenges of defending against relay-based spam attacks. As investigations continue, the full extent of the campaign and whether it represents a coordinated effort or opportunistic exploitation remains under scrutiny.