CodeWall agent hacks AI recruiter
CodeWall says its autonomous offensive-security agent chained four seemingly minor bugs into a CVSS 9.8 cross-organization takeover of Jack & Jill, a London AI recruiting startup backed by a $20M seed round. The disclosure is notable because the agent also pivoted into the target's unauthenticated voice stack and ran live AI-to-AI probing without human guidance.
This is the clearest pitch yet for agentic red teaming as something more dangerous than a faster scanner: the value came from linking auth, onboarding, and voice-layer flaws into one exploit path. If the write-up holds up, the uncomfortable takeaway for AI builders is that conventional pentests are too static for systems with multiple agents, multiple surfaces, and weak internal trust assumptions.
- –The chain matters more than any single bug: SSRF-like internal fetch access, Clerk test mode in production, missing role checks, and weak domain ownership logic became critical only when combined
- –The voice-agent section is the sharpest warning for AI product teams, because it shows model guardrails can hold while the surrounding transport and session controls still fail
- –CodeWall's framing pushes security toward continuous adversarial testing instead of annual assessments, which fits how quickly AI products ship new endpoints and prompts
- –Responsible disclosure and a claimed one-hour patch turnaround make this read less like a stunt and more like a live case study in AI-era attack surface management
DISCOVERED
32d ago
2026-03-10
PUBLISHED
32d ago
2026-03-10
RELEVANCE
AUTHOR
eth0izzle