CodeWall agent hacks AI recruiter

This is the clearest pitch yet for agentic red teaming as something more dangerous than a faster scanner: the value came from linking auth, onboarding, and voice-layer flaws into one exploit path. If the write-up holds up, the uncomfortable takeaway for AI builders is that conventional pentests are too static for systems with multiple agents, multiple surfaces, and weak internal trust assumptions.

• –The chain matters more than any single bug: SSRF-like internal fetch access, Clerk test mode in production, missing role checks, and weak domain ownership logic became critical only when combined
• –The voice-agent section is the sharpest warning for AI product teams, because it shows model guardrails can hold while the surrounding transport and session controls still fail
• –CodeWall's framing pushes security toward continuous adversarial testing instead of annual assessments, which fits how quickly AI products ship new endpoints and prompts
• –Responsible disclosure and a claimed one-hour patch turnaround make this read less like a stunt and more like a live case study in AI-era attack surface management