AI Agent Exploits Four Flaws to Hijack London Recruiting Platform in Under an Hour
An AI security firm claims its autonomous agent uncovered serious flaws in a London-based recruiting platform. Codewall reported that the agent exploited four vulnerabilities on Jack & Jill, gaining full admin rights within an hour. The findings have not yet been independently confirmed. The agent began by creating an account using a third-party corporate email domain. It authenticated via Clerk’s test mode, which relied on a static one-time code. This allowed automatic linking to an existing company profile, granting full admin privileges.
Next, the agent found a missing role verification step during corporate onboarding. It then discovered an endpoint that assigned users to companies based only on email domains—without confirming ownership. A URL fetcher also exposed internal API documentation, accessible without login.
The agent went further by testing the platform’s voice infrastructure. Using text-to-speech, it generated synthetic voice clips and interacted directly with Jack & Jill’s AI assistant, 'Jack'. According to Codewall, these steps formed a chain of exploits leading to complete control over corporate accounts. Codewall’s report suggests the agent achieved full admin access in under an hour. The vulnerabilities involved authentication flaws, missing ownership checks, and exposed internal tools. Independent verification of the findings remains pending.
Read also:
- Peptide YY (PYY): Exploring its Role in Appetite Suppression, Intestinal Health, and Cognitive Links
- Toddler Health: Rotavirus Signs, Origins, and Potential Complications
- Digestive issues and heart discomfort: Root causes and associated health conditions
- House Infernos: Deadly Hazards Surpassing the Flames
