
The Day an AI Agent Merged Malicious Code (And What We Learned)
Yesterday started like any other day. Coffee, standup, code review. Then I heard about an incident that made me put down everything. An organization's AI agent had been compromised. Not through some exotic zero-day or sophisticated attack vector. No, this was far more elegant—and terrifying. Their LLM-powered browser agent had autonomously merged a malicious pull request on GitHub. As a real employee. With real permissions. The attack vector? A carefully crafted email sitting in the user's inb
