Agentic red-team platforms show systemic host-compromise paths

Agentic red-team platforms show systemic host-compromise paths

A peer-reviewed security analysis of 12 open-source agentic offensive platforms found 10 vulnerable to sandbox escape and host-level compromise, 11 exposing LLM API keys to exfiltration, and all 12 susceptible to unrestricted weaponization. Three tested tools reportedly operated without OS-level sandboxing, while a five-stage attack chain led from worker compromise to full operator-machine RCE.

The core issue is architectural: guardrails were enforced at the orchestrator layer, while commands executed inside worker environments bypassed those controls. For defenders, the findings frame agentic red-team tooling itself as an attack surface requiring strict worker isolation, secret separation, and OS-level enforcement rather than prompt-layer policy checks.

️ Open sources - closed narratives

@sitreports

Source: Telegram "sitreports"