Recent audits by major cybersecurity firms indicate that the wider ecosystem of agentic AI platforms shares a dangerous set of structural vulnerabilities.
As of March 2026, several high profile tools have been flagged for defects that allow attackers to bypass security labels or hijack active sessions. These flaws highlight a growing gap between AI convenience and business data safety.
Microsoft Excel: The Zero Click Copilot Weapon
A critical vulnerability, tracked as **CVE-2026-26144**, was disclosed in March 2026. This cross site scripting flaw allows a remote attacker to weaponise a standard Excel spreadsheet. When a user with an active Copilot Agent opens or even previews the file, the agent can be tricked into exfiltrating sensitive data to an external network without any further user interaction.
Source: Microsoft Security Response Centre (MSRC) March 2026 Update.
The Core Structural Risks Identified by Auditors
Google Gemini Live Hijacking
Researchers at Palo Alto Networks Unit 42 uncovered a high severity vulnerability in the Gemini Live side panel in Chrome, tracked as **CVE-2026-0628**. This flaw allowed malicious browser extensions with only basic permissions to inherit the elevated privileges of the AI panel. This granted attackers unauthorised access to the user's camera, microphone and local files.
Reference: Palo Alto Networks Unit 42 Research (January/March 2026).
LangChain and LangGraph RCE
The LangChain framework, a cornerstone of the agentic AI world, faced multiple critical disclosures. Most recently, **CVE-2026-27794** identified a deserialization vulnerability in the BaseCache class of LangGraph. This allows unauthenticated remote attackers to execute arbitrary code in the context of the service account, leading to total system compromise.
Source: Zero Day Initiative Advisory ZDI-26-135.
The OpenClaw Crisis
The viral AI agent OpenClaw faced a major security event tracked as **CVE-2026-25253**. This one click Remote Code Execution (RCE) vulnerability allowed attackers to hijack WebSockets and exfiltrate authentication tokens. By visiting a single malicious web page, a user could lose control of their entire OpenClaw gateway, allowing the attacker to bypass the Docker sandbox and run commands on the host machine.
Reference: The Hacker News / CVE-2026-25253 (February 2026).
How to Approach the New Generation of AI Safely
The speed of innovation means that these tools are often released with minimal security testing. If your business is trialling these advanced platforms, treat them with extreme caution.
- Strict Isolation: Run all autonomous agent tools in a dedicated virtual machine or container with no direct access to your primary network.
- Human in the Loop: Configure agents to require manual confirmation for all high risk actions, especially those involving data transmission.
- Regular Patching: Ensure your Python environments and browser extensions are updated to the latest versions. For example, LangGraph users must be on version 0.3.81 or later.
Conclusion
The security landscape for AI is shifting rapidly. From zero click vulnerabilities in Excel to privilege jumps in browser panels, the infrastructure surrounding AI models is the new primary target. Businesses must prioritise verified security practices and robust data governance over the temptation for unmonitored AI deployment.
Identify Your AI Risks
SME Cyber Solutions helps UK businesses deploy AI safely and effectively. Are you concerned about your automated workflows? Contact us for a practical security review.
Request a Security Review