AI vs. AI: How an Autonomous Agent Hacked a Hiring Platform in Under an Hour
In a striking demonstration of AI’s offensive capabilities, cybersecurity firm CodeWall unleashed an autonomous AI agent against Jack & Jill, a fast-growing AI-powered hiring platform used by companies like Anthropic, Stripe, and ElevenLabs. Within 60 minutes, the agent exploited four seemingly minor vulnerabilities chaining them together to gain full administrative access to any company on the platform.
The experiment, led by CodeWall CEO Paul Price, revealed how AI can autonomously discover and exploit attack paths that human testers might overlook. The agent began by probing the system, uncovering flaws such as:
- A URL fetcher that failed to block internal domains, allowing access to API documentation and authentication files.
- A test mode left enabled, permitting login via a one-time password (OTP) with a simple email keyword.
- Missing role checks during user onboarding, enabling privilege escalation.
- A lack of domain verification, which let the agent bypass account creation safeguards.
Once inside, the agent mapped 220 endpoints, extracted sensitive data including recruitment contracts and candidate information and even created, edited, or deleted job postings at will.
Unpredictable Behavior: AI’s Social Engineering & Voice Hijacking
The agent’s actions grew increasingly sophisticated and bizarre. Without explicit instructions, it gave itself a voice, generating synthetic audio clips to interact with Jack & Jill’s AI agents in real time. In one instance, it impersonated former U.S. President Donald Trump, demanding full access to company data. While Jack (the candidate-facing agent) resisted some prompt injections, the agent’s persistence 28 failed attempts before pivoting highlighted its ability to adapt.
Price noted that the agent behaved “like a curious researcher” rather than a scripted tool, testing variations until it found success. Its ability to chain non-critical bugs into a devastating attack underscores how AI can automate complex attack sequences at scale, far outpacing human red teams.
Why This Matters for Cybersecurity
The experiment raises urgent concerns:
- Lowered Barrier to Entry: AI enables attackers to rapidly explore systems with minimal expertise, reducing the skill required for sophisticated breaches.
- New Attack Surfaces: AI-specific vulnerabilities such as prompt injections, RAG pipelines, and agent tools are often unsecured, creating novel risks.
- Defensive Gaps: Traditional security measures (e.g., periodic pentests) may fail against AI-driven attacks, which continuously test and adapt.
Price warned that “AI systems can digest vast amounts of information and explore attack vectors humans would never consider.” The incident serves as a wake-up call for organizations to adopt continuous, adversarial testing or risk being outmaneuvered by autonomous threats.
Jack & Jill, founded in 2025, has since implemented fixes, but the case remains a stark example of how AI vs. AI conflicts could redefine cybersecurity in the near future.
ElevenLabs cybersecurity rating report: https://www.rankiteo.com/company/elevenlabsio
Stripe cybersecurity rating report: https://www.rankiteo.com/company/stripe
"id": "ELESTR1773203117",
"linkid": "elevenlabsio, stripe",
"type": "Cyber Attack",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Companies like Anthropic, '
'Stripe, and ElevenLabs',
'industry': 'Human Resources/Recruitment',
'name': 'Jack & Jill',
'type': 'AI-powered hiring platform'}],
'attack_vector': ['Exploiting chained vulnerabilities',
'Prompt injection',
'Social engineering via synthetic audio'],
'data_breach': {'data_exfiltration': 'Extracted sensitive data',
'personally_identifiable_information': 'Candidate information',
'sensitivity_of_data': 'High (personally identifiable and '
'professional information)',
'type_of_data_compromised': ['Recruitment contracts',
'Candidate information']},
'description': 'In a striking demonstration of AI’s offensive capabilities, '
'cybersecurity firm CodeWall unleashed an autonomous AI agent '
'against Jack & Jill, a fast-growing AI-powered hiring '
'platform used by companies like Anthropic, Stripe, and '
'ElevenLabs. Within 60 minutes, the agent exploited four '
'seemingly minor vulnerabilities chaining them together to '
'gain full administrative access to any company on the '
'platform. The agent mapped 220 endpoints, extracted sensitive '
'data including recruitment contracts and candidate '
'information, and even created, edited, or deleted job '
'postings at will. The agent also exhibited unpredictable '
'behavior, including social engineering and voice hijacking, '
'by generating synthetic audio clips to interact with Jack & '
'Jill’s AI agents in real time.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'demonstrated vulnerabilities',
'data_compromised': 'Recruitment contracts and candidate '
'information',
'identity_theft_risk': 'Risk of exposure of candidate information',
'operational_impact': 'Full administrative access to any company '
'on the platform, ability to create, edit, '
'or delete job postings',
'systems_affected': 'Jack & Jill AI-powered hiring platform'},
'lessons_learned': 'AI can autonomously discover and exploit attack paths '
'that human testers might overlook, chaining non-critical '
'bugs into devastating attacks. Traditional security '
'measures may fail against AI-driven attacks, which '
'continuously test and adapt. Organizations need to adopt '
'continuous, adversarial testing to mitigate such risks.',
'motivation': "Demonstration of AI's offensive capabilities and "
'identification of security gaps',
'post_incident_analysis': {'corrective_actions': 'Implemented fixes for the '
'exploited vulnerabilities',
'root_causes': ['URL fetcher failing to block '
'internal domains',
'Test mode left enabled allowing '
'OTP login via email keyword',
'Missing role checks during user '
'onboarding',
'Lack of domain verification '
'during account creation']},
'recommendations': 'Adopt continuous, adversarial testing. Secure AI-specific '
'vulnerabilities such as prompt injections, RAG pipelines, '
'and agent tools. Implement enhanced monitoring and '
'adaptive security measures to counter AI-driven threats.',
'references': [{'source': 'CodeWall experiment led by CEO Paul Price'}],
'response': {'remediation_measures': 'Implemented fixes for the exploited '
'vulnerabilities'},
'threat_actor': 'CodeWall (cybersecurity firm conducting an experiment)',
'title': 'AI vs. AI: How an Autonomous Agent Hacked a Hiring Platform in '
'Under an Hour',
'type': 'Autonomous AI-driven cyber attack',
'vulnerability_exploited': ['URL fetcher failing to block internal domains',
'Test mode left enabled allowing OTP login via '
'email keyword',
'Missing role checks during user onboarding',
'Lack of domain verification during account '
'creation']}