TLDR: A significant “path traversal vulnerability” was discovered in Microsoft’s NLWeb, a framework designed for agentic AI browsing. This flaw could have allowed hackers to gain control over web browsers and access sensitive user data. The vulnerability was responsibly reported by researchers Aonan Guan and Lei Wang and subsequently patched by Microsoft on July 1, 2025, after being reported on May 28, 2025.
Microsoft’s ambitious “open agentic web” initiative, unveiled at Build 2025, recently faced a critical security challenge with the discovery of a “path traversal vulnerability” in its NLWeb framework. NLWeb, envisioned as “HTML for the Agentic Web,” is a foundational component for enabling AI agents to browse and interact with the internet on behalf of users.
The flaw was identified by security researchers Aonan Guan and Lei Wang. They found that a specially crafted URL could exploit this vulnerability, potentially granting attackers access to sensitive system files, including configuration data and API keys. The implications of such an exploit were severe, with the potential for hackers to “steal your agent’s brain,” allowing them to control AI agents, interact with emails, or even gain access to financial information.
The vulnerability was responsibly reported to Microsoft on May 28, 2025. Microsoft acted swiftly, patching the open-source repository for NLWeb on July 1, 2025. A Microsoft spokesperson, Ben Hope, confirmed the fix, stating, “This issue was responsibly reported and we have updated the open-source repository.” Hope further clarified that “Microsoft does not use the impacted code in any of our products,” suggesting the vulnerability was in the open-source component rather than directly in Microsoft’s commercial offerings.
Also Read:
- Researchers Unveil Zero-Click Prompt Injection Vulnerabilities in AI Agents at Black Hat Conference
- AI Security Flaws: GPT-5 Jailbroken, Zero-Click Attacks Threaten Cloud and IoT Systems
This incident highlights the ongoing security considerations as tech giants like Microsoft push towards a future where AI agents operate with greater autonomy across the web. The “open agentic web” aims for AI agents to understand context, take initiative, and perform tasks across various systems and websites, moving AI from a mere helper to a more independent digital teammate.
