Definition
An attack where hidden instructions cause an AI agent to add extra hidden options or flags to a command it was already authorized to run, changing its behavior in dangerous ways. It's a way of sneaking a more powerful command past a filter that only checks for obviously dangerous commands, not dangerous combinations of options.
Why it matters
It defeats 'safe command allow-list' style guardrails that many AI-to-infrastructure tools rely on, showing that surface-level filtering isn't enough to stop a compromised agent from taking over critical systems like Kubernetes clusters.