Definition
An attack in which a malicious website silently triggers actions on a victim's AI agent platform by exploiting missing cross-origin security controls — the agent then runs attacker-specified tasks without the victim's knowledge or consent, using the victim's own credentials and permissions.
Why it matters
Any employee who visits a compromised or malicious website while an AI agent platform is running on their network could inadvertently cause that agent to perform damaging actions — exfiltrating data, modifying files, or invoking external services — on the attacker's behalf.