AO Labs
-
BodySnatcher (CVE-2025-12420): A Broken Authentication and Agentic Hijacking Vulnerability in ServiceNow
This blog deeply analyzes the interplay between Virtual Agent API and Now Assist enabled in this exploit.
-
When AI Turns on Its Team: Exploiting Agent-to-Agent Discovery via Prompt Injection
Aaron Costello uncovers how second-order prompt injection turns AI agents against their own systems. He explains how attackers exploit ServiceNow’s Now Assist…
-
Heisenberg: How We Learned to Stop Worrying and Love the SBOM
Turn SBOMs into supply chain defense with Heisenberg, an open source tool developed by Max Feldman and Yevhen Grinman. It stops risky…
