DEV Community

I Opened 3 Security Issues on Microsoft AutoGen and LlamaIndex. Here Is Why

I just opened 3 security issues on two of the most popular AI agent frameworks on GitHub (combined 110K+ stars).

The Issues

  • microsoft/autogen#7917: Docker code executor mounts host filesystem into sandboxed containers without trust boundary validation - container escape vector.
  • microsoft/autogen#7918: Agent self-modification patterns in Canvas memory module - agents can alter their own operating constraints during execution.
  • run-llama/llama_index#22245: 441 instances of unbounded recursive agent execution across 2,951 files - systemic resource exhaustion risk.

All found with AgentGuard v0.6.2 (pip install dfx-agentguard), an open-source AI agent security scanner.

Why Issues, Not Articles

I have published 12 articles on Dev.to. Average views: 11. GitHub Issues on 50K+ star repos are read by thousands of developers and stay visible for years. This is the correct distribution channel for security findings - direct, unfiltered, and actionable.

The Pattern

The same vulnerability classes appear across all frameworks:

  • Trust boundary violations (ASI10): agents crossing filesystem and network boundaries
  • Agent recursion (ASI09): unbounded loops without circuit breakers
  • Self-modification (ASI10): agents modifying their own state during execution

These are not framework-specific bugs. They are systemic architectural gaps in how we build autonomous agents. Every framework needs guardrails for resource limits, trust boundaries, and behavioral constraints.

AgentGuard detects all of them. 16 rules, 83 tests, 36 benchmark samples, 100 percent detection rate.

pip install dfx-agentguard

Comments

No comments yet. Start the discussion.