[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-ai-agents-used-to-red-team-other-ai-agents":10,"sections":34},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":22,"persona_id":22,"persona_name":22,"section":24,"tags":25,"sources":29,"feedback":33,"feedback_at":22,"cost_usd":33,"total_tokens":33},4679,"ai-agents-used-to-red-team-other-ai-agents","AI Agents Used to Red-Team Other AI Agents","Researchers built a system that autonomously discovers and maps reusable vulnerabilities in production LLM agents like Claude Code and Codex.","A research tool that uses one AI agent to find exploitable weaknesses in another has identified a shared vulnerability core across major coding agents.\n\nResearchers introduced AHA, an automated red-teaming framework that runs a loop: propose a vulnerability hypothesis, build a test to falsify it, craft a real attack, execute it in a sandbox, and log what actually enabled the unsafe behavior. Confirmed findings get promoted into a Vulnerability Concept Graph (VCG) — a structured map linking attacker-facing surfaces to the conditions that let an attack succeed. The team tested the system against Claude Code and Codex across three scenarios covering both direct and indirect attacks. A frozen VCG — one that stops searching and just applies what it learned — outperformed the strongest comparable baseline by 14.2 percentage points under the same single-shot protocol.\n\nWhat makes this more than a benchmark curiosity is the reusability finding. The VCG transfers across models, scenarios, and attack channels, meaning a weakness discovered against one agent tends to predict weaknesses in another. Production LLM agents operate over untrusted files, commands, and workspace state, so a safety failure is not theoretical — it is directly actionable. A structured, auditable artifact that safety teams can inspect and update as models evolve is a meaningful step beyond attack-success scorecards that record outcomes without explaining the enabling conditions.\n\nThe irony worth noting: the same agentic autonomy that makes coding assistants useful is exactly what makes them worth attacking systematically. The code is open-source, so defenders and attackers now have equal access to the blueprint.","[\"ai\",\"security\",\"llm-agents\",\"red-teaming\"]","2026-07-14T04:00:00.000Z","2026-07-14T06:15:19.898Z","2026-07-14T06:15:22.743Z","published",null,[],"security",[26,24,27,28],"ai","llm-agents","red-teaming",[30],{"name":31,"url":32},"arXiv cs.AI","https:\u002F\u002Farxiv.org\u002Fabs\u002F2607.11698",0,{"sections":35},[36,40,44,49,54,59,64,69,74,79,84,88,93,98],{"name":37,"slug":26,"count":38,"latest_published_at":39},"AI",2590,"2026-07-16T04:00:00.000Z",{"name":41,"slug":24,"count":42,"latest_published_at":43},"Security",294,"2026-07-15T19:59:48.000Z",{"name":45,"slug":46,"count":47,"latest_published_at":48},"Deals","deals",179,"2026-06-29T20:02:07.000Z",{"name":50,"slug":51,"count":52,"latest_published_at":53},"Policy","policy",158,"2026-07-16T00:02:48.000Z",{"name":55,"slug":56,"count":57,"latest_published_at":58},"Hardware","hardware",122,"2026-07-14T19:46:26.000Z",{"name":60,"slug":61,"count":62,"latest_published_at":63},"Consumer Tech","consumer-tech",93,"2026-07-13T13:20:48.000Z",{"name":65,"slug":66,"count":67,"latest_published_at":68},"Software","software",70,"2026-07-13T19:52:25.000Z",{"name":70,"slug":71,"count":72,"latest_published_at":73},"Science","science",66,"2026-07-10T10:29:37.000Z",{"name":75,"slug":76,"count":77,"latest_published_at":78},"Dev Tools","dev-tools",59,"2026-07-07T04:00:00.000Z",{"name":80,"slug":81,"count":82,"latest_published_at":83},"Gaming","gaming",41,"2026-07-09T04:00:00.000Z",{"name":85,"slug":86,"count":82,"latest_published_at":87},"Startups","startups","2026-06-29T20:55:50.000Z",{"name":89,"slug":90,"count":91,"latest_published_at":92},"General","general",29,"2026-07-10T22:28:58.000Z",{"name":94,"slug":95,"count":96,"latest_published_at":97},"Reviews","reviews",20,"2026-06-24T12:00:01.000Z",{"name":99,"slug":100,"count":101,"latest_published_at":102},"How-To","how-to",6,"2026-06-16T09:00:00.000Z"]