The AI agent was supplied with demo customer data, including names, contact details, and credit card information, and was instructed to verify customer identities before sharing data or making changes.

Using a technique known as prompt injection, Tenable researchers were able to override those safeguards.

Sensitive Data Leaked, Financial Controls Bypassed

Through workflow manipulation, researchers successfully extracted sensitive payment card information and forced the AI agent to bypass identity verification protocols.

More critically, the agent’s permissions allowed researchers to modify financial fields.

By exploiting this access, they changed a trip’s cost to $0, effectively granting unauthorised free services.

Major Business and Regulatory Implications