How we hacked YC Spring 2025 batch’s AI agents — Rene Brandel, Casco

A security analysis of YC AI agents reveals that the most critical vulnerabilities are not in the LLM itself, but in the surrounding infrastructure. This breakdown of a red teaming exercise, where 7 out of 16 agents were compromised, highlights three common and severe security flaws: cross-user data access (IDOR), remote code execution via insecure sandboxes, and server-side request forgery (SSRF).