id
type
5 (blog/news article)
status
21 (imported old-v2, waiting for another import)
review version
1
cleanup version
0
pending deletion
0 (-)
created at
2026-01-22 15:22:36
updated at
2026-01-22 15:22:36
url
https://casco.com/blog/we-hacked-ycombinator-agents
url length
51
url crc
7399
url crc32
106962151
location type
1 (url matches target location, page_location is empty)
canonical status
2 (missing canonical tag in html)
canonical page id
-
domain id
domain tld
2211
domain parts
2
originating warc id
6570684
originating url
source type
11 (CommonCrawl)
server ip
Publication date
2025-07-15 07:32:01
Fetch attempts
0
Original html size
66827
Normalized and saved size
25851
title
We hacked Y Combinator's AI agents and what you can learn from it
excerpt
content
BlogWe hacked Y Combinator's AI agents and what you can learn from itWritten by Rene Brandel on Tue May 27 2025In mid-April 2025, I hacked 7 of the 16 publicly-accessible AI agents from the Y Combinator spring 2025 batch. This allowed me to leak user data, execute code remotely, and take over databases. Each vulnerability took me less than 30 minutes to exploit. TL;DR: Tool definitions and parameters were not protected by transitive authentication Poorly protected code execution tools allowed me to execute arbitrary code remotely Tools that call external endpoints enabled me to set up a malicious database configuration This type of incident isn't isolated to YC companies. 73% of enterprises experienced at least one AI-related security incident in the past 12 months. A cyber incident costs on average $4,000,000 and your AI agent could be the root cause. In this post, I'll go into the most common attack vectors and how hackers "think" when attacking your AI agent. Case #1: From leaked...
author
updated
1769938440
block type
0
extracted fields
105
extracted bits
featured image
title
full content
content was extracted heuristically
detected location
0
detected language
1 (English)
category id
-
index version
1
paywall score
0
spam phrases
0
text nonlatin
0
text cyrillic
0
text characters
4292
text words
851
text unique words
416
text lines
1
text sentences
44
text paragraphs
1
text words per sentence
19
text matched phrases
0
text matched dictionaries
0
links self subdomains
0
links other subdomains
2
links other domains
6
links spam adult
0
links spam random
0
links spam expired
0
links ext activities
0
links ext ecommerce
0
links ext finance
0
links ext crypto
0
links ext booking
0
links ext news
0
links ext leaks
0
links ext ugc
1
links ext klim
0
links ext generic
0
image author