Lies-in-the-Loop manipulation of HITL approval dialogs in agentic AI
Technical Analysis
Summary
Hide ▲
Show ▼
Checkmarx researchers detailed Lies-in-the-Loop (LITL), a technique that can manipulate Human-in-the-Loop (HITL) approval dialogs so dangerous actions look harmless and get approved. The finding matters because a compromised prompt can turn a supposed safeguard into a path to arbitrary code execution in privileged AI agents. Demonstrations involved Claude Code and Microsoft Copilot Chat in VS Code, showing how dialog content, metadata, and rendering can be abused. The researchers recommended defense-in-depth controls such as sanitization, clearer approval UI, safe OS APIs, and dialog length limits.
Related Happenings
NCSC guidance urges least-privilege controls for agentic AI deployment
Defensive Guidance
First: 18.05.2026 13:30
Last: 18.05.2026 13:30
Sources 1
About this happening:
The **UK National Cyber Security Centre (NCSC)** released guidance for organizations deploying **agentic AI**, warning that over-privileged or poorly monitored agents can turn a s...
NCSC guidance urges least-privilege controls for agentic AI deployment
Defensive GuidanceAbout this happening: The **UK National Cyber Security Centre (NCSC)** released guidance for organizations deploying **agentic AI**, warning that over-privileged or poorly monitored agents can turn a s...
Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale
Security Tool/Service
First: 13.05.2026 16:46
Last: 13.05.2026 16:46
Sources 1
About this happening:
Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....
Microsoft MDASH enters limited private preview for AI-driven vulnerability discovery at scale
Security Tool/ServiceAbout this happening: Microsoft's **MDASH** has entered **limited private preview**, adding a new **AI-driven vulnerability discovery** service that can validate and prove exploitable defects at scale....
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical Analysis
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
**Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical AnalysisAbout this happening: **Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
Campaign
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
CampaignAbout this happening: An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
Enterprise AI deployments need governance and segmentation after red-team failures
Defensive Guidance
First: 24.04.2026 15:10
Last: 24.04.2026 15:10
Sources 1
About this happening:
**Enterprise AI deployments** are exposing familiar security gaps, making **governance**, **segmentation**, and **red-team validation** urgent to reduce the risk of **data theft**...
Enterprise AI deployments need governance and segmentation after red-team failures
Defensive GuidanceAbout this happening: **Enterprise AI deployments** are exposing familiar security gaps, making **governance**, **segmentation**, and **red-team validation** urgent to reduce the risk of **data theft**...
Timeline
-
17.12.2025 18:00 2 articles · 5mo ago
Lies-in-the-Loop manipulation of HITL approval dialogs in agentic AI
Initial DisclosureSecurity researchers first showed that **HITL approval prompts** can be forged or altered so a user sees a harmless-looking action while approving **arbitrary code execution**. The initial demonstrations centered on **Claude Code** and **Microsoft Copilot Chat in VS Code**.
Show sources
- New “Lies-in-the-Loop” Attack Undermines AI Safety Dialogs — www.infosecurity-magazine.com — 17.12.2025 18:00
- New “Lies-in-the-Loop” Attack Undermines AI Safety Dialogs — www.infosecurity-magazine.com — 17.12.2025 18:00