New Attack Vector Exploits AI Agent Routers to Steal Crypto

Researchers have identified a new class of attack targeting AI agents' infrastructure layer, which can intercept agent communications and inject malicious code into tool calls. The team tested 428 routers, finding that 9 were confirmed to be actively injecting malicious code into tool calls.

The attack vector involves exploiting the position of third-party API routers, which have full visibility over every prompt, tool call, and response that passes through them. This allows a malicious router to inspect, modify, or respond to tool crypto calls, enabling it to inject malicious code into an AI agent's execution pipeline.

The researchers also identified other attack types, including harvesting API credentials and private keys transmitted or referenced in agent sessions, and deploying adaptive evasion logic that delays malicious behavior. In addition, they found that a router can exploit 'YOLO mode,' the autonomous execution capability present in several major agent frameworks, where the agent acts on tool call responses without human confirmation.

The team's findings highlight the need for security standardization in the routing layer between AI agents and language models. As autonomous AI agents become increasingly integrated into crypto wallets, DeFi protocols, and automated trading workflows, this intermediary layer has become load-bearing infrastructure.