Your AI agent did exactly what it was designed to do. The framework underneath it just handed an attacker a shell on the box that holds your OpenAI key, your database credentials, and your CRM tokens.
Results that may be inaccessible to you are currently showing.
Hide inaccessible results