The Oasis researchers document a vulnerability chain that can be initiated from any website the AI agent (or its user) visits, without users needing to interact in any way or being at all aware that ...