Here I collect notes from ongoing security work: application security assessments, vulnerability research pipelines, code auditing techniques, threat hunting procedures, detection engineering experiments, and IT security hardening practices. The goal is to translate real incidents and assessments into reusable playbooks for fellow defenders.
Hijacking OpenAI’s Browsing Agent via the Chrome URL Bar
In late 2025, not long after its release, I found a gap in OpenAI’s Browsing agent that turns a routine checkout flow into a foothold on the agent container. The weak link is the Take it from here feature. When the model hits a task it is not allowed to complete (for example “buy this iPhone on eBay” or “enter my credit card details”), ChatGPT pauses the automation and shows a button that lets the human finish the job. Clicking that button hands you the live Chrome session the agent was using, complete with the same filesystem permissions it relied on during the automated steps. ...