🛡 Vulnerabilities in Hermes Agent allow command confirmation bypass
Researcher NikosRig has identified ways to bypass approval requests in Hermes Agent (Nous Research). Discoveries included approval mode injections, arbitrary code execution via startup hooks, and filter bypasses due to shell command parsing errors.
🌍 There is an ongoing debate about whether human-in-the-loop serves as a full security barrier or merely a convenience. This affects whether such bugs will be recognized as critical vulnerabilities (CVEs).
👤 When using AI agents with terminal access, one cannot rely solely on confirmation windows. The use of sandboxing (containers or virtual machines) remains mandatory.
Source 1: https://gist.github.com/NikosRig/b4330ceb780fe22bf3c14f38d7d90795