CISA alerts on Retell AI API vulnerability enabling excessive AI agent permissions
Retell Artificial Intelligence (AI)'s Application Programming Interface (API) for creating AI voice agents contains a vulnerability characterized by excessive permissions and capabilities due to inadequate guardrails, enabling potential exploitation through large-scale social engineering, phishing, and misinformation operations.
Retell AI utilizes OpenAI's Generative Pre-trained Transformer (GPT) 4o and 5 models to facilitate conversational AI voice agents, allowing users to configure these agents with limited prompt engineering. The vulnerability arises from insufficient guardrails—mechanisms designed to control inputs and outputs to ensure the Large Language Model (LLM) acts within intended ethical bounds. This deficiency permits AI voice agents to operate with over-permissive autonomy, a condition termed Excessive Agency. Attackers with minimal skills and resources can leverage this to gain trust, extract information, and automate high-volume phishing attacks via Retell AI's platform.
The vulnerability exploits the platform's easy deployment and agent customization to generate automated, large-scale fake calls using publicly sourced data and specific instructions submitted to the Retell AI API. Such fake calls have the potential to facilitate unauthorized activities, security breaches, data exposure, and various manipulations.
Retell AI has not provided a public statement regarding this issue despite efforts for coordinated vulnerability disclosure. Users are advised to exercise caution when interacting with AI voice agents, especially by refraining from sharing sensitive information. Developers are encouraged to implement stricter guardrails that limit agent functionality and permissions and to require human oversight for tasks categorized as high risk or involving substantial volume.
This advisory acknowledges the contribution of reporter Keegan Parr, with the disclosure documentation available via the provided source. The article was prepared by Ayushi Kriplani.