CISA issues alert on Retell AI vulnerabilities enabling excessive agent permissions
Retell Artificial Intelligence (AI)'s Application Programming Interface (API) enables the creation of AI voice agents that possess broad permissions and capabilities due to inadequate restriction mechanisms, allowing potential exploitation for mass social engineering, phishing, and misinformation efforts.
The platform offers an API that generates human-like voice agents capable of executing business tasks, answering queries, and automating various voice-related functions, utilizing OpenAI's Generative Pre-trained Transformer (GPT) 4o and 5 models. These agents can be configured with minimal prompt input. However, insufficient guardrails within Retell AI allow its Large Language Model (LLM) to produce unintended and potentially harmful outputs. These guardrails typically serve as input and output filters to ensure ethical operation. The absence of such controls grants voice AI agents excessive autonomy, known as Excessive Agency, enabling attackers with limited resources and expertise to foster trust, retrieve data, and conduct extensive phishing campaigns using Retell AI’s services.
The vulnerability exploits Retell AI's customizable deployment to facilitate scalable phishing and social engineering attacks. Attackers may supply publicly accessible materials along with specific directives to the API, resulting in high-volume automated fraudulent calls. Such activity could lead to unauthorized actions, security breaches, data exposure, and other manipulative outcomes.
Retell AI has not issued an official response, despite attempts at coordinated disclosure. Users are advised to exercise caution when interacting with AI voice agents and to avoid sharing sensitive information. Developers are recommended to enforce limitations on functionality and permissions via adequate guardrails and to include manual approval processes for high-risk or large-scale operations.
The vulnerability report was submitted by Keegan Parr, with disclosure details available online. This summary was prepared by Ayushi Kriplani.