Web-enabled AI agents can compromise privileged local services through faulty local security boundaries (localhost-trust-boundary), enabling host-level RCE.