Researchers identified a critical gap in AI chatbot security where assistants leak operational context, such as tool access and boundaries, through benign reconnaissance queries. This leaked information allows attackers to bypass static model guardrails and craft highly targeted prompt injections, highlighting the need for dynamic runtime protection.