Microsoft's AutoJack shows how a single malicious web page can hijack an AI agent and run code on your machine. Here's how AI agent attacks, prompt injection, and the lethal trifecta really work in 2026 - and how to defend.