All news

AI security

(30 articles)

May 29, 2026

ChatGPhish: ChatGPT Web Summaries Enable Phishing

ChatGPhish turns ChatGPT's web summary feature into a live phishing surface. Here's how the attack works and what developers need to do now.

May 29, 2026

2,000 Vibe-Coded Apps Expose Security Stack Failures

An analysis of 2,000 exposed vibe-coded apps reveals critical security stack blind spots. See what's failing and how to fix it before attackers do.

May 29, 2026

Claude Mythos-Class Models: Public Rollout Confirmed

Anthropic confirms Claude Mythos-class models are coming to the public in weeks. Here's what developers need to know about the security risks and safeguards.

May 27, 2026

Shadow AI Tools: 5 Steps to Manage Them Safely

Shadow AI tools are spreading across your org unchecked. Here are 5 steps to manage the risk without killing developer productivity or velocity.

May 25, 2026

Claude Mythos Model: AI Cyberattack Risks Explained

Anthropic's Claude Mythos model may soon hit Claude Code. It can auto-generate professional cyberattacks. Here's what developers need to know now.

May 23, 2026

AI Finds 10,000 High-Severity Flaws in Software

Claude Mythos AI discovered 10,000 high-severity vulnerabilities in widely used software. Here's what developers need to know about AI-driven flaw detection.

May 22, 2026

CISA KEV: Langflow & Trend Micro Apex One Flaws

CISA added actively exploited Langflow and Trend Micro Apex One vulnerabilities to its KEV catalog. Here's what developers need to patch now.

May 20, 2026

Microsoft Open-Sources RAMPART and Clarity for AI Security

Microsoft releases RAMPART and Clarity as open-source tools to help developers secure AI agents during development. Here's what they do and why it matters.

May 14, 2026

PraisonAI CVE-2026-44338 Auth Bypass Exploited Fast

CVE-2026-44338 in PraisonAI allows authentication bypass and was actively targeted within hours of public disclosure. Here's what you need to know.

May 14, 2026

AI Hallucinations Are Creating Real Security Risks

AI hallucinations aren't just wrong answers. They're generating fake packages, bogus APIs, and vulnerable code that ships to production. Here's what developers need to know.

May 12, 2026

Agentic AI: Security's Next Major Blind Spot

Agentic AI systems are outpacing security teams. Learn why autonomous AI agents create new attack surfaces and what developers must do to stay ahead.

May 12, 2026

OpenAI Daybreak: AI Vulnerability Detection Tool

OpenAI's Daybreak uses AI-powered vulnerability detection and patch validation to find security flaws faster. Here's what developers need to know.

AI Agents Inside Your Perimeter: What Are They Doing?

May 6, 2026

AI Agents Inside Your Perimeter: What Are They Doing?

AI agents are operating inside your network perimeter right now. Do you know what access they have? Learn what risks they introduce and how to audit them.

AI Service Security: 1 Million Exposed APIs Scanned

May 5, 2026

AI Service Security: 1 Million Exposed APIs Scanned

We scanned 1 million exposed AI services and the results are alarming. See the real security gaps developers are missing in production AI deployments.

LiteLLM CVE-2026-42208 SQL Injection Exploited Fast

April 29, 2026

LiteLLM CVE-2026-42208 SQL Injection Exploited Fast

LiteLLM CVE-2026-42208 SQL injection was actively exploited within 36 hours of disclosure. Learn how it works and how to protect your AI infrastructure.

LiteLLM Pre-Auth SQLi CVE-2026-42208 Exploited

April 28, 2026

LiteLLM Pre-Auth SQLi CVE-2026-42208 Exploited

Hackers are actively exploiting a critical LiteLLM pre-auth SQL injection flaw. Learn how CVE-2026-42208 works and how to protect your AI gateway now.

Vulnerability Discovery Is Faster. Remediation Isn't

April 27, 2026

Vulnerability Discovery Is Faster. Remediation Isn't

AI has collapsed the window between vulnerability discovery and exploitation. Most teams can patch faster but can't keep up. Here's what the data shows.

AI Finds Bugs Fast: Project Glasswing's Fix Gap

April 23, 2026

AI Finds Bugs Fast: Project Glasswing's Fix Gap

Project Glasswing proved AI can detect vulnerabilities at scale. But who actually fixes them? Here's what developers need to know about the growing remediation gap.

Cohere AI Terrarium Sandbox RCE and Container Escape

April 22, 2026

Cohere AI Terrarium Sandbox RCE and Container Escape

A critical flaw in Cohere's AI Terrarium sandbox allows root code execution and full container escape. Here's what developers need to know now.

Anthropic MCP Flaw Enables RCE and AI Supply Chain Risk

April 20, 2026

Anthropic MCP Flaw Enables RCE and AI Supply Chain Risk

A design vulnerability in Anthropic's MCP protocol enables remote code execution, putting AI supply chains at serious risk. Here's what developers need to know.

Vercel Breach: Context AI Hack Exposes Credentials

April 20, 2026

Vercel Breach: Context AI Hack Exposes Credentials

A Vercel breach tied to the Context AI hack exposed limited customer credentials. Here's what developers need to know and how to protect their accounts now.

Browser Extensions: The Hidden AI Attack Surface

April 10, 2026

Browser Extensions: The Hidden AI Attack Surface

Browser extensions are quietly becoming a top AI data consumption channel. Here's what developers need to know about the security risks they introduce.

Claude AI Finds Thousands of Zero-Day Flaws

April 8, 2026

Claude AI Finds Thousands of Zero-Day Flaws

Anthropic's Claude AI model has uncovered thousands of zero-day vulnerabilities across major systems, shrinking the window humans have to respond to threats.

Flowise RCE CVE: 12,000+ Instances Under Attack

April 7, 2026

Flowise RCE CVE: 12,000+ Instances Under Attack

A CVSS 10.0 RCE flaw in Flowise AI Agent Builder is being actively exploited. Over 12,000 exposed instances face full remote takeover. Here's what you need to know.

LiteLLM Flaw Turns Dev Machines Into Credential Vaults

April 6, 2026

LiteLLM Flaw Turns Dev Machines Into Credential Vaults

A critical LiteLLM vulnerability exposed developer machines as credential vaults for attackers. Learn how it works and how to protect your AI toolchain now.

LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks

March 27, 2026

LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks

Critical vulnerabilities in LangChain and LangGraph expose sensitive files, secrets, and databases - here's what AI developers need to know and fix now.

CISA: New Langflow Flaw Actively Exploited to Hijack AI Workflows

March 26, 2026

CISA: New Langflow Flaw Actively Exploited to Hijack AI Workflows

CVE-2026-33017 in Langflow is being actively exploited for RCE - attackers went from advisory to full exploitation in under 24 hours. Here's what you need to know.

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

March 26, 2026

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

A flaw in the Claude browser extension allowed zero-click XSS prompt injection from any website, putting AI-assisted sessions at serious risk.

Eight Attack Vectors Found Inside AWS Bedrock - What Attackers Can Do

March 23, 2026

Eight Attack Vectors Found Inside AWS Bedrock - What Attackers Can Do

Researchers uncovered eight attack vectors inside AWS Bedrock. Here's what attackers can exploit and how developers can lock down their AI infrastructure.

How Ceros Gives Security Teams Visibility and Control in Claude Code

March 19, 2026

How Ceros Gives Security Teams Visibility and Control in Claude Code

Ceros integrates with Claude Code to give security teams real-time visibility and control over AI-assisted development workflows. Here's what you need to know.