All news

AI security

(9 articles)
Browser Extensions: The Hidden AI Attack Surface

April 10, 2026

Browser Extensions: The Hidden AI Attack Surface

Browser extensions are quietly becoming a top AI data consumption channel. Here's what developers need to know about the security risks they introduce.

Claude AI Finds Thousands of Zero-Day Flaws

April 8, 2026

Claude AI Finds Thousands of Zero-Day Flaws

Anthropic's Claude AI model has uncovered thousands of zero-day vulnerabilities across major systems, shrinking the window humans have to respond to threats.

Flowise RCE CVE: 12,000+ Instances Under Attack

April 7, 2026

Flowise RCE CVE: 12,000+ Instances Under Attack

A CVSS 10.0 RCE flaw in Flowise AI Agent Builder is being actively exploited. Over 12,000 exposed instances face full remote takeover. Here's what you need to know.

LiteLLM Flaw Turns Dev Machines Into Credential Vaults

April 6, 2026

LiteLLM Flaw Turns Dev Machines Into Credential Vaults

A critical LiteLLM vulnerability exposed developer machines as credential vaults for attackers. Learn how it works and how to protect your AI toolchain now.

LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks

March 27, 2026

LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks

Critical vulnerabilities in LangChain and LangGraph expose sensitive files, secrets, and databases - here's what AI developers need to know and fix now.

CISA: New Langflow Flaw Actively Exploited to Hijack AI Workflows

March 26, 2026

CISA: New Langflow Flaw Actively Exploited to Hijack AI Workflows

CVE-2026-33017 in Langflow is being actively exploited for RCE - attackers went from advisory to full exploitation in under 24 hours. Here's what you need to know.

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

March 26, 2026

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

A flaw in the Claude browser extension allowed zero-click XSS prompt injection from any website, putting AI-assisted sessions at serious risk.

Eight Attack Vectors Found Inside AWS Bedrock - What Attackers Can Do

March 23, 2026

Eight Attack Vectors Found Inside AWS Bedrock - What Attackers Can Do

Researchers uncovered eight attack vectors inside AWS Bedrock. Here's what attackers can exploit and how developers can lock down their AI infrastructure.

How Ceros Gives Security Teams Visibility and Control in Claude Code

March 19, 2026

How Ceros Gives Security Teams Visibility and Control in Claude Code

Ceros integrates with Claude Code to give security teams real-time visibility and control over AI-assisted development workflows. Here's what you need to know.