TECH NEWS

AI agent framework flaws hit 7,000 servers | VentureBeat

https://images.ctfassets.net/jdtwqhzvc2n1/5CFo8mBoW1WjItcZvYyHpg/3172659c88b4856fe7137de54672ab16/hero.png?w=800&q=75

Your AI agent did exactly what it was designed to do. The framework underneath it just handed an attacker a shell on the box that holds your OpenAI key, your database credentials, and your CRM tokens.

That is not a hypothetical. In a few months, three of the most widely deployed AI agent frameworks each turned a known, ordinary bug class into a way through. Check Point Research chained a SQL injection in LangGraph’s SQLite checkpointer to full remote code execution. Tenable and VulnCheck tracked a path traversal in Langflow’s file upload endpoint to active, in-the-wild RCE. Cyera documented a path traversal in LangChain-core’s prompt loader that reads your secrets off disk. Two paths to a shell, one to your keys. They are the same bug, wearing three frameworks.

These frameworks became production infrastructure faster than anyone secured them. They store agent state, take file uploads, load prompt configs, and...

Copyright of this story solely belongs to venturebeat.com. To see the full text click HERE

Read more

https://cdn.mos.cms.futurecdn.net/2bTigeMQPqjRqeydLcD7am-1920-80.jpg

Quote of the day by Microsoft co-founder and ex-CEO Bill Gates: 'We always overestimate the change that will occur in the next two years and underestimate the change that will occur in the ten' — insights on the nature of progress

Bill Gates is a one of the stand-out technology pioneers, and has experienced his fair share of hype cycles, having led Microsoft for so many years. When new technologies emerge, it's normal to get excited – but sometimes the rate of progress and the expectations of not just consumers