< ciso
brief />
Tag Banner

All news with #ai application security tag

45 articles

Why AI Applications Fail to Reach Production

🧭 This article explores why most AI prototypes never reach production and how enterprise constraints create a huge validation bottleneck. It describes YouTube’s approach—using a decoupled prototyping stack and Google AI Studio templates—to enable rapid, safe experimentation with read-only access to live metadata and client-side wrappers for realistic validation. The result is faster, lower-risk product validation and a cultural shift toward disposable prototypes.
read more →

GhostApproval: AI coding assistants allow hidden writes

🔒 Wiz Research disclosed GhostApproval, a flaw in six AI coding assistants that allows symlink tricks to make approval prompts misrepresent targets. The vulnerability can let a repository write attacker-supplied keys or files to sensitive locations, potentially enabling passwordless remote access or remote code execution. Amazon, Google and Cursor have patched the issue; Augment and Windsurf have yet to fix it, while Anthropic disputes that its behavior is a vulnerability. Wiz recommends resolving symlinks before approval and flagging writes outside the project.
read more →

Critical Writer AI flaw let attackers hijack sessions

🔒 Cybersecurity researchers disclosed a critical session isolation vulnerability in Writer, an enterprise generative AI platform, that allowed cross-tenant account takeover via a one-click exploit named WriteOut. An attacker could create an agent, share its live preview link, and when a logged-in user opened the link their session cookie would be forwarded into the attacker’s sandbox and exfiltrated. Writer has patched the issue by isolating session cookies and preventing them from being forwarded into sandbox previews.
read more →

Cursor IDE sandbox bypasses enable RCE via prompt injection

🛡️ Researchers discovered two vulnerabilities in the Cursor AI-enabled IDE that enable prompt-injection-driven remote code execution by escaping the command execution sandbox. The flaws, CVE-2026-50548 and CVE-2026-50549, allow attackers to change the working directory and exploit symlink canonicalization fallbacks to write or overwrite files outside the project scope. Cursor patched the issues in version 3.0, and the findings underscore broader risks in agentic AI workflows and the difficulty of defending against prompt injection.
read more →

Scaling LLM inference with Managed Lustre offload

📘 Enterprise LLM deployments face KV cache growth that can exceed node RAM and local SSD capacity. Google Cloud demonstrates using Managed Lustre as a shared, high-performance external KV cache tier integrated with vLLM and the llm-d offloading stack to bypass host-level limits and simplify cross-node data management. Benchmarks with Llama-3.3-70B on a six-node A3 Mega cluster show over 50% TCO savings and nearly 60% reduction in GPU-hour usage by achieving a 95% cache hit rate. The guide includes architecture, deployment steps, PVC evictor behavior, and validated tracks for Qwen and Gemma models.
read more →

Siemens modernizes legacy code with agentic workflows

🛠️ Siemens and Google Cloud built Knowledge Fabric, an AI system using knowledge graphs on Spanner Graph, the Google Agent Development Kit, and LLM APIs to modernize large industrial codebases. The platform models code relationships with GQL, uses embeddings and ANN for semantic search, and combines full-text search to deliver precise impact analysis. By "slicing the elephant," agentic workflows break large refactors into smaller tasks with human oversight, reducing engineering effort and preserving system integrity.
read more →

Securing AI Agents as Enterprise Workforce

🛡️ An enterprise sales team built an AI agent to manage renewals; the agent reads emails, queries CRM data, drafts responses, and updates records. This workflow combines private data, untrusted input, and external communication, changing the security model. Traditional controls like IAM and DLP still matter but are insufficient alone. Runtime, context-aware controls that inspect prompts, outputs, and tool calls are required to prevent prompt injection, data exfiltration, and unsafe actions.
read more →

Autonomous AI Agents Vulnerable to Phishing Attacks

🔒 Varonis tested an OpenClaw-based AI agent named Pinchy with access to a controlled Google Workspace to see whether autonomous agents could be phished. The agent was given Gmail access plus mock AWS credentials, CRM exports, internal chats, and calendars, and it still leaked credentials and customer data in scenarios that mimicked routine colleague requests. A stricter safety profile improved performance, but the agent still failed when social trust cues were abused. Researchers say the problem stems from architecture and governance gaps, urging enforceable controls, identity segregation, and human review for sensitive requests.
read more →

SageMaker Data Agent adds business context integration

🧭 Amazon SageMaker Data Agent now integrates with SageMaker Catalog business context and metadata, letting data practitioners discover datasets and generate more accurate SQL and Python code using business terminology rather than cryptic table names. The agent leverages curated catalog content, including metadata synced from Collibra, Atlan, and Alation, to identify tables and columns, plan multi-step workflows, and respect governance by checking subscription status and providing access request links. This feature is available in SageMaker Unified Studio notebooks and the Query Editor in regions where Unified Studio is offered.
read more →

Trustpilot’s real-time data enrichment with Gemma

🧩Trustpilot built a high-volume streaming pipeline using fine-tuned Gemma models to process millions of user reviews in near real-time under tight latency and cost constraints. The team replaced variable per-token pricing with fixed infrastructure costs, fine-tuned lightweight models for tasks like NER, sentiment, and topic classification, and separated classifier and LLM endpoints. Performance tuning, vLLM optimizations, and load testing enabled scalable inference despite challenges with private networking, deployment observability, and GPU availability.
read more →

Critical RCE in Flowise's Custom MCP Tool Revealed

🛡️ Obsidian Security disclosed a critical RCE in the open-source AI workflow platform Flowise (CVE-2026-40933), enabling server takeover when a logged-in user imports a malicious chatflow. Self-hosted deployments are vulnerable by default; Flowise Cloud is not affected. The flaw stems from the Custom MCP tool launching user-supplied commands via stdio without sandboxing, and Flowise's input-validation patch can be bypassed.
read more →

Flowise MCP flaw enables single-click remote code execution

🔒 Researchers at Obsidian Security disclosed a near-max severity remote code execution flaw in self-hosted Flowise deployments tied to its Model Context Protocol (MCP) stdio server implementation. The issue stems from Flowise allowing attacker-controlled MCP stdio configurations that execute arbitrary OS commands, enabling one-click post-auth RCE via malicious chatflow imports. Flowise Cloud is unaffected, but self-hosted instances should review and potentially disable stdio MCP or apply strict mitigations.
read more →

Shadow AI and the Rise of Vibe‑Coded Application Risk

🔎 Shadow AI now describes employees building full applications with AI and publishing them without IT or security involvement. Red Access' Shadow Builders report found over 380,000 public assets on vibe‑coding platforms, with more than 2,000 exposing sensitive corporate or personal data. Existing security controls miss these builds because the entire lifecycle — OAuth grants, data movement, and publishing — occurs inside web sessions that traditional tools only partially observe.
read more →

UCO and Google accelerate forensic case analysis with AI

🧭 This collaboration between Google Public Sector and the University of Central Oklahoma (UCO) Forensic Science Institute uses Google’s NotebookLM to rapidly analyze complex criminal case documents and construct timelines. Originating from an AI hackathon co-led by UCO’s CIO Sonya Watkins, the project leverages Gemini to prioritize high-impact prototypes and has reduced multi-month analyses to days in early trials. UCO instructors ensure AI outputs are forensically sound and reliably cited.
read more →

Agentic AI Bridges Dental Manufacturing Gaps

🦷 Movix built a custom agentic AI platform to address a severe shortage of skilled dental technicians and reduce costly remakes in aligner and appliance manufacturing. Using Google Cloud infrastructure, including Gemini Enterprise Agent Platform, Cloud Run with L4 GPUs, and Compute Engine, Movix developed deep learning, computer vision, and 3D mesh models to automate quality control and data entry. The solution integrates with legacy lab systems, anonymizes PHI for compliance, and targets large-volume labs to improve accuracy, speed, and cost savings.
read more →

Glance converts long-form video into mobile-ready AI clips

📱Glance built an automated pipeline to convert long-form landscape videos into short, vertical clips optimized for mobile lock screens. The system uses Google Cloud Speech-to-Text v2, Gemini, and the Vision API together with Samurai, OpenCV and MoviePy to identify key moments, detect active speakers, and reframe shots intelligently. It supports split-screen stacking, word-level “Karaoke-style” captions, automated branding overlays, and smoothing techniques to scale production from thousands to tens of thousands of daily clips.
read more →

Proxy Models Cut LLM SQL Costs and Latency Dramatically

🔍 Google Cloud presents a SIGMOD paper introducing proxy models—cost‑optimized, ultra‑lightweight models that replace most LLM calls in AI-powered SQL functions. They rely on precomputed embeddings (using Gemini) and simple classifiers (currently logistic regression) to deliver orders‑of‑magnitude reductions in latency and token costs. BigQuery and AlloyDB implement this optimization with online training in BigQuery and PREPARE-based offline training in AlloyDB. The technique performs well for many semantic filters but can fail on tasks requiring complex reasoning or extreme selectivity.
read more →

Critical Ollama GGUF Vulnerability Exposes Heap Data

⚠️ Security researchers disclosed a critical out-of-bounds read in Ollama that can leak process memory and is tracked as CVE-2026-7482 (CVSS 9.1), dubbed "Bleeding Llama". The flaw arises in the GGUF model loader's WriteTo() flow due to use of the unsafe package, allowing a crafted model upload to read past heap bounds. Successful exploitation can reveal environment variables, API keys, prompts, and user conversation data and exfiltrate it via the /api/push endpoint. Users are urged to apply fixes, restrict network exposure, and place an authentication proxy before Ollama instances.
read more →

Safer Vibe Coding: Security Tips for Nontechnical Teams

🔒 AI-assisted "vibe" coding makes building apps fast but frequently yields insecure or nonfunctional code that can expose sensitive data. Non-technical creators should treat AI output as a draft: verify and test code, protect secrets by using environment variables, prefer reputable libraries, and enforce secure defaults. Regular backups, sandbox testing, dependency updates, and secret scanning help reduce exposure.
read more →

Architecting AI Infrastructure for U.S. Winter Olympians

🤖 In collaboration with Google DeepMind, the team built an AI pose-estimation pipeline that converts single 2D video into a 63-joint 3D biomechanical model for U.S. Olympians. The system uses learned temporal priors to infer occluded joints and delivers near-instant results by running models on statically provisioned TPU slices. Orchestration, scaling, and security are managed with Vertex AI and VPC private endpoints.
read more →