All news with #ai application security tag

🧩Trustpilot built a high-volume streaming pipeline using fine-tuned Gemma models to process millions of user reviews in near real-time under tight latency and cost constraints. The team replaced variable per-token pricing with fixed infrastructure costs, fine-tuned lightweight models for tasks like NER, sentiment, and topic classification, and separated classifier and LLM endpoints. Performance tuning, vLLM optimizations, and load testing enabled scalable inference despite challenges with private networking, deployment observability, and GPU availability.

🛡️ Obsidian Security disclosed a critical RCE in the open-source AI workflow platform Flowise (CVE-2026-40933), enabling server takeover when a logged-in user imports a malicious chatflow. Self-hosted deployments are vulnerable by default; Flowise Cloud is not affected. The flaw stems from the Custom MCP tool launching user-supplied commands via stdio without sandboxing, and Flowise's input-validation patch can be bypassed.

🔒 Researchers at Obsidian Security disclosed a near-max severity remote code execution flaw in self-hosted Flowise deployments tied to its Model Context Protocol (MCP) stdio server implementation. The issue stems from Flowise allowing attacker-controlled MCP stdio configurations that execute arbitrary OS commands, enabling one-click post-auth RCE via malicious chatflow imports. Flowise Cloud is unaffected, but self-hosted instances should review and potentially disable stdio MCP or apply strict mitigations.

🔎 Shadow AI now describes employees building full applications with AI and publishing them without IT or security involvement. Red Access' Shadow Builders report found over 380,000 public assets on vibe‑coding platforms, with more than 2,000 exposing sensitive corporate or personal data. Existing security controls miss these builds because the entire lifecycle — OAuth grants, data movement, and publishing — occurs inside web sessions that traditional tools only partially observe.

🧭 This collaboration between Google Public Sector and the University of Central Oklahoma (UCO) Forensic Science Institute uses Google’s NotebookLM to rapidly analyze complex criminal case documents and construct timelines. Originating from an AI hackathon co-led by UCO’s CIO Sonya Watkins, the project leverages Gemini to prioritize high-impact prototypes and has reduced multi-month analyses to days in early trials. UCO instructors ensure AI outputs are forensically sound and reliably cited.

🦷 Movix built a custom agentic AI platform to address a severe shortage of skilled dental technicians and reduce costly remakes in aligner and appliance manufacturing. Using Google Cloud infrastructure, including Gemini Enterprise Agent Platform, Cloud Run with L4 GPUs, and Compute Engine, Movix developed deep learning, computer vision, and 3D mesh models to automate quality control and data entry. The solution integrates with legacy lab systems, anonymizes PHI for compliance, and targets large-volume labs to improve accuracy, speed, and cost savings.

📱Glance built an automated pipeline to convert long-form landscape videos into short, vertical clips optimized for mobile lock screens. The system uses Google Cloud Speech-to-Text v2, Gemini, and the Vision API together with Samurai, OpenCV and MoviePy to identify key moments, detect active speakers, and reframe shots intelligently. It supports split-screen stacking, word-level “Karaoke-style” captions, automated branding overlays, and smoothing techniques to scale production from thousands to tens of thousands of daily clips.

🔍 Google Cloud presents a SIGMOD paper introducing proxy models—cost‑optimized, ultra‑lightweight models that replace most LLM calls in AI-powered SQL functions. They rely on precomputed embeddings (using Gemini) and simple classifiers (currently logistic regression) to deliver orders‑of‑magnitude reductions in latency and token costs. BigQuery and AlloyDB implement this optimization with online training in BigQuery and PREPARE-based offline training in AlloyDB. The technique performs well for many semantic filters but can fail on tasks requiring complex reasoning or extreme selectivity.

⚠️ Security researchers disclosed a critical out-of-bounds read in Ollama that can leak process memory and is tracked as CVE-2026-7482 (CVSS 9.1), dubbed "Bleeding Llama". The flaw arises in the GGUF model loader's WriteTo() flow due to use of the unsafe package, allowing a crafted model upload to read past heap bounds. Successful exploitation can reveal environment variables, API keys, prompts, and user conversation data and exfiltrate it via the /api/push endpoint. Users are urged to apply fixes, restrict network exposure, and place an authentication proxy before Ollama instances.

🔒 AI-assisted "vibe" coding makes building apps fast but frequently yields insecure or nonfunctional code that can expose sensitive data. Non-technical creators should treat AI output as a draft: verify and test code, protect secrets by using environment variables, prefer reputable libraries, and enforce secure defaults. Regular backups, sandbox testing, dependency updates, and secret scanning help reduce exposure.

🤖 In collaboration with Google DeepMind, the team built an AI pose-estimation pipeline that converts single 2D video into a 63-joint 3D biomechanical model for U.S. Olympians. The system uses learned temporal priors to infer occluded joints and delivers near-instant results by running models on statically provisioned TPU slices. Orchestration, scaling, and security are managed with Vertex AI and VPC private endpoints.

🛡️ Cyera researchers warn that insufficient input validation in AI orchestration tools can expose sensitive enterprise data. A newly disclosed path traversal flaw in LangChain (CVE-2026-34070) lets crafted input resolve paths outside intended directories and read arbitrary host files. Cyera analyzed that alongside an earlier unsafe deserialization issue (CVE-2025-68664) and a SQL injection affecting LangGraph checkpointing (CVE-2025-67644), showing how each flaw maps to distinct data exposures. Maintainers have released fixes; organizations should apply patches and adopt allowlists, sandboxing, safe deserialization practices, and parameterized queries immediately.

🚚 FM Logistic used AlphaEvolve on Google Cloud to tackle large-scale warehouse routing by applying evolutionary code generation powered by Gemini models. Starting from an existing stepwise routing baseline, the agent generated, scored, and iterated thousands of candidate algorithms against a representative dataset to minimize average travel distance per pick while avoiding operational failures. The adapted routing logic delivered a 10.4% efficiency improvement and reduced annual warehouse travel by more than 15,000 km.

⚠️ Proofpoint researchers disclosed CursorJack, a technique that abuses Cursor's Model Context Protocol (MCP) deeplinks to embed installation configurations that can lead to local code execution or the installation of remote malicious servers. Exploitation requires a user to click a crafted deeplink and approve an installation prompt; success depends on system configuration and user privileges, and no zero‑click vector was observed. Proofpoint published a proof‑of‑concept, notified Cursor, and recommends verifying MCP sources, tightening permission controls, and improving visibility into installation parameters to mitigate social‑engineering risks.

🔍 This post, the second in Microsoft's AI Application Security series, moves from planning to practical detection and response for prompt abuse. It describes common attack types — direct prompt override, extractive abuse targeting sensitive inputs, and indirect prompt injection via hidden instructions such as URL fragments — and why these are hard to spot without telemetry. The article provides a stepwise detection and incident response playbook and maps mitigations to Microsoft tools so teams can log interactions, sanitize inputs, and contain incidents.

🔐 Cloudflare One reframes enterprise security around protecting sensitive data across networks, endpoints, SaaS, and AI interfaces. The post introduces new controls — clipboard restrictions for browser-based RDP, operation-level mapping surfaced in logs, on-device Endpoint DLP in the Cloudflare One Client, and Microsoft 365 Copilot scanning via API CASB. Together these features aim to give consistent visibility and enforcement so policy follows data rather than product boundaries.

🐛 Socket researchers disclosed an active npm supply-chain campaign dubbed SANDWORM_MODE that leverages typosquatted packages to infiltrate developer machines, CI pipelines, and AI coding assistants. The malicious packages (at least 19 observed) harvest npm and GitHub tokens, environment secrets, and cloud keys, then use stolen credentials to modify repositories and amplify via weaponized GitHub Actions. The campaign also injects a malicious MCP server into AI tool configs to enable prompt-injection exfiltration, includes a dormant polymorphic engine, and implements a configurable 'dead switch' that can wipe home directories.

⚠️Microsoft says a bug in Microsoft 365 Copilot has been summarizing confidential emails since late January, bypassing organizations' configured data loss prevention (DLP) safeguards. The flaw affected the Copilot 'work tab' chat and improperly read messages stored in Sent Items and Drafts, including those with sensitivity labels intended to block automated processing. Microsoft attributes the behavior to a code error, began rolling out a fix in early February, and is monitoring deployment while contacting a subset of impacted users. The company has not yet disclosed the full scope or number of affected organizations and has flagged the incident as an advisory.

🔐 Security researchers have documented an infostealer attack that exposed sensitive files from local AI assistants, specifically OpenClaw. Hudson Rock reported the malware harvested configuration and key material—including openclaw.json, device.json, and agent memory files—allowing token theft, private key access, and capture of users' operational context. The incident underscores risks from plaintext secrets and permissive defaults in agentic tools.

⚠️ OpenClaw is an open‑source AI‑agent orchestration tool that runs locally, integrates with common chat apps and can use any LLM backend, driving rapid adoption. Researchers have found widespread exposed instances, critical authentication‑bypass flaws, plaintext credentials in the ClawHub marketplace and hundreds of malicious skills enabling credential theft and remote code execution. Experts urge enterprises to ban or tightly restrict use, enforce least privilege, MFA, endpoint segmentation and continuous telemetry if pilots are allowed.