All news with #ai application security tag

🔐 Amazon Bedrock AgentCore Browser now supports browser profiles that persist authentication state across sessions. You can authenticate once, save cookies and local storage to a profile, and reuse it to keep agents logged in without repeated manual logins. Profiles offer flexible read-only and persistent modes and enable parallel sessions to share authentication, cutting session setup from minutes to tens of seconds for high-volume automated workflows.

🚀 Google Cloud is launching a two-day roadshow across North America focused on building production-grade and multimodal AI systems. Day 1, the Production-Ready AI Intensive, covers stability, security, and scalable architecture including multi-agent orchestration with the Agent Development Kit (ADK), A2A protocols on Cloud Run, automated evaluation via the Vertex AI Gen AI Evaluation SDK, and defenses like Model Armor and Sensitive Data Protection. Day 2, the Multimodal Frontier, is a hands-on, code-first workshop on real-time perception and interaction: simultaneous audio/video processing, Graph RAG with Spanner Graph, Persistent Memory Banks, and the Gemini Live API for zero-latency, interruptible agents. Sessions include labs, credits, and networking; seats are limited.

⚠️ Chainlit, a widely used open-source framework for building conversational AI chatbots, contained high-severity vulnerabilities that can expose arbitrary files and permit server-side request forgery, enabling data theft and lateral movement within compromised environments. Zafran Security identified two primary issues: CVE-2026-22218 (arbitrary file read, CVSS 7.1) and CVE-2026-22219 (SSRF with SQLAlchemy, CVSS 8.3). Both were responsibly disclosed on November 23, 2025 and patched in Chainlit 2.9.4 on December 24, 2025. Administrators should upgrade, audit deployments for misuse, and rotate any potentially exposed credentials.

⚠️ Security researchers disclosed two critical vulnerabilities in the Python-based AI app framework Chainlit that allow unauthenticated attackers to read arbitrary server files and trigger SSRF requests. The flaws (CVE-2026-22218 and CVE-2026-22219), fixed in Chainlit 2.9.4, stem from an unvalidated custom Element type exposing path and URL properties. Exploits can leak environment variables, API keys, LLM prompts, and cloud credentials, enabling lateral movement and broader compromise.

🔒 This webinar explains why MCPs — the control plane that governs what agentic AI can execute — are a critical but often overlooked security boundary. Drawing on recent incidents such as CVE-2025-6514, the session shows how trusted proxies and misconfigurations can convert automation into a remote code execution vector at scale. Participants will learn to detect shadow API keys, audit agent actions, and apply practical controls to secure agentic AI without slowing development.

🔍 Google Cloud describes how the AlloyDB AI natural language API translates user questions into SQL and how to tune it for near‑perfect accuracy in enterprise applications. The post outlines a hill‑climbing workflow that improves results by adding descriptive (table and column) and prescriptive (templates, facets) context, plus an automated value index for private terms. It highlights capabilities for business relevance, explainability, and verified results, and explains agent integration options such as the MCP Toolbox and Gemini Enterprise.

🔬 AlphaEvolve is a Gemini-powered coding agent on Google Cloud that automates evolutionary optimization of algorithms for complex, code-defined problems. It takes a problem specification, evaluation logic, and a compile-ready seed program, then uses Gemini models to propose mutated code variants and an evolutionary framework to select and refine the best candidates. Early internal results at Google demonstrate measurable efficiency improvements, and the AlphaEvolve Service API is available through a private Early Access Program for interested organizations.

🔔 Amazon EKS and ECS now offer fully managed MCP servers in preview, providing a cloud-hosted Model Context Protocol endpoint to enrich AI-powered development and operations. These servers remove local installation and maintenance, and deliver enterprise features such as automatic updates and patching, centralized security via AWS IAM, and audit logging through AWS CloudTrail. Developers can connect AI coding assistants like Kiro CLI, Cursor, or Cline for context-aware code generation and debugging, while operators gain access to a knowledge base of best practices and troubleshooting guidance.

⚠️ Security researchers demonstrated that a rogue Model Context Protocol (MCP) server can inject JavaScript into the built-in browser of Cursor, an AI-powered code editor, replacing pages with attacker-controlled content to harvest credentials. The injected code can run without URL changes and may access session cookies. Because Cursor is a Visual Studio Code fork without the same integrity checks, MCP servers inherit IDE privileges, enabling broader workstation compromise.

🔧 Microsoft outlined a set of agentic AI tools to speed migration and modernization across applications and data. GitHub Copilot now automates Java and .NET upgrades and end-to-end app modernization flows, while Azure Migrate adds AI-driven guidance, connected Copilot workflows, and broader application-awareness. The Azure Accelerate program pairs expert deployment support and funding to reduce friction and help teams move projects faster.

🤖 Amazon Lex now supports built-in confirmation and currency slot types in 10 additional languages: Portuguese, Catalan, French, Italian, German, Spanish, Mandarin, Cantonese, Japanese, and Korean. These built-in slots normalize varied user phrasing—mapping acknowledgements to 'Yes', 'No', 'Don't know', or 'Maybe' and converting currency expressions into structured formats such as 'USD 1.00'—to simplify multi-lingual conversational flows. The feature is available in all commercial AWS Regions where Amazon Lex operates and can improve chatbots and contact-center interactions.

📝 Microsoft is adding free AI-powered text features to Notepad on Copilot+ PCs running Windows 11, rolling out now to Windows Insiders in the Canary and Dev channels on Notepad version 11.2508.28.0. The new Summarize, Write, and Rewrite tools were previously part of Microsoft 365 subscriptions but are available without an extra subscription on Copilot+ devices. Features support English only; subscribers can switch between local and cloud models while unsigned users use the local model. Users may disable the AI options in settings or uninstall the updated Notepad to use classic notepad.exe. Paint and Snipping Tool also received recent updates.

🔍 Amazon has added disk-optimized vector storage to OpenSearch Serverless, offering a lower-cost alternative to memory-optimized vectors while maintaining equivalent accuracy and recall. The disk-optimized option may introduce slightly higher latency, so it is best suited for semantic search, recommendation systems, and other AI search scenarios that do not require sub-millisecond responses. As a fully managed service, OpenSearch Serverless continues to automatically scale compute capacity (measured in OCUs) to match workload demands.

⚠️ One July morning a startup founder watched a production database vanish after a Replit AI assistant suggested—and a developer executed—a destructive command, underscoring dangers of "vibe coding," where plain-English prompts become runnable code. Experts say this shortcut accelerates prototyping but routinely introduces hardcoded secrets, missing access controls, unsanitized input, and hallucinated dependencies. Organizations should treat AI-generated code like junior developer output, enforce CI/CD guardrails, and require thorough security review before deployment.

🔓 UpGuard secured a misconfigured Langflow instance that exposed data for roughly 97,000 insurance customers in Pakistan, including 945 individuals marked as politically exposed persons. The instance was used by Pakistan-based Workcycle Technologies to build AI chatbots for clients such as TPL Insurance and the Federal Board of Revenue. Exposed materials included PII, confidential business documents and credentials; access was removed after notification and UpGuard found no evidence of exploitation.

🛠️ Martin Lee recounts a weekend experiment using an AI agent to assist with a personal software project. The model provided valuable architectural guidance, flawless boilerplate, and resolved a tricky threading issue, delivering a clear productivity lift. However, generated code failed to match real library APIs, used incorrect parameters and fictional functions, and lacked sufficient input validation. After manual debugging Lee produced a working but not security-hardened prototype, highlighting remaining risks.