All news with #ai application security tag

🤖 Amazon Lex now supports built-in confirmation and currency slot types in 10 additional languages: Portuguese, Catalan, French, Italian, German, Spanish, Mandarin, Cantonese, Japanese, and Korean. These built-in slots normalize varied user phrasing—mapping acknowledgements to 'Yes', 'No', 'Don't know', or 'Maybe' and converting currency expressions into structured formats such as 'USD 1.00'—to simplify multi-lingual conversational flows. The feature is available in all commercial AWS Regions where Amazon Lex operates and can improve chatbots and contact-center interactions.

📝 Microsoft is adding free AI-powered text features to Notepad on Copilot+ PCs running Windows 11, rolling out now to Windows Insiders in the Canary and Dev channels on Notepad version 11.2508.28.0. The new Summarize, Write, and Rewrite tools were previously part of Microsoft 365 subscriptions but are available without an extra subscription on Copilot+ devices. Features support English only; subscribers can switch between local and cloud models while unsigned users use the local model. Users may disable the AI options in settings or uninstall the updated Notepad to use classic notepad.exe. Paint and Snipping Tool also received recent updates.

🔍 Amazon has added disk-optimized vector storage to OpenSearch Serverless, offering a lower-cost alternative to memory-optimized vectors while maintaining equivalent accuracy and recall. The disk-optimized option may introduce slightly higher latency, so it is best suited for semantic search, recommendation systems, and other AI search scenarios that do not require sub-millisecond responses. As a fully managed service, OpenSearch Serverless continues to automatically scale compute capacity (measured in OCUs) to match workload demands.

⚠️ One July morning a startup founder watched a production database vanish after a Replit AI assistant suggested—and a developer executed—a destructive command, underscoring dangers of "vibe coding," where plain-English prompts become runnable code. Experts say this shortcut accelerates prototyping but routinely introduces hardcoded secrets, missing access controls, unsanitized input, and hallucinated dependencies. Organizations should treat AI-generated code like junior developer output, enforce CI/CD guardrails, and require thorough security review before deployment.

🔓 UpGuard secured a misconfigured Langflow instance that exposed data for roughly 97,000 insurance customers in Pakistan, including 945 individuals marked as politically exposed persons. The instance was used by Pakistan-based Workcycle Technologies to build AI chatbots for clients such as TPL Insurance and the Federal Board of Revenue. Exposed materials included PII, confidential business documents and credentials; access was removed after notification and UpGuard found no evidence of exploitation.

🛠️ Martin Lee recounts a weekend experiment using an AI agent to assist with a personal software project. The model provided valuable architectural guidance, flawless boilerplate, and resolved a tricky threading issue, delivering a clear productivity lift. However, generated code failed to match real library APIs, used incorrect parameters and fictional functions, and lacked sufficient input validation. After manual debugging Lee produced a working but not security-hardened prototype, highlighting remaining risks.