A security flaw in the NLWeb protocol was discovered shortly after its announcement, allowing remote users to read sensitive configuration files and API keys. This classic path traversal vulnerability is easily exploitable through malformed URLs. Microsoft quickly patched the issue, but has not issued a CVE for it, generating concern among security researchers. They emphasize the need for vigilance regarding classic vulnerabilities in AI-powered systems, which could have severe implications.
"This case study serves as a critical reminder that as we build new AI-powered systems, we must re-evaluate the impact of classic vulnerabilities, which now have the potential to compromise not just servers, but the 'brains' of AI agents themselves."
"This issue was responsibly reported and we have updated the open-source repository," says Microsoft spokesperson Ben Hope, in a statement to The Verge.
Collection
[
|
...
]