Archive
73 pieces of security research, engineering and field notes.
PraisonAI's schedule config YAML could set LD_PRELOAD, PATH and 26 other dangerous environment variables with no validation. The fix adds a blocklist and fail-closed validation.
Git tags, package registries and AI extension marketplaces all share the same authentication failure - and attackers have noticed the pattern before defenders did.
gptme's evaluation runner passed API keys as Docker CLI arguments, exposing them to every user on the system via ps or /proc. The fix took one file and five tests.
Hermes Agent's worktree feature would copy arbitrary files from your filesystem if you cloned a repository with a crafted .worktreeinclude. A two-line path traversal that took four months to land in the codebase.
A popular summarisation tool trusted every browser origin that asked. Fixing it meant thinking about who should be allowed to talk to your localhost.
Indirect prompt injection in AI coding assistants has turned every file, dependency and skill into a potential attack vector - and the CVEs are piling up.
An audit of Hugging Face's skills repository found five SQL injection vectors in a single file. The fix was merged in nine days.
Anthropic's Claude Code Security found 500 zero-days in open-source code. The industry's reaction revealed more about the state of software security than the tool itself.
MCP promised to be the USB-C port for AI. Researchers found it was more like an unlocked door with a welcome mat for attackers.
OpenClaw gathered 150,000 GitHub stars and 1.5 million leaked API keys. A look at what happens when agentic AI skips the hard questions.
Kazu used valid credentials to steal 400,000 medical documents from ManageMyHealth, New Zealand's largest patient portal, exposing sensitive records for about 120,000 patients.
Sandworm deployed DynoWiper against about thirty Polish energy sites on the coldest night of the year, damaging equipment and proving distributed energy is now a target.
