All topics

security

42 pieces of writing

security10 min read

LangFlow, n8n and the pattern where AI configuration becomes code execution

AI orchestration platforms like LangFlow and n8n are accumulating critical RCE vulnerabilities because their architectures treat user-supplied configuration as trusted code.

Anthropic shipped its entire source code to npm and the internet kept it forever
security10 min read

Anthropic shipped its entire source code to npm and the internet kept it forever

Every MCPHub instance started with the same admin password. I changed that.
vulnerability7 min read

Every MCPHub instance started with the same admin password. I changed that.

LightRAG's Memgraph backend had a Cypher injection vulnerability hiding in plain sight
vulnerability7 min read

LightRAG's Memgraph backend had a Cypher injection vulnerability hiding in plain sight

LightRAG's Memgraph storage backend interpolated unsanitised entity types directly into Cypher queries, enabling injection via the API. The Neo4j backend was already fixed.

security12 min read

Environment variables are the new command line: how AI agents keep leaking secrets through configuration files

A single index change bypassed daily_stock_analysis's entire rate limiter
vulnerability7 min read

A single index change bypassed daily_stock_analysis's entire rate limiter

TeamPCP compromised the AI proxy that holds everyone's API keys
security9 min read

TeamPCP compromised the AI proxy that holds everyone's API keys

LiteLLM, the universal LLM proxy with 95 million monthly downloads, was backdoored on PyPI for 46 minutes. It was enough.

vulnerability7 min read

PraisonAI let YAML config files set LD_PRELOAD and nobody checked

security12 min read

Git tags, package registries and extension marketplaces share the same broken authentication model

vulnerability8 min read

gptme was passing API keys on the command line where any user could read them

gptme's evaluation runner passed API keys as Docker CLI arguments, exposing them to every user on the system via ps or /proc. The fix took one file and five tests.

Hermes Agent's worktree feature copied arbitrary files from your filesystem
security7 min read

Hermes Agent's worktree feature copied arbitrary files from your filesystem

security7 min read

Summarize's localhost daemon accepted requests from any website

security11 min read

Prompt injection turned MCP-connected code assistants into attack proxies

Indirect prompt injection in AI coding assistants has turned every file, dependency and skill into a potential attack vector - and the CVEs are piling up.

I found SQL injection in Hugging Face's AI skills framework and got it fixed in nine days
vulnerability7 min read

I found SQL injection in Hugging Face's AI skills framework and got it fixed in nine days

Anthropic's Claude Code Security found 500 zero-days. The methodology was the problem.
security8 min read

Anthropic's Claude Code Security found 500 zero-days. The methodology was the problem.