Millions of AI agents imperiled by critical vulnerability in open source package★ 78
Ars Technica AI19 days agoIncidentArs Technica reports that Starlette, a Python package with about 325 million weekly downloads, has a critical vulnerability called BadHost. The flaw can let crafted Host headers confuse request.url.path, potentially bypassing middleware-based path authorization. AI infrastructure using FastAPI or Starlette, including vLLM, LiteLLM, MCP servers, LLM proxies, and agent frameworks, should upgrade Starlette and audit custom middleware.
Everyone is navigating AI security in real time — even Google★ 70
TechCrunch AI20 days agoCommentaryAs AI adoption accelerates, organizations worldwide—including Google—are finding themselves in a transitional phase, forced to address AI security vulnerabilities in real time. Traditional cybersecurity frameworks are proving insufficient against novel threats like prompt injection and model poisoning. This shifting landscape requires continuous adaptation and a fundamental rethink of how AI systems are secured.
Gradio 5 安全性審查:打造更安全的 AI 應用部署環境★ 80
Hugging Face Blog612 days agoReleaseAs AI applications become increasingly widespread, Gradio has become one of the most popular tools for developers to showcase and deploy machine learning…
Replicate 揭露共享網路安全漏洞:已修復多租戶隔離缺陷,未發現用戶數據洩漏★ 75
Replicate Blog752 days agoIncidentAI model hosting platform Replicate published a security advisory on May 23, 2024, disclosing a "Shared Network Vulnerability" affecting its multi-tenant…
Hugging Face 與 Wiz Research 攜手合作,共同提升開源 AI 生態系安全★ 75
Hugging Face Blog801 days agoBusinessHugging Face, as the world's largest hosting platform for open-source AI models, datasets, and applications (Spaces), has become indispensable infrastructure…