Millions of AI Agents Imperiled by Critical Vulnerability in Open Source Package
A critical vulnerability dubbed BadHost (CVE‑2026‑48710) was discovered in Starlette, the open‑source ASGI framework that powers FastAPI, vLLM, LiteLLM and other Python AI tooling. The flaw lets attackers inject a malicious Host header, bypassing path‑based authorization and potentially gaining access to credentials stored by MCP servers. Starlette sees roughly 325 million weekly downloads, meaning millions of AI agents and services are exposed. A patch (Starlette 1.0.1) was released, and security firms have launched scanners to identify vulnerable deployments.
In a First, a Ransomware Family Is Confirmed to Be Quantum-Safe
A new ransomware family called Kyber is the first confirmed malware to use post‑quantum cryptography, specifically the ML‑KEM1024 algorithm, to wrap an AES‑256 key. Security firms Rapid and Rapid7 reverse‑engineered the code and found the quantum‑safe key exchange, though a...
Sixteen Claude AI Agents Working Together Created a New C Compiler
Anthropic researcher Nicholas Carlini released a GitHub project where 16 instances of Claude Opus 4.6 worked together to write a Rust‑based C compiler from scratch. Over two weeks and roughly $20,000 in API costs, the agents produced a 100,000‑line compiler that...
ChatGPT Falls to New Data-Pilfering Attack as a Vicious Cycle in AI Continues
Researchers at Radware uncovered ZombieAgent, a refined prompt‑injection exploit that revives the earlier ShadowLeak vulnerability in ChatGPT. The attack exfiltrates user data one character at a time via pre‑crafted URLs and stores malicious logic in the model’s long‑term memory for...
Disney Invests $1 Billion in OpenAI, Licenses 200 Characters for AI Video App Sora
Disney announced a $1 billion investment in OpenAI and a three‑year licensing deal for the Sora AI video generator. The agreement lets Sora users create short clips featuring more than 200 Disney, Marvel, Pixar and Star Wars characters, while OpenAI’s ChatGPT will...
Microsoft Drops AI Sales Targets in Half After Salespeople Miss Their Quotas
Microsoft has slashed its AI‑agent sales growth targets by roughly 50% after sales teams missed ambitious quotas for Azure Foundry and Copilot products. The cut follows under‑performance in both U.S. Azure units, where less than 20% of reps met a...
Syntax Hacking: Researchers Discover Sentence Structure Can Bypass AI Safety Rules
Researchers from MIT, Northeastern and Meta showed that large language models often prioritize sentence structure over meaning, a phenomenon they call “syntax hacking.” By feeding syntactically correct but semantically nonsensical prompts, models like OLMo‑2‑13B‑Instruct still produced domain‑specific answers, revealing a...
Critics Scoff After Microsoft Warns AI Feature Can Infect Machines and Pilfer Data
Microsoft announced Copilot Actions, an experimental agentic feature for Windows that can automate tasks such as file organization, meeting scheduling, and email composition. The company warned that the feature is vulnerable to known large‑language‑model flaws, including hallucinations and prompt‑injection attacks...
Google’s Sundar Pichai Warns of “Irrationality” In Trillion-Dollar AI Investment Boom
Alphabet CEO Sundar Pichai warned that the AI investment frenzy, now worth over $1.4 trillion, shows signs of irrational exuberance reminiscent of the late‑1990s Internet bubble. While acknowledging that no company, including Google, is immune to a potential correction, he highlighted...