home.social

#airisk — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #airisk, aggregated by home.social.

  1. "In a recent essay, Derek Thompson engages with AI as Normal Technology (AINT). He agrees with our thesis about AI’s slow labor market impacts, relying on the fact that GDP growth has so far been average, unemployment is below five percent, and even jobs that seemed vulnerable to automation show rising employment and wages. He concludes that so far, the macroeconomic picture is consistent with what we would expect from a “normal” general-purpose technology.

    But when it comes to AI risks, he is far more bearish. He points to examples of cyber- and bio-risks and expresses pessimism about AI quickly becoming dangerous across many new domains. (...) Thompson writes: "I can understand a plan to treat AI as a ‘normal’ technology and let Nvidia export powerful chips to China. And I can understand a plan to treat AI as an ‘abnormal’ technology that compels the government to create extraordinary regulations that prevent private companies from selling their products and services on the grounds that they’re too dangerous" [emphasis ours]. He goes on to conclude that AI is, in fact, abnormal, implying support for extraordinary government intervention. Our essay is a response to that conclusion.

    In this essay, we lay out the downsides of extraordinary government intervention in response to new technology. We discuss proposals for improving resilience that do not require such intervention. We also discuss why governments have so far been reluctant to invest in resilience. In short, resilience requires us to get better at the *normal* process of policymaking. But sclerosis in the federal government and the ease of justifying interventions on AI companies rather than society at large make extraordinary intervention seem appealing, despite its limitations."

    knightcolumbia.org/blog/do-ai-

    #AI #AISafety #AINT #NormalTechnology #AIRisk #AIRegulation

  2. "In a recent essay, Derek Thompson engages with AI as Normal Technology (AINT). He agrees with our thesis about AI’s slow labor market impacts, relying on the fact that GDP growth has so far been average, unemployment is below five percent, and even jobs that seemed vulnerable to automation show rising employment and wages. He concludes that so far, the macroeconomic picture is consistent with what we would expect from a “normal” general-purpose technology.

    But when it comes to AI risks, he is far more bearish. He points to examples of cyber- and bio-risks and expresses pessimism about AI quickly becoming dangerous across many new domains. (...) Thompson writes: "I can understand a plan to treat AI as a ‘normal’ technology and let Nvidia export powerful chips to China. And I can understand a plan to treat AI as an ‘abnormal’ technology that compels the government to create extraordinary regulations that prevent private companies from selling their products and services on the grounds that they’re too dangerous" [emphasis ours]. He goes on to conclude that AI is, in fact, abnormal, implying support for extraordinary government intervention. Our essay is a response to that conclusion.

    In this essay, we lay out the downsides of extraordinary government intervention in response to new technology. We discuss proposals for improving resilience that do not require such intervention. We also discuss why governments have so far been reluctant to invest in resilience. In short, resilience requires us to get better at the *normal* process of policymaking. But sclerosis in the federal government and the ease of justifying interventions on AI companies rather than society at large make extraordinary intervention seem appealing, despite its limitations."

    knightcolumbia.org/blog/do-ai-

    #AI #AISafety #AINT #NormalTechnology #AIRisk #AIRegulation

  3. "In a recent essay, Derek Thompson engages with AI as Normal Technology (AINT). He agrees with our thesis about AI’s slow labor market impacts, relying on the fact that GDP growth has so far been average, unemployment is below five percent, and even jobs that seemed vulnerable to automation show rising employment and wages. He concludes that so far, the macroeconomic picture is consistent with what we would expect from a “normal” general-purpose technology.

    But when it comes to AI risks, he is far more bearish. He points to examples of cyber- and bio-risks and expresses pessimism about AI quickly becoming dangerous across many new domains. (...) Thompson writes: "I can understand a plan to treat AI as a ‘normal’ technology and let Nvidia export powerful chips to China. And I can understand a plan to treat AI as an ‘abnormal’ technology that compels the government to create extraordinary regulations that prevent private companies from selling their products and services on the grounds that they’re too dangerous" [emphasis ours]. He goes on to conclude that AI is, in fact, abnormal, implying support for extraordinary government intervention. Our essay is a response to that conclusion.

    In this essay, we lay out the downsides of extraordinary government intervention in response to new technology. We discuss proposals for improving resilience that do not require such intervention. We also discuss why governments have so far been reluctant to invest in resilience. In short, resilience requires us to get better at the *normal* process of policymaking. But sclerosis in the federal government and the ease of justifying interventions on AI companies rather than society at large make extraordinary intervention seem appealing, despite its limitations."

    knightcolumbia.org/blog/do-ai-

    #AI #AISafety #AINT #NormalTechnology #AIRisk #AIRegulation

  4. "In a recent essay, Derek Thompson engages with AI as Normal Technology (AINT). He agrees with our thesis about AI’s slow labor market impacts, relying on the fact that GDP growth has so far been average, unemployment is below five percent, and even jobs that seemed vulnerable to automation show rising employment and wages. He concludes that so far, the macroeconomic picture is consistent with what we would expect from a “normal” general-purpose technology.

    But when it comes to AI risks, he is far more bearish. He points to examples of cyber- and bio-risks and expresses pessimism about AI quickly becoming dangerous across many new domains. (...) Thompson writes: "I can understand a plan to treat AI as a ‘normal’ technology and let Nvidia export powerful chips to China. And I can understand a plan to treat AI as an ‘abnormal’ technology that compels the government to create extraordinary regulations that prevent private companies from selling their products and services on the grounds that they’re too dangerous" [emphasis ours]. He goes on to conclude that AI is, in fact, abnormal, implying support for extraordinary government intervention. Our essay is a response to that conclusion.

    In this essay, we lay out the downsides of extraordinary government intervention in response to new technology. We discuss proposals for improving resilience that do not require such intervention. We also discuss why governments have so far been reluctant to invest in resilience. In short, resilience requires us to get better at the *normal* process of policymaking. But sclerosis in the federal government and the ease of justifying interventions on AI companies rather than society at large make extraordinary intervention seem appealing, despite its limitations."

    knightcolumbia.org/blog/do-ai-

    #AI #AISafety #AINT #NormalTechnology #AIRisk #AIRegulation

  5. "In a recent essay, Derek Thompson engages with AI as Normal Technology (AINT). He agrees with our thesis about AI’s slow labor market impacts, relying on the fact that GDP growth has so far been average, unemployment is below five percent, and even jobs that seemed vulnerable to automation show rising employment and wages. He concludes that so far, the macroeconomic picture is consistent with what we would expect from a “normal” general-purpose technology.

    But when it comes to AI risks, he is far more bearish. He points to examples of cyber- and bio-risks and expresses pessimism about AI quickly becoming dangerous across many new domains. (...) Thompson writes: "I can understand a plan to treat AI as a ‘normal’ technology and let Nvidia export powerful chips to China. And I can understand a plan to treat AI as an ‘abnormal’ technology that compels the government to create extraordinary regulations that prevent private companies from selling their products and services on the grounds that they’re too dangerous" [emphasis ours]. He goes on to conclude that AI is, in fact, abnormal, implying support for extraordinary government intervention. Our essay is a response to that conclusion.

    In this essay, we lay out the downsides of extraordinary government intervention in response to new technology. We discuss proposals for improving resilience that do not require such intervention. We also discuss why governments have so far been reluctant to invest in resilience. In short, resilience requires us to get better at the *normal* process of policymaking. But sclerosis in the federal government and the ease of justifying interventions on AI companies rather than society at large make extraordinary intervention seem appealing, despite its limitations."

    knightcolumbia.org/blog/do-ai-

    #AI #AISafety #AINT #NormalTechnology #AIRisk #AIRegulation

  6. Uno studio analizza la capacità dei modelli di IA di assistere nella progettazione di armi biologiche. Il punto critico non è tanto "può farlo?" quanto: quali sono i guardrail tecnici reali, e chi li valida? Le dichiarazioni dei vendor non bastano — servono audit indipendenti e metodologie riproducibili. #infosec #AIrisk #biosecurity
    lescienze.it/tecnologia-e-inte

  7. VectorCertain's SecureAgent stops AI-powered cyberattacks before they execute—100% prevention rate on 810 autonomous exploit chains. First platform to validate pre-execution AI agent governance. #CyberSecurity #AIRisk

  8. VectorCertain's SecureAgent stops AI-powered cyberattacks before they execute—100% prevention rate on 810 autonomous exploit chains. First platform to validate pre-execution AI agent governance. #CyberSecurity #AIRisk

  9. VectorCertain's SecureAgent stops AI-powered cyberattacks before they execute—100% prevention rate on 810 autonomous exploit chains. First platform to validate pre-execution AI agent governance. #CyberSecurity #AIRisk

  10. Three megatrends are converging into a systemic cybersecurity crisis: AI-integrated OS attack surfaces (Apple Intelligence prompt injection hit 76% bypass), self-propagating software supply chain worms targeting dev tools, and the weaponization of trusted platforms like GitHub for exfiltration. Essential read 👇

    post.kapualabs.com/yjpwcnef

    #CyberSecurity #SupplyChainSecurity #AIrisk

  11. Oh lord. Can we get a moment's peace? Anthropic's most powerful — and dangerous — AI tool has been compromised. A group on a private Discord gained unauthorized access to Claude Mythos, a cybersecurity model so capable it can exploit vulnerabilities faster than elite human hackers. They cracked it on launch day by guessing its URL. Access came via a third-party contractor. Anthropic says no core systems were breached, but the irony is hard to ignore: an AI built to defend against cyberattacks... got hacked. The group claims curiosity, not malice — but the risk is real. techcrunch.com/2026/04/21/unau
    #Anthropic #ClaudeMythos #CyberSecurity #AIRisk #DataBreach #ProjectGlasswing #ArtificialIntelligence #TechNews #Hacked #AISecuriy

  12. Oh lord. Can we get a moment's peace? Anthropic's most powerful — and dangerous — AI tool has been compromised. A group on a private Discord gained unauthorized access to Claude Mythos, a cybersecurity model so capable it can exploit vulnerabilities faster than elite human hackers. They cracked it on launch day by guessing its URL. Access came via a third-party contractor. Anthropic says no core systems were breached, but the irony is hard to ignore: an AI built to defend against cyberattacks... got hacked. The group claims curiosity, not malice — but the risk is real. techcrunch.com/2026/04/21/unau
    #Anthropic #ClaudeMythos #CyberSecurity #AIRisk #DataBreach #ProjectGlasswing #ArtificialIntelligence #TechNews #Hacked #AISecuriy

  13. Oh lord. Can we get a moment's peace? Anthropic's most powerful — and dangerous — AI tool has been compromised. A group on a private Discord gained unauthorized access to Claude Mythos, a cybersecurity model so capable it can exploit vulnerabilities faster than elite human hackers. They cracked it on launch day by guessing its URL. Access came via a third-party contractor. Anthropic says no core systems were breached, but the irony is hard to ignore: an AI built to defend against cyberattacks... got hacked. The group claims curiosity, not malice — but the risk is real. techcrunch.com/2026/04/21/unau
    #Anthropic #ClaudeMythos #CyberSecurity #AIRisk #DataBreach #ProjectGlasswing #ArtificialIntelligence #TechNews #Hacked #AISecuriy

  14. Oh lord. Can we get a moment's peace? Anthropic's most powerful — and dangerous — AI tool has been compromised. A group on a private Discord gained unauthorized access to Claude Mythos, a cybersecurity model so capable it can exploit vulnerabilities faster than elite human hackers. They cracked it on launch day by guessing its URL. Access came via a third-party contractor. Anthropic says no core systems were breached, but the irony is hard to ignore: an AI built to defend against cyberattacks... got hacked. The group claims curiosity, not malice — but the risk is real. techcrunch.com/2026/04/21/unau
    #Anthropic #ClaudeMythos #CyberSecurity #AIRisk #DataBreach #ProjectGlasswing #ArtificialIntelligence #TechNews #Hacked #AISecuriy

  15. Oh lord. Can we get a moment's peace? Anthropic's most powerful — and dangerous — AI tool has been compromised. A group on a private Discord gained unauthorized access to Claude Mythos, a cybersecurity model so capable it can exploit vulnerabilities faster than elite human hackers. They cracked it on launch day by guessing its URL. Access came via a third-party contractor. Anthropic says no core systems were breached, but the irony is hard to ignore: an AI built to defend against cyberattacks... got hacked. The group claims curiosity, not malice — but the risk is real. techcrunch.com/2026/04/21/unau
    #Anthropic #ClaudeMythos #CyberSecurity #AIRisk #DataBreach #ProjectGlasswing #ArtificialIntelligence #TechNews #Hacked #AISecuriy

  16. @geoworldpolitical
    AI does not obey? That is threatening.
    Especially if you know how wrong AI can be.
    #ai #aisafety #airisk

  17. @geoworldpolitical
    AI does not obey? That is threatening.
    Especially if you know how wrong AI can be.
    #ai #aisafety #airisk

  18. Meta paused work with a $10B AI data vendor after hackers poisoned an open-source Python library called LiteLLM and walked out with four terabytes of data. So, that's bad. And the worst part? The stolen data might include the actual training methodologies that Meta, OpenAI, Anthropic, and Google paid billions to develop. Think about what that means. You can't protect your crown jewels if they're sitting inside a vendor who's connected to your three biggest competitors, all sharing the same open-source tools, all exposed by the same 40-minute window on PyPI before anyone noticed.

    🎯 The attack chain here is worth understanding: hackers compromised a security scanner called Trivy, used that access to get credentials for a LiteLLM maintainer, then published two malicious package versions that lasted less than an hour before removal. Forty minutes. That's all it took.

    💼 Mercor is not some sloppy startup. It's 22-year-old founders, $500M annualized revenue, and clients at the very top of the AI industry. Sophistication doesn't protect you from a poisoned dependency you never thought to audit.

    🔍 The question I'd be asking right now if I were a CISO at any of these labs isn't "were we breached." It's "how many vendors in our training pipeline are running LiteLLM, and did we even know?"

    Most companies audit their own software. Almost nobody audits the software their vendors use to build the data they're buying.

    thenextweb.com/news/meta-merco
    #Cybersecurity #AIRisk #SupplyChainSecurity spc #security #privacy #cloud #infosec #ThirdPartyRisk

  19. Meta paused work with a $10B AI data vendor after hackers poisoned an open-source Python library called LiteLLM and walked out with four terabytes of data. So, that's bad. And the worst part? The stolen data might include the actual training methodologies that Meta, OpenAI, Anthropic, and Google paid billions to develop. Think about what that means. You can't protect your crown jewels if they're sitting inside a vendor who's connected to your three biggest competitors, all sharing the same open-source tools, all exposed by the same 40-minute window on PyPI before anyone noticed.

    🎯 The attack chain here is worth understanding: hackers compromised a security scanner called Trivy, used that access to get credentials for a LiteLLM maintainer, then published two malicious package versions that lasted less than an hour before removal. Forty minutes. That's all it took.

    💼 Mercor is not some sloppy startup. It's 22-year-old founders, $500M annualized revenue, and clients at the very top of the AI industry. Sophistication doesn't protect you from a poisoned dependency you never thought to audit.

    🔍 The question I'd be asking right now if I were a CISO at any of these labs isn't "were we breached." It's "how many vendors in our training pipeline are running LiteLLM, and did we even know?"

    Most companies audit their own software. Almost nobody audits the software their vendors use to build the data they're buying.

    thenextweb.com/news/meta-merco
    #Cybersecurity #AIRisk #SupplyChainSecurity spc #security #privacy #cloud #infosec #ThirdPartyRisk

  20. Meta paused work with a $10B AI data vendor after hackers poisoned an open-source Python library called LiteLLM and walked out with four terabytes of data. So, that's bad. And the worst part? The stolen data might include the actual training methodologies that Meta, OpenAI, Anthropic, and Google paid billions to develop. Think about what that means. You can't protect your crown jewels if they're sitting inside a vendor who's connected to your three biggest competitors, all sharing the same open-source tools, all exposed by the same 40-minute window on PyPI before anyone noticed.

    🎯 The attack chain here is worth understanding: hackers compromised a security scanner called Trivy, used that access to get credentials for a LiteLLM maintainer, then published two malicious package versions that lasted less than an hour before removal. Forty minutes. That's all it took.

    💼 Mercor is not some sloppy startup. It's 22-year-old founders, $500M annualized revenue, and clients at the very top of the AI industry. Sophistication doesn't protect you from a poisoned dependency you never thought to audit.

    🔍 The question I'd be asking right now if I were a CISO at any of these labs isn't "were we breached." It's "how many vendors in our training pipeline are running LiteLLM, and did we even know?"

    Most companies audit their own software. Almost nobody audits the software their vendors use to build the data they're buying.

    thenextweb.com/news/meta-merco
    #Cybersecurity #AIRisk #SupplyChainSecurity spc #security #privacy #cloud #infosec #ThirdPartyRisk

  21. Meta paused work with a $10B AI data vendor after hackers poisoned an open-source Python library called LiteLLM and walked out with four terabytes of data. So, that's bad. And the worst part? The stolen data might include the actual training methodologies that Meta, OpenAI, Anthropic, and Google paid billions to develop. Think about what that means. You can't protect your crown jewels if they're sitting inside a vendor who's connected to your three biggest competitors, all sharing the same open-source tools, all exposed by the same 40-minute window on PyPI before anyone noticed.

    🎯 The attack chain here is worth understanding: hackers compromised a security scanner called Trivy, used that access to get credentials for a LiteLLM maintainer, then published two malicious package versions that lasted less than an hour before removal. Forty minutes. That's all it took.

    💼 Mercor is not some sloppy startup. It's 22-year-old founders, $500M annualized revenue, and clients at the very top of the AI industry. Sophistication doesn't protect you from a poisoned dependency you never thought to audit.

    🔍 The question I'd be asking right now if I were a CISO at any of these labs isn't "were we breached." It's "how many vendors in our training pipeline are running LiteLLM, and did we even know?"

    Most companies audit their own software. Almost nobody audits the software their vendors use to build the data they're buying.

    thenextweb.com/news/meta-merco
    #Cybersecurity #AIRisk #SupplyChainSecurity spc #security #privacy #cloud #infosec #ThirdPartyRisk

  22. Meta paused work with a $10B AI data vendor after hackers poisoned an open-source Python library called LiteLLM and walked out with four terabytes of data. So, that's bad. And the worst part? The stolen data might include the actual training methodologies that Meta, OpenAI, Anthropic, and Google paid billions to develop. Think about what that means. You can't protect your crown jewels if they're sitting inside a vendor who's connected to your three biggest competitors, all sharing the same open-source tools, all exposed by the same 40-minute window on PyPI before anyone noticed.

    🎯 The attack chain here is worth understanding: hackers compromised a security scanner called Trivy, used that access to get credentials for a LiteLLM maintainer, then published two malicious package versions that lasted less than an hour before removal. Forty minutes. That's all it took.

    💼 Mercor is not some sloppy startup. It's 22-year-old founders, $500M annualized revenue, and clients at the very top of the AI industry. Sophistication doesn't protect you from a poisoned dependency you never thought to audit.

    🔍 The question I'd be asking right now if I were a CISO at any of these labs isn't "were we breached." It's "how many vendors in our training pipeline are running LiteLLM, and did we even know?"

    Most companies audit their own software. Almost nobody audits the software their vendors use to build the data they're buying.

    thenextweb.com/news/meta-merco
    #Cybersecurity #AIRisk #SupplyChainSecurity spc #security #privacy #cloud #infosec #ThirdPartyRisk

  23. We keep worrying about AI doing something evil. Which it might, but right now, there’s a risk in the plumbing supporting it. Three vulnerabilities in LangChain and LangGraph, path traversal, unsafe deserialization, SQL injection. Not AI-specific attacks. They’re not novel nor sophisticated but these are the kinds of bugs we've been patching since the late '90s. One of them scored a severity of 9.3 out of 10. "The biggest threat to your enterprise AI data might not be as complex as you think." Remember that you're building AI on top of frameworks you didn't write, can't fully audit, and update whenever it's convenient. That's the actual problem.

    🔐 Path traversal lets attackers read arbitrary files from the host system, including credentials
    🔑 Unsafe deserialization exposes API keys and environment variables at runtime
    🗄️ SQL injection in the checkpointing layer leaks conversation history from your AI agents

    All three are fixed now. But "fixed" only matters if you've actually applied the patches across every integration. Most organizations haven't.

    The lesson isn't about AI security. It's that AI doesn't change what good security engineering looks like. Input validation, parameterized queries, strict path sandboxing. This is stuff your dev team learned before ChatGPT existed.

    If you're deploying AI pipelines and you haven't done a security review of the frameworks underneath them, you're not running an AI strategy. You're running a trust exercise.

    csoonline.com/article/4151814/
    #CyberSecurity #AIRisk #AppSec #security #privacy #cloud #infosec

  24. We keep worrying about AI doing something evil. Which it might, but right now, there’s a risk in the plumbing supporting it. Three vulnerabilities in LangChain and LangGraph, path traversal, unsafe deserialization, SQL injection. Not AI-specific attacks. They’re not novel nor sophisticated but these are the kinds of bugs we've been patching since the late '90s. One of them scored a severity of 9.3 out of 10. "The biggest threat to your enterprise AI data might not be as complex as you think." Remember that you're building AI on top of frameworks you didn't write, can't fully audit, and update whenever it's convenient. That's the actual problem.

    🔐 Path traversal lets attackers read arbitrary files from the host system, including credentials
    🔑 Unsafe deserialization exposes API keys and environment variables at runtime
    🗄️ SQL injection in the checkpointing layer leaks conversation history from your AI agents

    All three are fixed now. But "fixed" only matters if you've actually applied the patches across every integration. Most organizations haven't.

    The lesson isn't about AI security. It's that AI doesn't change what good security engineering looks like. Input validation, parameterized queries, strict path sandboxing. This is stuff your dev team learned before ChatGPT existed.

    If you're deploying AI pipelines and you haven't done a security review of the frameworks underneath them, you're not running an AI strategy. You're running a trust exercise.

    csoonline.com/article/4151814/
    #CyberSecurity #AIRisk #AppSec #security #privacy #cloud #infosec

  25. We keep worrying about AI doing something evil. Which it might, but right now, there’s a risk in the plumbing supporting it. Three vulnerabilities in LangChain and LangGraph, path traversal, unsafe deserialization, SQL injection. Not AI-specific attacks. They’re not novel nor sophisticated but these are the kinds of bugs we've been patching since the late '90s. One of them scored a severity of 9.3 out of 10. "The biggest threat to your enterprise AI data might not be as complex as you think." Remember that you're building AI on top of frameworks you didn't write, can't fully audit, and update whenever it's convenient. That's the actual problem.

    🔐 Path traversal lets attackers read arbitrary files from the host system, including credentials
    🔑 Unsafe deserialization exposes API keys and environment variables at runtime
    🗄️ SQL injection in the checkpointing layer leaks conversation history from your AI agents

    All three are fixed now. But "fixed" only matters if you've actually applied the patches across every integration. Most organizations haven't.

    The lesson isn't about AI security. It's that AI doesn't change what good security engineering looks like. Input validation, parameterized queries, strict path sandboxing. This is stuff your dev team learned before ChatGPT existed.

    If you're deploying AI pipelines and you haven't done a security review of the frameworks underneath them, you're not running an AI strategy. You're running a trust exercise.

    csoonline.com/article/4151814/
    #CyberSecurity #AIRisk #AppSec #security #privacy #cloud #infosec

  26. We keep worrying about AI doing something evil. Which it might, but right now, there’s a risk in the plumbing supporting it. Three vulnerabilities in LangChain and LangGraph, path traversal, unsafe deserialization, SQL injection. Not AI-specific attacks. They’re not novel nor sophisticated but these are the kinds of bugs we've been patching since the late '90s. One of them scored a severity of 9.3 out of 10. "The biggest threat to your enterprise AI data might not be as complex as you think." Remember that you're building AI on top of frameworks you didn't write, can't fully audit, and update whenever it's convenient. That's the actual problem.

    🔐 Path traversal lets attackers read arbitrary files from the host system, including credentials
    🔑 Unsafe deserialization exposes API keys and environment variables at runtime
    🗄️ SQL injection in the checkpointing layer leaks conversation history from your AI agents

    All three are fixed now. But "fixed" only matters if you've actually applied the patches across every integration. Most organizations haven't.

    The lesson isn't about AI security. It's that AI doesn't change what good security engineering looks like. Input validation, parameterized queries, strict path sandboxing. This is stuff your dev team learned before ChatGPT existed.

    If you're deploying AI pipelines and you haven't done a security review of the frameworks underneath them, you're not running an AI strategy. You're running a trust exercise.

    csoonline.com/article/4151814/
    #CyberSecurity #AIRisk #AppSec #security #privacy #cloud #infosec

  27. We keep worrying about AI doing something evil. Which it might, but right now, there’s a risk in the plumbing supporting it. Three vulnerabilities in LangChain and LangGraph, path traversal, unsafe deserialization, SQL injection. Not AI-specific attacks. They’re not novel nor sophisticated but these are the kinds of bugs we've been patching since the late '90s. One of them scored a severity of 9.3 out of 10. "The biggest threat to your enterprise AI data might not be as complex as you think." Remember that you're building AI on top of frameworks you didn't write, can't fully audit, and update whenever it's convenient. That's the actual problem.

    🔐 Path traversal lets attackers read arbitrary files from the host system, including credentials
    🔑 Unsafe deserialization exposes API keys and environment variables at runtime
    🗄️ SQL injection in the checkpointing layer leaks conversation history from your AI agents

    All three are fixed now. But "fixed" only matters if you've actually applied the patches across every integration. Most organizations haven't.

    The lesson isn't about AI security. It's that AI doesn't change what good security engineering looks like. Input validation, parameterized queries, strict path sandboxing. This is stuff your dev team learned before ChatGPT existed.

    If you're deploying AI pipelines and you haven't done a security review of the frameworks underneath them, you're not running an AI strategy. You're running a trust exercise.

    csoonline.com/article/4151814/
    #CyberSecurity #AIRisk #AppSec #security #privacy #cloud #infosec

  28. Forget sci-fi, the real AI risks are already here: cyberattacks, misinformation, and systems making life altering decisions with zero human oversight. 😳 Experts like Hinton & Bengio are warning us. Time to pay attention.
    🔗 techglimmer.io/could-ai-actual
    #AI #ArtificialIntelligence #TechNews #AIRisk

  29. Forget sci-fi, the real AI risks are already here: cyberattacks, misinformation, and systems making life altering decisions with zero human oversight. 😳 Experts like Hinton & Bengio are warning us. Time to pay attention.
    🔗 techglimmer.io/could-ai-actual
    #AI #ArtificialIntelligence #TechNews #AIRisk