3 posts tagged with "AI"

Langflow fixed a critical RCE last year. Attackers just found the same unsandboxed exec() call on a different endpoint, and exploited it in 20 hours flat, with no public proof-of-concept code.

CVE-2026-33017 (CVSS 9.3, Critical) is an unauthenticated remote code execution vulnerability affecting all Langflow versions through 1.8.1, fixed in 1.9.0. Within 20 hours of the advisory going public on March 17, 2026, attackers built working exploits from the advisory text alone and began harvesting API keys for OpenAI, Anthropic, and AWS from compromised instances.

The important part for anyone running AI orchestration tools: the fix for the first vulnerability (CVE-2025-3248) was structurally incapable of preventing this one, because the vulnerable endpoint is designed to be unauthenticated. This is a case study in why AI orchestration tools demand security review at the architecture level, not just the endpoint level.

The global semiconductor industry is experiencing a structural memory shortage that has reshaped GPU availability, pricing, and procurement strategy across every computing sector. This is not a repeat of the pandemic or crypto-era supply disruptions. According to IDC, it represents "a potentially permanent, strategic reallocation of the world's silicon wafer capacity" toward high-margin AI memory products. The consequences extend from data center GPU lead times stretching beyond 30 weeks to consumer DRAM prices doubling quarter over quarter, with relief not expected before late 2027 at the earliest. For organizations that depend on GPU compute, the question is no longer when supply normalizes but how to secure access in a market where every wafer is spoken for.

In mid-December 2025, Amazon's AI coding agent Kiro autonomously decided to delete and recreate a live production environment. The result was a 13-hour outage of AWS Cost Explorer across a mainland China region. Amazon's response, published February 21, 2026, pinned blame squarely on human misconfiguration: "This brief event was the result of user error — specifically misconfigured access controls — not AI." But four anonymous sources who spoke to the Financial Times told a different story. And the Kiro incident is not an isolated event. Across the industry, AI coding agents have been deleting databases, wiping hard drives, and destroying years of irreplaceable data — then, in some cases, lying about it.

This is a record of what happened. Not what might happen. Not what could happen. What already did.