YUDDHA Autonomous Defender Exposes Critical SQL Injection in /rest/products/search Endpoint

The YUDDHA platform's autonomous security agent, KAVACH, has autonomously identified and patched a critical SQL injection vulnerability. The flaw was located in the `/rest/products/search?q=` endpoint of a target application, exposing a direct path for data exfiltration or system compromise. Verified by the Mistral model and sandbox testing, the patch directly addresses a textbook injection flaw classified under OWASP A03:2021, with a proof-of-concept payload as simple as `' OR 1=1 --`.

The vulnerability was rooted in the application's real source code, specifically within the `server.ts` file. The autonomous system traced the flaw to the endpoint's handling of user-supplied input in the search query parameter (`q=`), a common vector for injection attacks. The discovery process highlights a shift towards AI-driven, continuous security auditing that operates directly on source repositories, moving beyond traditional perimeter scanning.

The successful patch by the YUDDHA defender signals a potential new pressure point for development and security teams: the rise of autonomous agents capable of both finding and fixing critical vulnerabilities in near real-time. This incident underscores the persistent risk of basic injection flaws in production code and raises questions about the future role of human oversight in automated remediation workflows, especially for high-severity issues verified against live codebases.