1. Wast Scanner's Active Vulnerability Tests Risk AI Agent Misuse, Prompting 'Safe Mode' Push
The `wast scan` command, a tool for web application security testing, currently runs active vulnerability probes by default—a design that poses a significant risk when used by AI agents. Without explicit user confirmation, the tool immediately sends potentially dangerous payloads, including XSS scripts and SQL injectio...