This page collects WhisperX intelligence signals tagged #ai_security. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
The proprietary source code for Anthropic's Claude Code AI coding assistant has been exposed in a significant leak. The incident occurred when a source map file, intended for debugging, was inadvertently published within the tool's public NPM (Node Package Manager) registry package. This file contained the original, un...
微软AI开发框架Semantic Kernel的一个核心组件被发现存在严重安全漏洞。在GitHub仓库Yuliya65/Autogen的代码依赖中,检测到microsoft.semantickernel.plugins.memory.1.45.0-alpha.nupkg包存在一个最高严重性评分为9.9的漏洞,且该漏洞被标记为“可被利用”。这一发现直接指向了微软官方发布的AI工具链,暴露了其供应链中的潜在风险。 具体而言,该漏洞存在于路径为`/dotnet/samples/dev-team/seed-memory/seed-memory.csproj`的项目文件中,其根源是依赖的`microsoft.semantickernel.c...
A critical information flow control (IFC) vulnerability has been identified in the Portcullis-core library. The `GovernedMemory::read_label()` function systematically discards the original derivation class of stored data, instead hardcoding a `Deterministic` derivation in the returned `IFCLabel`. This flaw effectively ...
The YUDDHA platform's autonomous security agent, KAVACH, has automatically identified and patched a critical SQL injection vulnerability in a live application. The flaw, classified as OWASP A03:2021 - Injection, was located in the `/rest/user/login` endpoint of a target service running on `juiceshop:3000`. The vulnerab...
A high-confidence, high-severity path injection vulnerability has been flagged in a Python application, exposing a direct line for potential exploitation. The flaw, designated under CWE py/path-injection, resides at line 242 of a file named `vulnerable_app.py`. The core issue is that a file path operation critically de...
A high-severity security flaw has been identified in a Python application, where a user password is being processed with the cryptographically weak SHA-1 hashing algorithm. The vulnerability, classified under CWE-328 (Reversible One-Way Hash), exposes sensitive data to potential compromise, as SHA-1 is not designed for...