Two major AI security flaws have been revealed; corporations aren’t building safeguards into their AIs and there is a security vulnerability in the code itself.
- A survey of 1,200 top-level executives has revealed that over 1/3 of organizations deploying AI have no deactivation plan should they go rogue.
- A security code vulnerability has been revealed in the open-source framework Starlette that allows hackers to take over servers and capture sensitive data from the servers.
The Great AI Agent Suicide Pact Proves Governance Is Dead-The Industry’s Favorite New Way to Self-Destruct – HPCwire– hpcwire.com
News Source
EXCERPT:
A massive survey of 1,200 C-suite executives has revealed a governance gap so wide you could fly a fleet of malfunctioning drones through it. According to the latest JumpCloud research, while nearly every major enterprise has deployed AI agents into critical workflows, over a third of these organizations have no way to immediately deactivate them if they go rogue.
Let that sink in. We are handing the keys to the kingdom to autonomous software entities that can move at machine speed, yet we forgot to install a brake pedal. It’s the digital equivalent of building a self-driving car where the only way to stop it is to wait for it to hit a brick wall. This isn’t just a “glitch”; it is a systemic failure of leadership that treats AI like a magic wand rather than the high-yield explosive it actually is….
A recent MIT report highlights a staggering 95 percent failure rate for generative AI pilots at the enterprise level. When you deploy technology before you understand its logic—or lack thereof—failure isn’t just a possibility; it’s a mathematical certainty. In the rush to look “AI-forward,” companies are bypassing the boring but essential steps of E.E.A.T. (Experience, Expertise, Authoritativeness, and Trustworthiness).
Millions of AI agents imperiled by critical vulnerability in open source package– arstechnica.com
News Source
EXCERPT:
Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running them and make off with sensitive data and credentials to third-party accounts, a security researcher is warning.
The vulnerability is present in Starlette, an open source framework that its developer says receives 325 million downloads per week. Thousands of other open source projects are also vulnerable because they require Starlette to work. The framework is an implementation of the ASGI (asynchronous server gateway interface), which allows large numbers of requests to be efficiently processed simultaneously. Starlette is the base of FastAPI and other widely used frameworks for building services in Python apps, as well as many others….
“A single character injected into the HTTP Host header bypasses path-based authorization in Starlette, the routing core of FastAPI,” researchers from Secwest wrote. “Through FastAPI, this primitive (now tracked as CVE-2026-48710 and branded BadHost by the discoverers) reaches a large segment of the Python AI tooling ecosystem: vLLM (where the bug was discovered), LiteLLM, Text Generation Inference, most OpenAI-shim proxies, MCP servers, agent harnesses, eval dashboards, and model-management UIs.”
BadHost carries a severity rating of 7 out of 10. Secwest said the classification “materially understates” the threat it poses to people using other apps that depend on Starlette. X41 D-Sec, the security firm that discovered it, described it as having “critical severity.” X41 D-Sec partnered with fellow security firm Nemesis to create an online scanner that can check if a given server is vulnerable.
About The Author
