CSOonline

Unpatched ChromaDB flaw leaves servers open to remote code execution

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI models before authentication is checked. Researchers have published details ...
CSOonline

FastAPI-based AI tools exposed to authentication bypass by flaw in Starlette framework

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers and agent infrastructure. A single malformed character in a web request can ...

Worrying open-source security issue 'BadHost' could affect millions of AI agents

The risk is "materially understated", researchers are saying as passwords and critical data can be exfiltrated.

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
InfoQ

BadHost Vulnerability Exposes AI Agents, Evaluators, and LLM Gateways

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
GitHub

ID-based RAG FastAPI

This project integrates Langchain with FastAPI in an Asynchronous, Scalable manner, providing a framework for document indexing and retrieval, using PostgreSQL/pgvector. Files are organized into ...