CSO Online

‘Silent’ Google API key change exposed Gemini AI data

API key exploitation is more than hypothetical. In a different context, a student who reportedly exposed a GCP API key on GitHub last June was left nursing a $55,444 bill (later waived by Google) ...

Previously harmless Google API keys now expose Gemini AI data

Google API keys for services like Maps embedded in accessible client-side code could be used to authenticate to the Gemini AI ...
SecurityWeek

The Blast Radius Problem: Stolen Credentials Are Weaponizing Agentic AI

IBM threat report reveals a 4x surge in supply chain attacks, fueled by startling reality: 56% of vulnerabilities require no ...
GitHub

aws-ia/terraform-aws-agentcore

Terraform module for creating and managing Amazon Bedrock AgentCore resources. AgentCore is AWS's managed service for running AI agents - you provide the agent code, AWS runs it for you. 1. Deploy: ...
IEEE

Are Passkeys the Key? Older Adults’ Perceptions of Passwordless Authentication

Abstract: Older adults face unique challenges with password-based authentication, often due to age-related memory decline, leaving their digital accounts vulnerable to compromise. Passkeys—a novel ...
GitHub

express-pbkdf2-api-key-auth

The token format is compatible with MooseStack's moose generate hash-token command, and can be used in any Express project: Token: 16 random bytes (32-char hex string) Salt: 16 random bytes (32-char ...
Microsoft

Detecting and mitigating common agent misconfigurations

Organizations are rapidly adopting agents, but attackers are equally fast at exploiting misconfigured AI workflows. Mis-sharing, unsafe orchestration, and weak authentication create new identity and ...
thecyberexpress

AI-Coded Moltbook Platform Exposes 1.5 Mn API Keys Through Database Misconfiguration

Viral social network “Moltbook” built entirely by artificial intelligence leaked authentication tokens, private messages and user emails through missing security controls in production environment.
Infosecurity-magazine.com

Vibe-Coded Moltbook Exposes User Data, API Keys and More

A self-styled social networking platform built for AI agents contained a misconfigured database which allowed full read and write access to all data, security researchers have revealed. Moltbook was ...
The Daily News

Intruder Research Warns of Widespread Data Exposure Risks in Moltbot (Clawdbot) AI Assistant Deployments

Intruder, a leader in exposure management, today released new security research detailing vulnerabilities in Moltbot, formerly known as Clawdbot, an open-source, self-hosted AI assistant. The research ...
Reuters

'Moltbook' social media site for AI agents had big security hole, cyber firm Wiz says

WASHINGTON, Feb 2 (Reuters) - A buzzy new social network where artificial intelligence-powered bots appear to swap code and gossip about their human owners had a major flaw that exposed private data ...