AI Sec Watch

FastGPT (an AI platform for building AI agents) versions 4.14.0 to 4.14.5 have a vulnerability where attackers can access the plugin system without authentication by directly calling certain API endpoints, potentially crashing the plugin system and causing users to lose their plugin installation data, though not exposing sensitive keys. This vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 6.9, which is considered medium severity.

CVE-2026-21523 is a time-of-check time-of-use (TOCTOU) race condition (a vulnerability where an attacker exploits the gap between when a system checks permissions and when it uses a resource) in GitHub Copilot and Visual Studio that allows an authorized attacker to execute code over a network. The vulnerability has not yet received a CVSS severity rating from NIST.

CVE-2026-21518 is a command injection vulnerability (a flaw where attackers can insert malicious commands into user input) in GitHub Copilot and Visual Studio Code that allows an unauthorized attacker to bypass security features over a network. The vulnerability stems from improper handling of special characters in commands. No CVSS severity score (a 0-10 rating of how serious a vulnerability is) has been assigned yet by NIST.

GitHub Copilot contains a command injection vulnerability (CVE-2026-21516), which is a flaw where special characters in user input are not properly filtered, allowing an attacker to execute code remotely on a system. The vulnerability was reported by Microsoft Corporation and has a CVSS score pending assessment.

CVE-2026-21257 is a command injection vulnerability (a flaw where attackers can insert malicious commands into an application) found in GitHub Copilot and Visual Studio that allows an authorized attacker to gain elevated privileges over a network. The vulnerability stems from improper handling of special characters in commands. As of the source date, a CVSS severity score (a 0-10 rating of how severe a vulnerability is) had not yet been assigned by NIST.

CVE-2026-21256 is a command injection vulnerability (a flaw where attackers can sneak malicious commands into input that a program then executes) found in GitHub Copilot and Visual Studio that allows unauthorized attackers to run code on a network. The vulnerability stems from improper handling of special characters in commands, which means the software doesn't properly filter or neutralize dangerous input before using it.

QuitGPT is a campaign urging people to cancel their ChatGPT Plus subscriptions, citing concerns about OpenAI president Greg Brockman's donation to a political super PAC and the use of ChatGPT-4 by US Immigration and Customs Enforcement for résumé screening. The campaign, which began in late January and has garnered over 36 million Instagram views, asks supporters to either cancel their subscriptions, commit to stop using ChatGPT, or share the campaign on social media, with organizers hoping that enough canceled subscriptions will pressure OpenAI to change its practices.

Most Fortune 500 companies now use AI agents (software that can act and make decisions with minimal human input), but many lack visibility into how many agents are running and what data they access, creating security risks. The report recommends applying Zero Trust security principles (requiring strong identity verification and giving users/agents only the minimum access they need) to AI agents the same way organizations do for human employees.

LangChain released version 1.2.10, which includes a bug fix for token counting on partial message sequences (a partial message sequence is a subset of messages in a conversation), dependency updates, and code refactoring to rename internal variables.