AI Sec Watch

Alphabet is folding its robotics software company Intrinsic into Google to streamline its business. Intrinsic developed Flowstate, a web-based platform that lets users build robotic applications without writing thousands of lines of code, addressing the challenge that programming robots remains extremely complex despite hardware becoming cheaper. By joining Google, Intrinsic will use Google's AI models and infrastructure to expand its industrial robotics platform for manufacturing and logistics.

LangGraph versions before 4.0.0 have a remote code execution vulnerability in their caching layer when applications enable cache backends and opt nodes into caching. The vulnerability occurs because the default serializer uses pickle deserialization (a Python feature that can execute arbitrary code) as a fallback when other serialization methods fail, allowing attackers who can write to the cache to execute malicious code.

The zae-limiter library has a security flaw where all rate limit buckets for a single user share the same DynamoDB partition key (the identifier that determines which storage location holds the data), allowing a high-traffic user to exceed DynamoDB's write limits and cause service slowdowns for that user and potentially others sharing the same partition. This vulnerability affects multi-tenant systems, like shared LLM proxies (AI services shared across multiple customers), where one customer's heavy traffic can degrade service for others.

n8n, a workflow automation tool, has a vulnerability where authenticated users with permission to create or modify workflows can exploit expression evaluation (the process of interpreting code within workflow parameters) to execute arbitrary system commands on the host server. This is a serious security flaw because it allows attackers to run unintended commands on the underlying system.

Flaws have been discovered in Claude (an AI assistant) that can put developers' computers at risk when Claude is used in software development workflows. These vulnerabilities could potentially affect supply chains, which are the networks of companies and systems that work together to deliver software and products.

n8n (a workflow automation tool) has a vulnerability where an authenticated user with workflow editing permissions could combine the Read/Write Files from Disk node (a component that modifies files on the server) with git operations (version control commands) to execute arbitrary shell commands (any commands an attacker chooses) on the n8n server. This requires the attacker to already have valid user access.

n8n, a workflow automation tool, has a vulnerability where authenticated users with workflow editing permissions could use the Merge node's SQL query mode to execute arbitrary code (running any commands they want on the server) and write files to the n8n server. This is a serious security issue because it lets trusted insiders cause significant damage.

n8n, a workflow automation tool, has a sandbox escape vulnerability in its JavaScript Task Runner that lets authenticated users run code outside the sandbox (a restricted environment for running untrusted code). On default setups, this could give attackers full control of the n8n server, while on systems using external task runners, attackers could impact other workflows.

n8n had a vulnerability in its Form nodes where an unauthenticated attacker could inject malicious code by submitting specially crafted form data that starts with an equals sign (=), which the system would then execute as an expression. While this vulnerability alone is limited, it could potentially lead to remote code execution if combined with another type of attack that bypasses n8n's expression sandbox (a security boundary that restricts what code can access).