AI Sec Watch

ONNX (Open Neural Network Exchange, a standard format for sharing machine learning models) versions before 1.21.0 have a symlink traversal vulnerability (a flaw where attackers can follow symbolic links to access files outside the intended model directory), allowing unauthorized reading of files outside the model directory. This vulnerability affects how ONNX loads external data when processing models.

ONNX (Open Neural Network Exchange, a standard format for sharing machine learning models) has a security flaw in versions before 1.21.0 where its file-loading function checks for symlinks (shortcuts to files) but misses hardlinks (alternate names pointing to the same file), allowing attackers to bypass path traversal protections (restrictions that prevent accessing files outside an intended folder).

ONNX (Open Neural Network Exchange, a standard format for sharing machine learning models) had a vulnerability in versions before 1.21.0 where it didn't properly validate data loaded from model files, allowing an attacker to craft a malicious model that could overwrite internal object properties. An attacker could exploit this by embedding specially crafted metadata (like file paths) into an ONNX model file that would be processed without proper checks.

ONNX (Open Neural Network Exchange, a standard format for sharing machine learning models) versions before 1.21.0 have a path traversal vulnerability via symlink (a shortcut that points to files outside its intended folder), allowing attackers to read arbitrary files outside the model or user-provided directory. This vulnerability has a CVSS score (0-10 severity rating) of 8.7, indicating high severity.

Researcher Hung Nguyen used Anthropic's Claude Code (an AI tool for analyzing code) to quickly discover zero-day exploits (previously unknown security flaws) in Vim and GNU Emacs, two widely-used text editors. Claude Code found vulnerabilities that would allow attackers to execute arbitrary code (run commands they don't control) simply by tricking users into opening malicious files, and even generated proof-of-concept exploits (working examples of attacks) within minutes.

This webinar discusses agentic AI (AI systems that can plan and take actions independently to complete tasks), its current capabilities and limitations, and how disconnected applications create identity security vulnerabilities that have led to real breaches. The event explores the 'last mile problem' in identity security, which refers to the final challenge of verifying user identity across systems that don't communicate well with each other.

Traditional enterprise security approaches that simply block access to AI tools and websites create a "Workaround Economy" where employees bypass controls through unmanaged alternatives like personal email or browser extensions, resulting in zero organizational visibility and increased risk. The article argues that blocking tools is ineffective because security tools like firewalls and endpoint agents (software that monitors device activity) either break user experience or remain blind to threats like browser extensions harvesting data, as illustrated by a law firm that blocked DeepSeek but discovered 70% of users had installed invisible AI wrapper extensions routing traffic overseas.

Elgato's Stream Deck 7.4 software update now supports MCP (Model Context Protocol, a standard that lets AI assistants interact with software tools), allowing AI chatbots like Claude and ChatGPT to automatically activate Stream Deck buttons instead of requiring manual button presses. Users can now request actions through voice or text, and the AI will trigger the corresponding Stream Deck functions.

This is an academic survey paper that reviews different prompting frameworks, which are structured approaches to asking large language models (AI systems trained on huge amounts of text) questions or giving them instructions to complete tasks. The paper, published in a major computer science journal, catalogues and analyzes various methods researchers have developed to improve how effectively people interact with and get useful results from LLMs.