LangChain SSRF Vulnerabilities Expose Internal Infrastructure: Two SSRF flaws were disclosed in LangChain's @langchain/community package (GHSA-gf3v-fwqg-4vh7, CVE-2026-26013). RecursiveUrlLoader allowed domain prefix bypass (example.com.attacker.com) and lacked private IP validation, while ChatOpenAI.get_num_tokens_from_messages() fetched arbitrary image URLs without validation when computing tokens for vision models, enabling blind SSRF with 5-second timeout against cloud metadata services.
Widespread Security Flaws in MoE LLMs and Long-Context Models: Mixture-of-Experts LLMs suffer from concentrated safety vulnerabilities where Large Language Lobotomy (L³) achieved 70.4-86.3% jailbreak success by silencing <20% of experts, and "unsafe routes" via router manipulation hit 0.90-0.98 attack success across four MoE families. Separately, compositional reasoning attacks across long contexts (64k tokens) degrade safety alignment in 14 frontier LLMs, with stronger reasoning models assembling but failing to refuse harmful intent.
AI-Powered Security Tools Gain Traction: Anthropic's Claude Opus 4.6 discovered 500+ high-severity vulnerabilities in Ghostscript, OpenSC, and CGIF without specialized prompting; Outtake raised $40M (led by Iconiq, backed by Satya Nadella) for agentic digital fraud takedown; Zast.AI secured $6M for AI-powered vulnerability validation; and Microsoft released a lightweight scanner detecting LLM backdoors via "double triangle" attention patterns and trigger memorization signals.
Notable Research on AI Agent Security and RAG Attacks: Studies revealed hybrid RAG systems leak cross-tenant data via "retrieval pivot attacks" (RPR up to 0.95 at pivot depth 2), LLMs possess "implicit memory" enabling temporal backdoors across interactions, and MUZZLE framework discovered 37 novel indirect prompt injection attacks against web agents across 4 applications.