Agentic-Security

If you’re running nginx-ui with Model Context Protocol (MCP) support and haven’t patched yet, stop what you’re doing. A critical vulnerability — CVE-2026-33032 — is being actively exploited in the wild right now, and the attack is devastatingly simple. What Is CVE-2026-33032? CVE-2026-33032 is an authentication bypass flaw in nginx-ui’s MCP endpoint with a CVSS score of 9.8 (Critical). The vulnerability exists because nginx-ui leaves its /mcp_message endpoint completely unprotected. No authentication required. No credentials needed. Just two unauthenticated HTTP requests and an attacker has full control of your nginx server. ...

CVE-2026-33032 is a CVSS 9.8 authentication bypass in nginx-ui’s Model Context Protocol (MCP) endpoint, actively exploited in the wild right now. This guide walks you through checking your exposure, assessing impact, and patching — in that order. Time to complete: 10–20 minutes Risk if you skip: Full nginx server takeover without authentication Patched version: nginx-ui 2.3.4+ Step 1: Check Your nginx-ui Version nginx-ui --version Or check the installed package version: ...

Something significant happened in enterprise security on April 14, 2026 that didn’t get nearly enough attention in the AI news cycle: Palo Alto Networks officially closed its acquisition of Koi Security, valued at up to approximately $400M. The deal was first announced in February; the close marks the formal birth of a new enterprise security category — Agentic Endpoint Security. And in the official press releases, Palo Alto named names. Claude Code and OpenClaw were cited explicitly as the primary attack surface drivers making this category necessary. ...

Gartner doesn’t usually traffic in alarm. When the world’s most influential tech analyst firm publishes a forecast saying a quarter of enterprise GenAI applications will face recurring security breaches by 2028, it’s worth reading carefully. The new prediction: 25% of all enterprise GenAI applications will experience at least five minor security incidents per year by 2028, up from just 9% in 2025. And the culprit the analysts are pointing to most explicitly isn’t prompt injection or model vulnerabilities — it’s MCP, the Model Context Protocol, and the broader architectural patterns of agentic AI. ...

Security researchers at LayerX have published findings that should give every Claude Code user pause: a carefully crafted CLAUDE.md file can turn the agentic coding assistant into what they describe as a “nation-state-level attack tool” — capable of executing SQL injection attacks, stealing credentials, and bypassing safeguards during normal coding sessions. No actual coding required on the attacker’s part. Just a malicious markdown file. What Is “Vibe Hacking”? LayerX coined the term vibe hacking to describe a class of attacks where malicious instructions are embedded in the ambient configuration context of an AI coding agent, rather than in explicit code or prompts. The “vibe” in question is the agent’s operating context — its instructions, its persona, its assumed goals. ...

OpenAI has launched its first public Safety Bug Bounty program — and it’s squarely focused on the attack surfaces that matter most for agentic AI: prompt injection, MCP-based hijacks, data exfiltration from ChatGPT Agent, and platform integrity flaws. Top reward: $100,000 for critical safety vulnerabilities. This isn’t a standard security bounty. It’s specifically designed to capture the class of AI-native risks that traditional vulnerability disclosure programs aren’t built for — the kind of things that don’t show up in CVE databases but can cause real harm at scale when AI agents are acting in the world. ...

If you’re running Langflow and haven’t patched yet, stop reading and go patch. Then come back. A critical vulnerability in Langflow — CVE-2026-33017 (CVSS 9.3) — enables unauthenticated remote code execution, and threat actors began exploiting it in the wild within 20 hours of public disclosure on March 20, 2026. That’s not a theoretical risk. That’s active attacks happening right now. What the Vulnerability Does The flaw lives in a single endpoint: ...

CVE-2026-33017 (CVSS 9.3) is a critical unauthenticated remote code execution vulnerability in Langflow that was actively exploited within 20 hours of public disclosure. If your Langflow instance is running version 1.8.1 or earlier and is network-accessible, treat this as an emergency. This guide walks you through patching, verification, and hardening steps to protect your deployment. Step 1: Confirm Your Current Version Check your installed Langflow version: pip show langflow | grep Version # or if running in Docker: docker exec <container_name> pip show langflow | grep Version If the output shows 1.8.1 or earlier, you are vulnerable and must patch immediately. ...

Enterprise security teams are drowning in alerts and fragmented tools. Surf AI launched today with a $57 million answer to that problem — and some serious institutional backing behind the thesis. The agentic operations startup emerged from stealth with a round led by Accel, with participation from Cyberstarts and Boldstart. Founded in 2024, Surf AI’s platform uses AI agents to automate security hygiene tasks across the complex, multi-system environments that modern enterprises operate. The company already counts Fortune 500 firms among its customers — this isn’t pre-product fundraising. ...

Two hours. That’s how long it took an autonomous AI agent to crack open McKinsey’s internal AI assistant and walk out with 46 million chat messages, 728,000 confidential client files, and 57,000 user account records — all in plaintext. The breach wasn’t carried out by a human hacker manually probing endpoints. It was executed by an offensive AI agent deployed by CodeWall, a red-team security startup, as part of an authorized penetration test. The agent operated autonomously: it selected the target, identified the attack surface, and executed the breach without human intervention beyond the initial launch. ...