154 matches found
Your Automated Pentest Looks Clean. See What It Missed in This Expert Webinar
Your pentest report looks clean. That might be the problem. Run automated pentesting long enough, and the new findings start to dry up. By the third or fourth run, fewer issues appear. The report looks stable. Leadership reads "stable" as "secure." It usually isn't. The work slows down. The risk...
CVE-2026-45758
Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Aany user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026 may be affected. Security...
CVE-2026-45758
Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Aany user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026 may be affected. Security...
PYSEC-2026-206
Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Aany user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026 may be affected. Security...
PYSEC-0000-CVE-2026-45758
Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Aany user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026 may be affected. Security...
PYSEC-2026-206
Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Aany user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026 may be affected. Security...
CVE-2026-45758
CVE-2026-45758 affects Guardrails AI (Python framework). A malicious PyPI release, guardrails-ai==0.10.1, was published on 2026-05-11. Security telemetry reports no observed requests to Guardrails AI infrastructure from 0.10.1 and no data exfiltration evidence, but affected users should act. The ...
CVE-2026-45758 Malicious code in guardrails-ai 0.10.1 (supply chain compromise)
Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Aany user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026 may be affected. Security...
CVE-2026-45758
Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Aany user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026 may be affected. Security...
CVE-2026-45758 Malicious code in guardrails-ai 0.10.1 (supply chain compromise)
Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Aany user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026 may be affected. Security...
EUVD-2026-34912
Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Aany user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026 may be affected. Security...
AgentDoG 1.5: A Lightweight and Scalable Alignment Framework for AI Agent Safety and Security
Modern open-world agents such as OpenClaw exhibit powerful cross-environment execution capabilities yet introduce broad new safety risk sources. Meanwhile, advanced frontier AI models drastically lower attack barriers, rendering current agent alignment frameworks inadequate for real-world...
MAL-2026-4677 Malicious code in swift-optimizer (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5c54f35da6df5cef65715d49fb7942aff442ee9a0cb486862031e5009277db3a On npm install, [email protected] runs scripts/install-binary.js as a postinstall hook. The script is a hand-rolled JavaScript bytecode VM 123 KB...
Prompt Overflow: What the Guardrail Inspects Is Not What the Model Infers
Guardrail models a.k.a. safety checkers are widely deployed to screen user inputs before they reach large language models LLMs, serving as a primary defense against prompt injection attacks. Due to strict context constraints, these models handle overlength prompts through truncation or...
GHSA-XMPW-2VMM-P4P6 Malicious code in guardrails-ai 0.10.1 (supply chain compromise)
Impact On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Affected: any user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026. Security researchers identified the malicious package within approximately 2 hours ...
Malicious code in guardrails-ai 0.10.1 (supply chain compromise)
Impact On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Affected: any user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026. Security researchers identified the malicious package within approximately 2 hours ...
Exploit for Unprotected Alternate Channel in Litellm
CVE-2026-40217 — LiteLLM Guardrail Sandbox Escape LiteLLM...
PT-2026-41973
Name of the Vulnerable Software and Affected Versions guardrails-ai version 0.10.1 Description A malicious version of the Python framework was published to PyPI. The package was identified by security researchers and quarantined by PyPI within approximately two hours of publication. Telemetry and...
CVE-2026-31233
Guardrails AI thru 0.6.7 contains a code injection vulnerability CWE-94 in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the postinstall...
No Attack Required: Semantic Fuzzing for Specification Violations in Agent Skills
LLM-powered agents can silently delete documents, leak credentials, or transfer funds on a routine user request, not because the agent was attacked, but because the skill it invoked broke its own declared safety rules. We call these specification violations: benign inputs cause a skill to breach...