Updating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught us

In this article 1. Why the Taxonomy Needed Updating 2. Seven new failure modes 3. Operational findings: What red teaming showed 4. New mitigations 5. What to do this quarter When the Microsoft AI Red Team published the Taxonomy of Failure Modes in Agentic AI Systems in April 2025, the goal was a...

wingman

/|\ / | ...

Bridging the Cybersecurity Gap between Web2 and Web3 - an Incident-Based Analysis of Organizational and Application-Level Security Failures

The rapid adoption of Web3 infrastructures has led to a growing number of security incidents affecting cryptocurrency exchanges, custody services and blockchain-based platforms. While existing research predominantly focuses on vulnerabilities in smart contracts and blockchain protocols, a...

From CRUD to Autonomous Agents: Formal Validation and Zero-Trust Security for Semantic Gateways in AI-Native Enterprise Systems

Enterprise software engineering is shifting away from deterministic CRUD/REST architectures toward AI-native systems where large language models act as cognitive orchestrators. This transition introduces a critical security tension: probabilistic LLMs weaken classical mechanisms for validation,...

Insufficient Granularity of Access Control

Overview Affected versions of this package are vulnerable to Insufficient Granularity of Access Control in the /ui/dags endpoint, which fails to enforce per-DAG access control on embedded Human-in-the-Loop HITL and TaskInstance records. An attacker can access sensitive HITL prompts and TaskInstan...

CVE-2026-38743

The CVE-2026-38743 issue affects Apache Airflow’s authenticated /ui/dags endpoint, where per-DAG access control was not enforced for embedded HITL prompts and TaskInstance records. A user with read access to any DAG could access HITL prompts (including request parameters) and full TaskInstance de...

EUVD-2026-25418

The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop HITL and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts including their request parameters and full TaskInstance details for DA...

PT-2026-34876

The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop HITL and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts including their request parameters and full TaskInstance details for DA...

Enclawed: A Configurable, Sector-Neutral Hardening Framework for Single-User AI Assistant Gateways

We present enclawed, a hard-fork hardening framework built on top of the OpenClaw single-user personal artificial intelligence AI assistant gateway. enclawed targets deployments that need attestable peer trust, deny-by-default external connectivity, signed-module loading, and a tamper-evident aud...

AI in Cybersecurity Education -- Scalable Agentic CTF Design Principles and Educational Outcomes

Large language models are rapidly changing how learners acquire and demonstrate cybersecurity skills. However, when human--AI collaboration is allowed, educators still lack validated competition designs and evaluation practices that remain fair and evidence-based. This paper presents a...

Apache Airflow Security Bypass Vulnerability (CNVD-2026-15157)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow suffers from a security bypass vulnerability that stems...

EUVD-2026-12566

Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop HITL endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance. Users are recommended to upgrade to...

Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization

Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop HITL endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance. Users are recommended to upgrade to...

CVE-2026-30911

Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop HITL endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance. Users are recommended to upgrade to...

Apache Airflow 安全漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow suffers from a security bypass vulnerability that stems...

PT-2026-25893

Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop HITL endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance. Users are recommended to upgrade to...

SmartGraphical: A Human-In-The-Loop Framework for Detecting Smart Contract Logical Vulnerabilities Via Pattern-Driven Static Analysis and Visual Abstraction

Smart contracts are fundamental components of blockchain ecosystems; however, their security remains a critical concern due to inherent vulnerabilities. While existing detection methodologies are predominantly syntax-oriented, targeting reentrancy and arithmetic errors, they often overlook logica...

An Explainable Memory Forensics Approach for Malware Analysis

Memory forensics is an effective methodology for analyzing living-off-the-land malware, including threats that employ evasion, obfuscation, anti-analysis, and steganographic techniques. By capturing volatile system state, memory analysis enables the recovery of transient artifacts such as decrypt...

POLAR: Automating Cyber Threat Prioritization through LLM-Powered Assessment

Large Language Models LLMs are intensively used to assist security analysts in counteracting the rapid exploitation of cyber threats, wherein LLMs offer cyber threat intelligence CTI to support vulnerability assessment and incident response. While recent work has shown that LLMs can support a wid...

Uncovering Reliable Indicators: Improving IoC Extraction from Threat Reports

Indicators of Compromise IoCs are critical for threat detection and response, marking malicious activity across networks and systems. Yet, the effectiveness of automated IoC extraction systems is fundamentally limited by one key issue: the lack of high-quality ground truth. Current extraction too...