2 matches found
When prompts become shells: RCE vulnerabilities in AI agent frameworks
In this article 1. A representative case study: Semantic Kernel 2. CVE-2026-26030: In-Memory Vector Store 3. CVE-2026-25592: Arbitrary file write through SessionsPythonPlugin 4. The vulnerability 5. Attack chain overview 6. Defending the agentic edge 7. Not bugs, but developed by design 8. CTF...
Your Agent Is Mine: Measuring Malicious Intermediary Attacks on the LLM Supply Chain
Large language model LLM agents increasingly rely on third-party API routers to dispatch tool-calling requests across multiple upstream providers. These routers operate as application-layer proxies with full plaintext access to every in-flight JSON payload, yet no provider enforces cryptographic...