3 matches found
Coder's AI Bridge Proxy skips TLS certificate verification in default configuration
Summary The AI Bridge Proxy aibridgeproxyd created a goproxy server whose default transport set InsecureSkipVerify: true and only assigned a secure transport when an upstream proxy was configured. In the default configuration no upstream proxy, outbound HTTPS to the Coder access URL accepted any...
282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study
Researchers tested 444 AI chatbot apps for iPhone and found that 282 of them, nearly two-thirds, exposed paid AI access through their network traffic. In many cases, the path in was visible just by watching what the app sent: a plaintext API key, a reusable token, or a backend server that accepte...
Vanna 安全漏洞
Vanna is a personalized AI SQL proxy from Vanna Corporation. Versions of vanna 2.0.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from an injection vulnerability in the exec function located in the src/vanna/legacy directory, which could allow for remote execution...