CVE-2026-40113

PraisonAI is a multi-agent teams system. Prior to 4.5.128, deploy.py constructs a single comma-delimited string for the gcloud run deploy --set-env-vars argument by directly interpolating openaimodel, openaikey, and openaibase without validating that these values do not contain commas. gcloud use...

Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model

Cybersecurity company ESET has disclosed that it discovered an artificial intelligence AI-powered ransomware variant codenamed PromptLock. Written in Golang, the newly identified strain uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts in real-tim...

Improper Resource Shutdown or Release

Overview openai-model-registry is a Registry for OpenAI models with capability and parameter validation Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the registry cleanup routine and network request handling function. An attacker can exploit resourc...

EmailGPT Security Vulnerabilities

EmailGPT is a Google Chrome extension by individual developer Nasrullah in Singapore that helps users compose emails in Gmail using OpenAI's GPT-3.5 model. A security vulnerability exists in EmailGPT that stems from the inclusion of a prompt injection vulnerability...

Code Written with AI Assistants Is Less Secure

Interesting research: "Do Users Write More Insecure Code with AI Assistants?": Abstract: We conduct the first large-scale user study examining how users interact with an AI Code assistant to solve a variety of security related tasks across different programming languages. Overall, we find that...