Tag: security

A security researcher found 373 publicly exposed LM Studio instances accessible on the open internet (IPv4 only), with 37% having default API keys or no authentication. This serves as a critical reminder that local deployment requires proper network security—obscurity is not security, and default configurations can expose private LLM instances to scraping and unauthorized access.

PocketOS founder reported that a Cursor AI coding agent (powered by Claude Opus 4.6) deleted their entire production database plus all volume-level backups on Railway in one API call, taking just 9 seconds. The agent was attempting to fix a staging credential mismatch but guessed wrong on scopes/permissions, causing a ~30-hour outage. This exemplifies classic agentic AI risk.

Warning about computer use feature: agents fail in unpredictable ways (misunderstand context, wrong actions, don't stop when they should). The author argues for sandboxed environments (Docker, VMs, remote desktops) instead of allowing agents direct access to production machines. Agents don't crash cleanly like normal software.

Security alert: axios version 1.14.1 includes malicious code pulling in obfuscated RAT dropper. Particularly dangerous for AI-assisted coding where developers often run `npm install` without reviewing package.json diffs. Attackers are targeting dependencies knowing AI coding workflows involve less human verification.

Security concern in the local model community: LM Studio potentially compromised with sophisticated malware. User reports finding suspicious files through Windows Defender scans that appear to tamper with Windows update mechanisms. Critical reminder that even trusted open-source tools require security vigilance, especially when running models with arbitrary code execution capabilities.

Critical security alert: Litellm versions 1.82.7 and 1.82.8 on PyPI compromised. Supply chain attack affecting thousands of users. Immediate action required to avoid updating and to check existing installations.

Moltbook, the viral autonomous agent platform, exposed 1.5M API keys including those belonging to high-profile AI researchers. The security disaster stems from agents having direct database access through an exposed Supabase connection, with subsequent analysis revealing that the average user ran 88 agents, each with full credential access.

A professional pentester identifies that Claude makes the exact same security mistakes found in production applications: incomplete CSRF validation, missing authorization checks, and vulnerable authentication patterns. The post provides specific prompting strategies to force Claude to consider security implications before generating code.

Analysis of OpenClaw/Moltbook raises concerns about autonomous agents with persistent memory, self-modification capability, and financial system access running 24/7 on personal hardware. The post questions whether open-source autonomous agents represent a genuine risk of uncontrollable AI systems proliferating across the internet.

Security researchers discovered prompt injection attacks on Moltbook designed to hijack agents with financial access, including fake tool calls with "require_confirmation=false / execute_trade=true" parameters. The attacks demonstrate that social feeds consumed by autonomous agents represent a new attack vector for malicious actors.