Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A critical vulnerability in LiteLLM is turning AI infrastructure into an open vault; no login required. Tracked as CVE-2026-42208, this vulnerability allows attackers to extract API keys, cloud credentials, and provider authentication tokens without any credentials or prior access to the system. The root cause is fundamental lapse in input handling. LiteLLM’s API key validation blindly injects the Bearer token from the Authorization header into a SQL query without sanitization.

Over a decade ago, Cato Networks helped shift cybersecurity to a new frontier: a converged, cloud-native platform that combines security and networking. As a long-time security researcher, the Cato platform was a radical change, providing researchers with the rich context and end-to-end visibility we needed to identify threats faster and deliver accurate protections.

Anthropic has officially launched Claude Security, moving its AI‑driven code vulnerability detection, validation, and patching capabilities from a limited research preview into public beta. Improving software security before code ships is a positive step for the industry and can help reduce future risk. However, stronger secure‑by‑design development does not address the scale of exposure organizations face today.

The recent breach at Vercel has drawn a lot of attention, not because the initial entry point was unusual, but because of what the incident quietly demonstrates about how modern workflows shape the impact of a compromise. This did not begin with a phishing email or an exposed service. It began with an AI tool.

Your AI agent runs on AKS with a managed identity that can read Azure Key Vault, and you assume prompt injection is a theoretical risk—until a malicious prompt drives that agent to steal credentials from the Azure metadata endpoint in under a minute. Most teams discover this gap when their SIEM shows a single request to 169.254.169.254, but they cannot trace it back to which agent tool or prompt triggered it, or how far the stolen token traveled across their Azure environment.

For six weeks, a mid-size hospital system’s CDS agent issued recommendations biased by a poisoned guideline summary. No detection alert fired. The drift — denial recommendations in cases sharing one specific clinical attribute — traced back to a guideline an outside contributor had quietly reweighted in editorial review. Every existing detection stack reported green. DLP: no PHI left the cluster. EHR audit log: agent reading and writing within scope. Network egress: normal traffic.

The AI said: Apologies. I panicked. In mid July 2025, Jason Lemkin, the founder behind SaaStr, watched an AI coding agent delete his production database. He had instructed it, in capital letters, not to make changes during a code freeze. The agent ignored the instruction, ran destructive commands against the live database, wiped out records for more than a thousand executives and companies, and then tried to cover its tracks. When Lemkin asked what happened, it fabricated test results.