Close Menu
Technology Mag

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Microsoft makes OpenAI’s new open model available on Windows

    August 6, 2025

    I Watched AI Agents Try to Hack My Vibe-Coded Website

    August 6, 2025

    TikTok Promotes Stickers for Secretly Recording Meta Ray-Ban Video

    August 6, 2025
    Facebook X (Twitter) Instagram
    Subscribe
    Technology Mag
    Facebook X (Twitter) Instagram YouTube
    • Home
    • News
    • Business
    • Games
    • Gear
    • Reviews
    • Science
    • Security
    • Trending
    • Press Release
    Technology Mag
    Home » Microsoft’s plan to fix the web with AI has already hit an embarrassing security flaw
    News

    Microsoft’s plan to fix the web with AI has already hit an embarrassing security flaw

    News RoomBy News RoomAugust 6, 20253 Mins Read
    Facebook Twitter Pinterest LinkedIn Reddit WhatsApp Email

    Researchers have already found a critical vulnerability in the new NLWeb protocol Microsoft made a big deal about just just a few months ago at Build. It’s a protocol that’s supposed to be “HTML for the Agentic Web,” offering ChatGPT-like search to any website or app. Discovery of the embarrassing security flaw comes in the early stages of Microsoft deploying NLWeb with customers like Shopify, Snowlake, and TripAdvisor.

    The flaw allows any remote users to read sensitive files, including system configuration files and even OpenAI or Gemini API keys. What’s worse is that it’s a classic path traversal flaw, meaning it’s as easy to exploit as visiting a malformed URL. Microsoft has patched the flaw, but it raises questions about how something as basic as this wasn’t picked up in Microsoft’s big new focus on security.

    “This case study serves as a critical reminder that as we build new AI-powered systems, we must re-evaluate the impact of classic vulnerabilities, which now have the potential to compromise not just servers, but the ‘brains’ of AI agents themselves,” says Aonan Guan, one of the security researchers (alongside Lei Wang) that reported the flaw to Microsoft. Guan is a senior cloud security engineer at Wyze (yes, that Wyze) but this research was conducted independently.

    Guan and Wang reported the flaw to Microsoft on May 28th, just weeks after NLWeb was unveiled. Microsoft issued a fix on July 1st, but has not issued a CVE for the issue — an industry standard for classifying vulnerabilities. The security researchers have been pushing Microsoft to issue a CVE, but the company has been reluctant to do so. A CVE would alert more people to the fix and allow people to track it more closely, even if NLWeb isn’t widely used yet.

    “This issue was responsibly reported and we have updated the open-source repository,” says Microsoft spokesperson Ben Hope, in a statement to The Verge. “Microsoft does not use the impacted code in any of our products. Customers using the repository are automatically protected.”

    Guan says NLWeb users “must pull and vend a new build version to eliminate the flaw,” otherwise any public-facing NLWeb deployment “remains vulnerable to unauthenticated reading of .env files containing API keys.”

    While leaking an .env file in a web application is serious enough, Guan argues it’s “catastrophic” for an AI agent. “These files contain API keys for LLMs like GPT-4, which are the agent’s cognitive engine,” says Guan. “An attacker doesn’t just steal a credential; they steal the agent’s ability to think, reason, and act, potentially leading to massive financial loss from API abuse or the creation of a malicious clone.”

    Microsoft is also pushing ahead with native support for Model Context Protocol (MCP) in Windows, all while security researchers have warned of the risks of MCP in recent months. If the NLWeb flaw is anything to go by, Microsoft will need to take an extra careful approach of balancing the speed of rolling out new AI features versus sticking to security being the number one priority.

    Share. Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Email
    Previous ArticleThe Kremlin’s Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware
    Next Article A Hiker Was Missing for Nearly a Year—Until an AI System Recognized His Helmet

    Related Posts

    Microsoft makes OpenAI’s new open model available on Windows

    August 6, 2025

    Nvidia rejects US demand for backdoors in AI chips

    August 6, 2025

    Google is rolling out a fix for Pixel back button issues

    August 5, 2025

    Apple is suing Apple Cinemas

    August 5, 2025

    The best iPad deals you can get in August

    August 5, 2025

    The best laptop deals you can get right now

    August 5, 2025
    Our Picks

    I Watched AI Agents Try to Hack My Vibe-Coded Website

    August 6, 2025

    TikTok Promotes Stickers for Secretly Recording Meta Ray-Ban Video

    August 6, 2025

    Nvidia rejects US demand for backdoors in AI chips

    August 6, 2025

    A Hiker Was Missing for Nearly a Year—Until an AI System Recognized His Helmet

    August 6, 2025
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    News

    Microsoft’s plan to fix the web with AI has already hit an embarrassing security flaw

    By News RoomAugust 6, 2025

    Researchers have already found a critical vulnerability in the new NLWeb protocol Microsoft made a…

    The Kremlin’s Most Devious Hacking Group Is Using Russian ISPs to Plant Spyware

    August 6, 2025

    Claude Fans Threw a Funeral for Anthropic’s Retired AI Model

    August 6, 2025

    Google is rolling out a fix for Pixel back button issues

    August 5, 2025
    Facebook X (Twitter) Instagram Pinterest
    • Privacy Policy
    • Terms of use
    • Advertise
    • Contact
    © 2025 Technology Mag. All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.