AI Vulnerabilities - Data Exfiltration Risks Uncovered
Basically, flaws in AI systems let bad actors steal data and run harmful code.
New vulnerabilities in AI systems like Amazon Bedrock and LangSmith have been uncovered. These flaws could allow attackers to exfiltrate sensitive data and execute harmful code. Immediate action is needed to secure these platforms and protect user information.
The Flaw
Cybersecurity researchers have identified significant vulnerabilities in several AI platforms, including Amazon Bedrock, LangSmith, and SGLang. These flaws allow attackers to exfiltrate sensitive data and execute remote code through various methods, including DNS queries and URL parameter injection. BeyondTrust's report highlights that the Amazon Bedrock AgentCore Code Interpreter permits outbound DNS queries, which can be exploited to bypass network isolation and establish command-and-control channels.
The vulnerabilities in LangSmith, identified as CVE-2026-25750, expose users to potential token theft and account takeover due to a lack of validation on the baseUrl parameter. This flaw allows attackers to steal sensitive user information through social engineering techniques. Additionally, SGLang has reported multiple vulnerabilities related to unsafe pickle deserialization, which can lead to remote code execution.
What's at Risk
The implications of these vulnerabilities are severe. For Amazon Bedrock, the ability to execute outbound DNS queries means attackers could gain unauthorized access to sensitive AWS resources, potentially leading to data breaches or service downtime. Similarly, LangSmith's flaw could allow attackers to access internal data, including customer records and proprietary source code, simply by tricking users into clicking malicious links.
SGLang's vulnerabilities pose a high risk as well, with CVSS scores indicating critical security flaws that could allow unauthenticated remote code execution. If exploited, these vulnerabilities could compromise any deployment of SGLang that exposes its multimodal generation or disaggregation features to the network.
Patch Status
Currently, Amazon has acknowledged the DNS query issue as intended functionality rather than a defect, urging users to switch to VPC mode for enhanced security. For LangSmith, the vulnerability has been addressed in version 0.12.71, released in December 2025. However, the vulnerabilities in SGLang remain unpatched, highlighting the urgent need for users to implement security measures.
Organizations using these platforms should prioritize migrating critical workloads to environments that provide robust network isolation and implement strict access controls. Regular audits of IAM roles and permissions are essential to mitigate the risks associated with these vulnerabilities.
Immediate Actions
To safeguard against these vulnerabilities, users should take immediate action. For Amazon Bedrock, switching from sandbox mode to VPC mode is crucial for ensuring network isolation. Implementing a DNS firewall to filter outbound DNS traffic can also help mitigate risks.
For LangSmith users, updating to the latest version is imperative to close the security gap. In the case of SGLang, restricting access to service interfaces and ensuring they are not exposed to untrusted networks is vital. Organizations should also monitor for unusual activity, such as unexpected inbound connections or unauthorized access attempts, to detect potential exploitation of these vulnerabilities early.
The Hacker News