Check Point Research found three CVEs in LangGraph's persistence layer. CVE-2025-67644 SQLi chains with CVE-2026-28277 deserialization to reach RCE.
Check Point Research found three CVEs in LangGraph's persistence layer. CVE-2025-67644 SQLi chains with CVE-2026-28277 deserialization to reach RCE.
LLMs suggest non-existent package names in 20-30% of coding responses. Attackers register these hallucinated names with malicious payloads — slopsquatting as a supply chain attack.
AI prompt injection attack vectors — direct injection, indirect via tool outputs, multi-turn manipulation — with observed real-world attacks and a layered defensive stack.
The OWASP Top 10 for LLM Applications (v2.0): each vulnerability class, real-world observed attacks, and defensive controls for enterprise AI teams.
Meta's AI support chatbot had a confused deputy flaw allowing attackers to hijack Instagram accounts via recovery requests. 20,225 accounts compromised over 45 days.