AI Infrastructure
AI infrastructure explores GPUs, compute, training, inference and large-scale deployment. Articles follow platform evolution, architectural bottlenecks and the security implications of AI workloads.

NVIDIA Transformers4Rec Flaw Enables RCE via Malicious ML Models
NVIDIA has patched a high-severity deserialization vulnerability (CVE-2026-24162, CVSS 7.8) in its Transformers4Rec library that allow…

LangGraph Vulnerability Chain Grants RCE via AI Agent Persistence
Check Point Research has uncovered a SQL injection and deserialization chain in LangGraph that enables RCE on self-hosted deployments.…

LiteLLM CVE-2026-42271: CISA Confirms Active Exploitation of CVSS 10.0 RCE Chain
CISA has added CVE-2026-42271 to its KEV catalog, confirming active exploitation of a command injection vulnerability in LiteLLM. When…

OpenAI Mandates Hardware-Backed Passkeys for Access to Frontier AI Models
Starting June 1, 2026, OpenAI will require Trusted Access for Cyber (TAC) program members to use hardware-backed passkeys, setting a n…

DNS-AID: Linux Foundation Launches Decentralized Discovery for AI Agents
The Linux Foundation has launched DNS-AID, an open-source protocol that leverages existing DNS infrastructure to enable decentralized…

Shadow AI: First 8-K Filing Signals Shift from Internal Policy to Regulatory Mandate
The first SEC 8-K filing for unauthorized AI use marks a turning point for corporate governance. As Shadow AI evolves into 'vibe-coded…

Poisoned AI Chatbots: A New Vector for High-Performance GPU Cryptojacking
Microsoft has identified an active campaign that manipulates AI chatbot recommendations to distribute GPU-based cryptojacking malware…

CISA Adds Critical Langflow Vulnerability (CVE-2025-34291) to KEV Catalog Following Active Exploitation
CISA has added CVE-2025-34291, a critical origin validation flaw in the Langflow platform, to its Known Exploited Vulnerabilities cata…

1Password and OpenAI Partner to Provide Just-in-Time Credentials for AI Agents
1Password integrates its Environments MCP Server into OpenAI's Codex, enabling just-in-time credentialing for AI coding agents to prev…

AI Agents in Production: Addressing the Confused-Deputy Threat in Operational Automation
New research identifies a critical architectural gap in operational AI agents where a lack of separation between reasoning and executi…

Zealot: How Autonomous AI Orchestrates Multi-Stage Cloud Compromise
Palo Alto Networks’ Unit 42 has demonstrated Zealot, a multi-agent PoC capable of executing end-to-end cloud attack chains without hum…

Critical RCE in ChromaDB: 73% of Exposed Servers Vulnerable to CVE-2026-45829
A maximum-severity vulnerability in ChromaDB’s Python FastAPI server allows unauthenticated remote code execution. The flaw, which ste…