Security Unlocked

Langflow

Threat Intelligence

The Agent Approved It Anyway

GhostApproval exposed a symlink trust-boundary flaw across six AI coding assistants simultaneously, and the four different vendor responses reveal something more important than the vulnerability: there is no shared security contract governing what these tools are allowed to do.

Threat Intelligence

The Pipeline Ran the Attack

AI workflow platforms are being deployed with developer-speed patching and no orchestration-layer instrumentation, and attackers have started treating them as production attack surfaces.

Threat Intelligence

AI Infrastructure Exploited Within 24 Hours of Disclosure

Four AI infrastructure platforms (Langflow, Marimo, LMDeploy, Flowise) were exploited within 24 hours of vulnerability disclosure last week. The patching window has collapsed to under one attacker shift.