Microsoft's AI Web Project Faces Security Flaws

August 6, 2025 at 10:30 AM

•

1 min read

Microsoft's AI Web Project Faces Security Flaws — Photo: The Verge

TL;DR Summary

Researchers discovered a critical security flaw in Microsoft's new NLWeb protocol, which allows remote reading of sensitive files, including API keys, due to a path traversal vulnerability. Microsoft patched the issue but has not issued a CVE, raising concerns about security oversight in AI-related protocols. The flaw could have severe consequences for AI agents relying on exposed API keys, emphasizing the need for careful security practices in deploying new AI features.

Topics:top-news #ai-vulnerability #microsoft #nlweb #path-traversal #security-flaw #technology

Share this article

Microsoft’s plan to fix the web with AI has already hit an embarrassing security flaw The Verge
Researcher exposes Microsoft's flawed code that lets attackers access files on your computer Neowin
Microsoft’s ‘Agentic Web’ Ambition Hit by Embarrassing Security Flaw WinBuzzer
Microsoft AI web project NLWeb plagued by common security flaw MobileSyrup

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

86%

524 → 71 words

Want the full story? Read the original article

Read on The Verge

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights