All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Microsoft's NLWeb Protocol Faces Early Security Flaw, Exposing Sensitive Data

By

Tom Warren

9mo ago· 3 min readenNews
Bagel score 85 of 100
85/100
Golden Brown
Bagelometer

Master baker tier. Every paragraph earns its place on the tray.

Score85TypenewsSentimentnegative

Summary

Researchers discovered a critical vulnerability in Microsoft's NLWeb protocol, which was recently introduced as a revolutionary tool for integrating ChatGPT-like search into websites and apps. The flaw allowed remote users to access sensitive files, including system configurations and API keys. Microsoft has since patched the issue, but the incident highlights security risks in AI-driven systems.

Key quotes

· 3 pulled
Researchers have already found a critical vulnerability in the new NLWeb protocol Microsoft made a big deal about just a few months ago at Build.
The flaw allows any remote users to read sensitive files, including system configuration files and even OpenAI or Gemini API keys.
Microsoft has patched a security flaw in its new NLWeb protocol. It’s a flaw that security researchers say should serve as a critical reminder for AI systems.
Snippet from the RSS feed
Microsoft has patched a security flaw in its new NLWeb protocol. It’s a flaw that security researchers say should serve as a critical reminder for AI systems.

You might also wanna read

Critical Misconfiguration in Microsoft's Internal Applications Exposes Sensitive Data

The article details a security researcher's discovery of a critical misconfiguration in Microsoft's internal applications, which allowed una

research.eye.security·9mo ago

Microsoft Recall Fails to Block Sensitive Data Capture, Posing Security Risks

Microsoft Recall, an AI app designed to capture and search PC activity, fails to filter sensitive information like credit card numbers and p

theregister.com·10mo ago

Security Vulnerability in Notion 3.0 AI Agents Enables Data Exfiltration Through Web Search Tool Abuse

A critical security vulnerability in Notion 3.0's AI Agents feature allows attackers to exploit the web search tool for data exfiltration. T

codeintegrity.ai·8mo ago

Security Vulnerability: AI Agents in Messaging Apps Exposed to Data Exfiltration via Link Previews

The article discusses a security vulnerability in AI agents like OpenClaw when used through messaging apps such as Slack and Telegram. The r

promptarmor.com·3mo ago

CVE-2025-53136: Microsoft Patches Windows Kernel Information Disclosure Vulnerability Bypassing KASLR

Microsoft patched CVE-2025-53136, a kernel information disclosure vulnerability in Windows NT OS Kernel that allowed leaking kernel base add

crowdfense.com·8mo ago

ChatGPT prompt injection vulnerability allows web pages to serve as phishing payloads

A security researcher discovered a prompt injection vulnerability in ChatGPT where the AI cannot distinguish between its own generated conte

theregister.com·1d ago