Close Menu
Şevket Ayaksız

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Microsoft tests a revamped Windows Search experience

    Temmuz 19, 2026

    Anker’s 20,000mAh power bank with built-in USB-C cable drops to $38

    Temmuz 19, 2026

    Microsoft urges users to install Windows updates within three days

    Temmuz 19, 2026
    Facebook X (Twitter) Instagram
    • software
    • Gadgets
    Facebook X (Twitter) Instagram
    Şevket AyaksızŞevket Ayaksız
    Subscribe
    • Home
    • Technology

      Innocn’s 49-inch ultrawide monitor hits a record-low $500 for Prime Day

      Temmuz 12, 2026

      Sony 1000X The Collexion vs. Bowers & Wilkins Px8 S2: Which Premium Headphones Come Out on Top?

      Temmuz 11, 2026

      SpaceX Eyes Massive Starlink Expansion With Plans for 100,000 Additional Satellites

      Temmuz 11, 2026

      Nvidia celebrates 30 years of GPUs with free GeForce trading cards

      Temmuz 10, 2026

      Acer’s 7-in-1 wireless charging station drops to $50

      Temmuz 9, 2026
    • Adobe
    • Microsoft
    • java
    • Oracle
    Şevket Ayaksız
    Anasayfa » Microsoft fixes agentic HTML flaw that exposed sensitive data
    microsoft

    Microsoft fixes agentic HTML flaw that exposed sensitive data

    By ayaksızAğustos 8, 2025Yorum yapılmamış2 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr Email
    Share
    Facebook Twitter LinkedIn Pinterest Email

    The accelerating pace of AI integration into everyday applications has created new potential threats, and a recent discovery has revealed a particularly serious one tied to Microsoft’s AI agent framework. Called NLWeb, this system was unveiled during Microsoft’s Build 2025 conference as a new way to help AI agents communicate with websites using a natural language-driven markup format—essentially, a kind of HTML designed for artificial intelligence. Microsoft has not officially confirmed whether its experimental Copilot Mode in the Edge browser uses NLWeb, but the technologies appear to be closely related.

    Security researcher Aonan Guan recently found a major vulnerability in NLWeb: a path traversal flaw that enables attackers to craft malformed URLs that allow access to sensitive files on the host system. In practical terms, that means attackers could use AI agents to bypass security restrictions and download configuration files, login credentials, or cloud API keys. In Guan’s proof-of-concept test, he was able to extract key files containing system passwords and access tokens for cloud-based AI platforms such as Google Gemini and OpenAI, effectively allowing an unauthorized party to use these services without incurring costs.

    Guan disclosed the vulnerability to Microsoft, and the company issued a quiet fix to the public NLWeb GitHub repository in June, although it has not released an official security advisory acknowledging the issue. Fortunately, the update does not require users to take any additional action, as the fix applies to the codebase directly. Still, the incident highlights a broader concern: as AI agents gain more autonomy and interact directly with systems and data, the risk of unintended consequences grows significantly.

    The root issue, as Guan explains, is the way natural language is interpreted as commands by AI systems like those using NLWeb. Because these agents are designed to act on human-like instructions, a cleverly worded prompt could be enough to trigger unintended file access or harmful operations. This potential for “prompt injection” isn’t new, but the scale and ease of exploitation in this case are alarming. We’ve already seen how seemingly private ChatGPT conversations were indexed by search engines due to improperly set metadata. With Microsoft’s Copilot pushing further into the Windows ecosystem, the importance of designing secure, tightly controlled AI interfaces is clearer than ever. As these systems continue to blur the line between user input and system execution, AI developers will need to be more vigilant in closing the security gaps they open.

    Post Views: 260
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    ayaksız
    • Website

    Related Posts

    Microsoft urges users to install Windows updates within three days

    Temmuz 19, 2026

    Microsoft’s RoguePlanet fix may have introduced a new security flaw

    Temmuz 19, 2026

    Microsoft confirms Secure Boot certificate update issues on some PCs

    Temmuz 14, 2026
    Add A Comment

    Comments are closed.

    Editors Picks
    8.5

    Apple Planning Big Mac Redesign and Half-Sized Old Mac

    Ocak 5, 2021

    Autonomous Driving Startup Attracts Chinese Investor

    Ocak 5, 2021

    Onboard Cameras Allow Disabled Quadcopters to Fly

    Ocak 5, 2021
    Top Reviews
    9.1

    Review: T-Mobile Winning 5G Race Around the World

    By sevketayaksiz
    8.9

    Samsung Galaxy S21 Ultra Review: the New King of Android Phones

    By sevketayaksiz
    8.9

    Xiaomi Mi 10: New Variant with Snapdragon 870 Review

    By sevketayaksiz
    Advertisement
    Demo
    Şevket Ayaksız
    Facebook X (Twitter) Instagram YouTube
    • Home
    • Adobe
    • microsoft
    • java
    • Oracle
    • Contact
    © 2026 Theme Designed by Şevket Ayaksız.

    Type above and press Enter to search. Press Esc to cancel.