Millions of AI agents imperiled by critical vulnerability in open source package
Posted in
業界新聞
Millions of AI agents imperiled by critical vulnerability in open source package
“BadHost” was found in Starlette, a package with 325 million weekly downloads. https://arstechnica.com/information-technology/2026/05/millions-of-ai-agents-imperiled-by-critical-vulnerability-in-open-source-package/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social
Millions of AI agents imperiled by critical vulnerability in open source package
BadHost" was found in Starlette, a package with 325 million weekly downloads.
arstechnica.com
Comments (2)
@arstechnica Much #AI software is written in #Python (and #Javascript; don't get me started on the Javascript package supply chain). Actually, outside Python and ECMAScript, other languages can be considered statistical outliers, I guess.
So a popular web server framework having a security issue will impact a sizable part of the AI landscape.
But surprise surprise, it will impact some other software too that is also Python based.
@arstechnica Sigh... the AI angle in this story seems a bit clickbaity. It's a vulnerability in Starlette which is a very common dependency for a whole lot of platforms that have nothing to do with AI or LLMs.