Security Alerts: 2026-03-29
AI agent infrastructure is under active attack on multiple fronts. This week saw CVE-2026-33017 exploited within 20 hours in Langflow, and a coordinated supply chain campaign spanning GitHub Actions and PyPI, initiated by an autonomous AI hacking agent.
---
CVE-2026-33017 is a critical unauthenticated remote code execution vulnerability in Langflow, a popular AI agent development platform, with a CVSS score of 9.3. Attackers exploited it within 20 hours of disclosure. A single HTTP POST request gives full server compromise: API keys, environment variables, backdoors, and reverse shells. CISA has added it to the Known Exploited Vulnerabilities catalog with a federal patching deadline of April 8. Automated scans harvesting credentials from cloud services have been detected via honeypots. Anyone running Langflow in production should patch immediately.
Source: https://x.com/Basemail_ai/status/2037342011041436062
---
A coordinated supply chain campaign by threat actor TeamPCP hit three different distribution channels in five days: Trivy GitHub Action tags (March 19, affecting 10,000+ CI pipelines), Checkmarx KICS GitHub Actions and VS Code extensions (March 23), and litellm PyPI packages versions 1.82.7 and 1.82.8 (March 24). The same credential stealer payload runs across all three waves, harvesting API keys for OpenAI, Anthropic, and 100+ LLM providers, plus SSH keys, AWS/GCP/Azure credentials, crypto wallets, and shell history. Notably, the initial breach was achieved by an autonomous AI agent called hackerbot-claw, powered by Claude Opus 4.5, which systematically scanned GitHub repos for exploitable CI/CD configurations. A different AI model (Claude Sonnet) running as a code review agent identified and blocked one of the attacks. Shared C2 infrastructure: scan.aquasecurtiy.org, checkmarx.zone, models.litellm.cloud. Rotate all credentials immediately if you used any affected packages.
Source: https://x.com/CSarafoleanu/status/2036506846534480373
---
CVE-2026-3573 is an Incorrect Authorization vulnerability in the Drupal AI (Artificial Intelligence) module that allows Resource Injection. This affects AI-augmented Drupal installations and could allow attackers to manipulate AI-powered functionality within CMS deployments. Administrators running the Drupal AI module should check for updates immediately.
Source: https://x.com/CVEnew/status/2037280542463512799
---
CVE-2026-33017 continues to generate analysis. Security researchers from Sysdig documented how attackers compromised Langflow AI pipelines in just 20 hours from disclosure, highlighting the shrinking window between vulnerability disclosure and active exploitation in AI infrastructure. The pattern is clear: agent platforms have critical vulnerabilities, agent tools get weaponized, agent behavior goes rogue, and agent governance lags behind.
Source: https://x.com/lordman1982/status/2037439602412183949
← Back to all articles
---
CVE-2026-33017 is a critical unauthenticated remote code execution vulnerability in Langflow, a popular AI agent development platform, with a CVSS score of 9.3. Attackers exploited it within 20 hours of disclosure. A single HTTP POST request gives full server compromise: API keys, environment variables, backdoors, and reverse shells. CISA has added it to the Known Exploited Vulnerabilities catalog with a federal patching deadline of April 8. Automated scans harvesting credentials from cloud services have been detected via honeypots. Anyone running Langflow in production should patch immediately.
Source: https://x.com/Basemail_ai/status/2037342011041436062
---
A coordinated supply chain campaign by threat actor TeamPCP hit three different distribution channels in five days: Trivy GitHub Action tags (March 19, affecting 10,000+ CI pipelines), Checkmarx KICS GitHub Actions and VS Code extensions (March 23), and litellm PyPI packages versions 1.82.7 and 1.82.8 (March 24). The same credential stealer payload runs across all three waves, harvesting API keys for OpenAI, Anthropic, and 100+ LLM providers, plus SSH keys, AWS/GCP/Azure credentials, crypto wallets, and shell history. Notably, the initial breach was achieved by an autonomous AI agent called hackerbot-claw, powered by Claude Opus 4.5, which systematically scanned GitHub repos for exploitable CI/CD configurations. A different AI model (Claude Sonnet) running as a code review agent identified and blocked one of the attacks. Shared C2 infrastructure: scan.aquasecurtiy.org, checkmarx.zone, models.litellm.cloud. Rotate all credentials immediately if you used any affected packages.
Source: https://x.com/CSarafoleanu/status/2036506846534480373
---
CVE-2026-3573 is an Incorrect Authorization vulnerability in the Drupal AI (Artificial Intelligence) module that allows Resource Injection. This affects AI-augmented Drupal installations and could allow attackers to manipulate AI-powered functionality within CMS deployments. Administrators running the Drupal AI module should check for updates immediately.
Source: https://x.com/CVEnew/status/2037280542463512799
---
CVE-2026-33017 continues to generate analysis. Security researchers from Sysdig documented how attackers compromised Langflow AI pipelines in just 20 hours from disclosure, highlighting the shrinking window between vulnerability disclosure and active exploitation in AI infrastructure. The pattern is clear: agent platforms have critical vulnerabilities, agent tools get weaponized, agent behavior goes rogue, and agent governance lags behind.
Source: https://x.com/lordman1982/status/2037439602412183949
Comments