Big Embarrassment for Microsoft: Critical Security Bug Found in New AI Tool

Big embarrassment for Microsoft: Critical security bug found in new AI tool

Microsoft recently introduced NLWeb, its bold attempt to create an ‘HTML for the Agentic Web’, which promises to bring ChatGPT-style interactivity to websites and apps. But just weeks after its Build 2025 debut, security researchers uncovered a major vulnerability. The flaw, a classic path traversal bug, could allow remote attackers to access sensitive files like .env files, which often store system configurations and even OpenAI or Gemini API k…

Microsoft patched a critical vulnerability in its NLWeb AI search tool – but there's no CVE (yet)

Security researchers have discovered a critical flaw in Microsoft's NLWeb tool that allows remote users to read sensitive files without authorization.