In this week's episode, Jeremy focuses on two rapidly evolving areas of AI security: the APIs that empower AI services and the risks emerging from new AI Browsers.

We analyze two stories highlighting the exposure of secrets and sensitive data:

API Insecurity: A path traversal vulnerability was discovered in the APIs powering an MCP server hosting service, leading to the exposure of 3,000 API keys. This reinforces the lesson that foundational security mistakes, such as inadequate secret management and unpatched vulnerabilities, are being repeated in the rush to launch new AI services.

CVE in Google Cloud Vertex AI: We discuss a confirmed CVE in Google's Vertex AI service APIs. This vulnerability briefly allowed requests made by one customer's application to be routed and responded to another cust ...