Cybersecurity researchers have disclosed multiple security issues affecting artificial intelligence platforms including Amazon Bedrock, LangSmith, and SGLang, raising concerns about data protection, access control, and secure deployment of AI driven systems. The findings highlight how evolving AI environments can introduce new attack surfaces, particularly when integrated with cloud infrastructure and developer focused tools.
One of the key findings comes from research by BeyondTrust, which identified a method to exfiltrate sensitive data from Amazon Bedrock AgentCore Code Interpreter through domain name system queries. The service, launched in August 2025, is designed to execute code in isolated sandbox environments with restricted external access. However, researchers found that outbound DNS queries are still permitted, creating a potential pathway for attackers to bypass network isolation. This behavior allows threat actors to establish command and control communication channels, enabling interactive shells and data exfiltration through DNS requests. In controlled scenarios, attackers could retrieve sensitive information from AWS resources such as S3 buckets if the associated IAM role has excessive permissions, and execute commands remotely. Despite responsible disclosure in September 2025, Amazon classified the behavior as intended functionality and advised customers to use virtual private cloud mode and DNS firewalls to strengthen isolation and monitoring.
In a separate disclosure, Miggo Security reported a high severity vulnerability in LangSmith, identified as CVE 2026 25750 with a CVSS score of 8.5, which exposed users to token theft and potential account takeover. The flaw was traced to improper validation of a URL parameter, allowing attackers to inject a malicious baseUrl and redirect sensitive authentication data to external servers. This could be exploited through social engineering techniques, such as convincing users to click on specially crafted links. Successful exploitation may grant attackers access to AI trace histories, internal database queries, customer records, and proprietary code. The issue affected both cloud based and self hosted deployments and has been addressed in LangSmith version 0.12.71 released in December 2025. Researchers noted that such vulnerabilities underscore the growing importance of securing AI observability platforms, which often handle critical internal data while prioritizing flexibility for developers.
Additional vulnerabilities have been identified in SGLang, an open source framework used for serving large language and multimodal models. Security researchers reported multiple flaws that could lead to remote code execution through unsafe deserialization of untrusted data using pickle functions. Two critical vulnerabilities, tracked as CVE 2026 3059 and CVE 2026 3060 with CVSS scores of 9.8, allow unauthenticated attackers to execute code by interacting with exposed ZeroMQ broker interfaces in specific deployment configurations. Another vulnerability, CVE 2026 3989, relates to insecure deserialization in a crash dump utility. CERT Coordination Center confirmed that exploitation is possible when certain modules are enabled and accessible over the network. While there is no confirmed evidence of active exploitation, security experts recommend restricting access to service interfaces, implementing network segmentation, and closely monitoring unusual system behavior such as unexpected connections or unauthorized file activity.
The combined findings reflect broader challenges in securing AI ecosystems, where capabilities such as automated workflows, cloud integration, and data intensive processing can introduce complex risks if not properly managed. Experts emphasize the importance of enforcing least privilege access controls, strengthening network isolation, and maintaining continuous monitoring to mitigate potential threats. As organizations increasingly rely on AI platforms for critical operations, ensuring robust security practices across development and deployment environments remains a key priority.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
