AI Agents Add 98 Vulnerabilities Through Dependency Choices as 2.46% of Picks Use Known-Flawed Packages
Updated
Updated · InfoWorld · Jun 1
AI Agents Add 98 Vulnerabilities Through Dependency Choices as 2.46% of Picks Use Known-Flawed Packages
3 articles · Updated · InfoWorld · Jun 1
Purdue data on 117,062 dependency changes across seven ecosystems found AI agents chose known-vulnerable package versions 2.46% of the time, versus 1.64% for humans, producing a net increase of 98 vulnerabilities.
Those agent mistakes were harder to unwind: 36.8% needed a major-version upgrade to fix, compared with 12.9% for human-authored changes, while hallucinated package names and MCP tool calls added fresh attack surface.
Recent npm incidents showed why automatic updating can backfire: poisoned axios releases infected fresh installs during a roughly 3-hour window, and StepSecurity said a 10-day hold on new versions shielded customers from Mini Shai-Hulud exposure.
AI also weakens the old strategy of freezing dependencies, with Anthropic saying Claude Mythos found working exploits for 16- and 17-year-old flaws for under $20,000 and Google flagging the first AI-developed zero-day seen in the wild.
The article’s prescription is narrower, reviewed dependency trees—fork, trim and version only what teams understand—while treating prompts, MCP servers and agent tooling as production dependencies subject to the same governance.
With AI now discovering zero-day exploits, is forking every dependency the only rational defense left for developers?
As AI coding tools secretly introduce vulnerabilities, how can developers safely accelerate their work?
Silent 'memory poisoning' can corrupt AI for weeks. Are current security models prepared for these new time-delayed attacks?
The "BadHost" Vulnerability (CVE-2026-48710): AI-Driven Software Supply Chains at Risk from Slopsquatting and Dependency Flaws
Overview
The 'BadHost' vulnerability (CVE-2026-48710), published in May 2026, targets Python applications built on Starlette or FastAPI using versions below 1.0.1 and relying on 'request.url.path' in middleware for security decisions. Initially rated 7 out of 10 in severity, security experts later classified it as 'critical severity' due to its potential for widespread data exposure across vital infrastructure, including AI agents, biopharma, IoT devices, and SaaS platforms. This vulnerability affects common security mechanisms like allowlists and CSRF protections, highlighting serious risks in modern software supply chains.