| Mobile Web

Search results for Bug bounty

AI & Enterprise

Lovable vibe-coding platform faces security flaw row over free account access to other users\' data

A researcher has raised allegations that Lovable, a vibe-coding platform valued at $6.6 billion, had a security flaw allowing a free account to access other users’ source code, database credentials and AI chat histories, The Register reported. The researcher described an object-level authorisation bug that exposed data without ownership checks and said a report was mishandled. The Register said Lovable’s explanations shifted before it said a backend change re-enabled access.

AI & Enterprise

‘Comment and Control’ attack can hack Claude Code, Gemini CLI and GitHub Copilot at once

A security engineer disclosed a prompt injection technique dubbed “Comment and Control” that can attack Anthropic’s Claude Code, Google’s Gemini CLI and GitHub Copilot Agent at the same time, SecurityWeek reported. The method manipulates common GitHub content such as comments, PR titles and issue bodies to trick AI agents into running attacker-chosen commands. Tests showed credential and API key theft and data exfiltration. All three companies confirmed the issue and paid bug bounties.

AI & Enterprise

AI-driven security bug reports flood open source maintainers

Autonomous AI agents are pouring large numbers of security flaw reports onto open source project maintainers, increasing their burden. Axios reported that most reports lack specific grounds and reporters cannot answer follow-up questions. The situation worsened with the emergence of OpenClaw, which can automatically analyse code and submit reports. OpenSSF CTO Christopher Robinson said maintainers spend 2 to 8 hours reviewing reports without compensation. Some maintainers have shut bounty programmes or blocked AI-generated submissions.