Enterprise adoption of retrieval-augmented generation has moved sensitive corporate content into a new storage format that existing security tools cannot inspect. Companies deploying internal AI assistants convert documents into high-dimensional numerical vectors and ship them to embedding services and vector databases over ordinary HTTPS connections. Data loss prevention products scan documents and network traffic, and they read none of it. A research framework called VectorSmuggle, released by Jascha Wanger of ThirdKey under the Apache 2.0 … More →
The post Vector embedding security gap exposes enterprise AI pipelines appeared first on Help Net Security.
Packagist Warns: Update Composer Now After GitHub Actions Token Leak
A sudden change in GitHub’s token format has triggered an unexpected security vulnerability in Composer, exposing sensitive authentication tokens in CI/CD logs and forcing Packagist
