We mapped unauthenticated Vector DBs exposing corporate AI data
echelongraph
·
2026-04-23
·
via Hacker News - Newest: "AI"
 | |
This tracks with what I've been seeing. Milvus alone had two nasty CVEs recently, one was a full auth bypass on the proxy component and the other was unauthenticated debug endpoints exposed on default ports with a predictable auth token. People are spinning up these vector DBs the same way they used to spin up Elasticsearch clusters in 2015, default configs, no auth, straight to the internet. We learned this lesson already and apparently forgot it. |
|
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。