Security experts discover critical flaw in OpenAI's Codex able to compromise entire organizations

Researchers managed to steal GitHub OAuth tokens by abusing a command injection vulnerability.

Copilot is now injecting ads into GitHub pull requests. It's a disaster.

A developer caught Copilot adding promotional "tips" to code descriptions, highlighting a messy new era of AI slop.
SecurityWeek

CrewAI Vulnerabilities Expose Devices to Hacking

Four vulnerabilities in CrewAI could be chained together via prompt injection for sandbox escape, remote code execution, and ...