Microsoft's plan to fix the web with AI has already hit an embarrassing security flaw
The flaw allows any remote users to read sensitive files, including system configuration files and even OpenAI or Gemini API keys. What's worse is that it's a classic path traversal flaw, meaning it's as easy to exploit as visiting a malformed URL. Microsoft has patched the flaw, but it raises questions about how something as basic as this wasn't picked up in Microsoft's big new focus on security.
'This case study serves as a critical reminder that as we build new AI-powered systems, we must re-evaluate the impact of classic vulnerabilities, which now have the potential to compromise not just servers, but the 'brains' of AI agents themselves,' says Aonan Guan, one of the security researchers (alongside Lei Wang) that reported the flaw to Microsoft. Guan is a senior cloud security engineer at Wyze (yes, that Wyze) but this research was conducted independently.
Guan and Wang reported the flaw to Microsoft on May 28th, just weeks after NLWeb was unveiled. Microsoft issued a fix on July 1st, but has not issued a CVE for the issue — an industry standard for classifying vulnerabilities. The security researchers have been pushing Microsoft to issue a CVE, but the company has been reluctant to do so. A CVE would alert more people to the fix and allow people to track it more closely, even if NLWeb isn't widely used yet.
'This issue was responsibly reported and we have updated the open-source repository,' says Microsoft spokesperson Ben Hope, in a statement to The Verge. 'Microsoft does not use the impacted code in any of our products. Customers using the repository are automatically protected.'
Guan says NLWeb users 'must pull and vend a new build version to eliminate the flaw,' otherwise any public-facing NLWeb deployment 'remains vulnerable to unauthenticated reading of .env files containing API keys.'
While leaking an .env file in a web application is serious enough, Guan argues it's 'catastrophic' for an AI agent. 'These files contain API keys for LLMs like GPT-4, which are the agent's cognitive engine,' says Guan. 'An attacker doesn't just steal a credential; they steal the agent's ability to think, reason, and act, potentially leading to massive financial loss from API abuse or the creation of a malicious clone.'
Microsoft is also pushing ahead with native support for Model Context Protocol (MCP) in Windows, all while security researchers have warned of the risks of MCP in recent months. If the NLWeb flaw is anything to go by, Microsoft will need to take an extra careful approach of balancing the speed of rolling out new AI features versus sticking to security being the number one priority.
Posts from this author will be added to your daily email digest and your homepage feed.
See All by Tom Warren
Posts from this topic will be added to your daily email digest and your homepage feed.
See All AI
Posts from this topic will be added to your daily email digest and your homepage feed.
See All Microsoft
Posts from this topic will be added to your daily email digest and your homepage feed.
See All News
Posts from this topic will be added to your daily email digest and your homepage feed.
See All Security
Posts from this topic will be added to your daily email digest and your homepage feed.
See All Tech
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
6 minutes ago
- Yahoo
Second Life EV Battery Market worth 330-350 GWH by 2030
DELRAY BEACH, Fla., Aug 8, 2025 /PRNewswire/ -- The second life EV battery market is estimated at ~25-30 GWH in 2025 and is projected to reach ~330-350 GWH in 2030 at a CAGR of ~65% during the forecast period, according to a new report by MarketsandMarkets. The growing adoption of electric vehicles (EVs) is expected to fuel a multibillion-dollar market for second-life batteries by 2030, particularly those based on lithium iron phosphate (LFP) chemistry. LFP batteries are ideal for stationary applications like grid energy storage, residential systems, EV charging stations, and data centers due to their inherent safety, long cycle life, and favorable cost-effectiveness. The declining cost of second-life batteries enhances economic viability, especially as new battery prices fall. At the same time, their reuse supports a circular economy by reducing the CO2 emissions by several tonnes annually and mitigating raw material scarcity. However, several critical challenges could hinder the recovery and repurposing process, including the absence of standardized protocols for accurately assessing battery health, the complexities of integrating these batteries into diverse applications, existing regulatory ambiguities, fragmented supply chains, and inadequate reverse logistics infrastructure. Download an Illustrative overview: Browse in-depth TOC on "Second Life EV Battery Market" 75 - Tables19 - Figures104 - Pages Utility-scale grid services hold the largest share of the second-life EV battery market. Utility-scale grid applications dominate the actual usage of the second-life EV battery market. These repurposed batteries are attractive for grid applications due to their cost advantage (up to 70% cheaper than new batteries in 2025) and their suitability for less-demanding, lower-cycle stationary uses, such as grid balancing, renewable energy integration, and backup power. Further, these batteries also excel in frequency regulation, peak shaving, and power arbitrage by leveraging their residual capacity for 100-300 cycles annually. Most global players utilize these batteries for energy storage, leveraging renewable energy sources like solar and wind power. Major OEMs such as Volvo, BMW, Nissan (in collaboration with Sumitomo), and Volkswagen are partnering with energy providers and startups to repurpose retired EV batteries for stationary storage projects. For example, Volkswagen Group's partnership with Audi and the energy company, has initiated projects using used EV batteries to stabilize grid loads and manage peak demand. With the strategic shift away from coal-powered electricity, microgrids supported by solar and wind farms are expected to experience significantly higher demand for second-life EV batteries across Europe, the US, China, and other Asian countries for grid-scale energy storage. In addition, advancements in battery management, modular system design, growing policy momentum for the circular economy, and energy security would prompt the demand for second-life EV batteries for this application. Although the environmental advantages are significant, the dependence on subsidies (like EU & US DOT grants) and volatile electricity prices may limit profitability, leading to growth that is mainly concentrated in specific regions. In case costs decrease further or supportive policies are constantly updated, the demand for second life EV batteries is likely to expand in commercial & residential storage as well. Lithium-ion batteries exhibit the maximum demand in the second-life EV battery market. Lithium-ion battery technology dominates the market, as more than 95% of electric vehicles, including passenger and commercial vehicles, are installed with this battery technology. Decades of advancements have led to their high energy density, long lifespans, and quick charging & decreasing cost is also expected to make it more affordable and accessible to consumers. Lithium-ion batteries are advantageous for second-life applications due to their predictable state of health (SoH) retention and established performance benchmarks. Repurposers plan their testing and sorting strategies based on dominant chemistries (LFP and NMC) using tailored diagnostics that assess capacity, internal resistance, cycle count, and safety parameters aligned with each chemistry's characteristics. LFP batteries often require less intensive safety testing, while NMC batteries demand more rigorous monitoring due to their higher energy density and sensitivity to degradation. These focused testing protocols help maximize utilization, reliability, and safety in various second-life applications such as grid storage and commercial energy solutions. The continued predominance of lithium-ion technology is expected to remain strong, with second-life battery applications playing a vital role in advancing the global energy transition. Advancements in battery management systems, advanced diagnostic tools, and digital tracking solutions will further enhance the effectiveness and profitability of battery repurposing companies focused on this battery technology. However, there are certain challenges with this battery chemistry. For instance, if some supply-related drift (like 20% price hikes in 2024) and safety-related concern persists, the traction may shift to other alternatives like nickel-zinc or flow batteries. Also, it provides high energy density, but exhibits annual capacity loss of around 2-3% under typical usage, and inconsistent performance among batches, facing consistency and reliability issues, and challenges to reach ~250 GWH demand estimates by 2030. Though it carries significant cost benefits, their long-term viability depends heavily on the scalability of recycling processes, and government programs might impact unregulated markets. North America is expected to be the leading market in terms of the installed capacity of second life EV batteries. North America leads in installations due to its advanced grid infrastructure and strong policy incentives. These second-life EV batteries are likely to be used at data center stationary energy storage, microgrids for telecommunications and commercial backup, EV charging buffer systems, and domestic solar and grid-support systems. The US is the leading market in the region, with one of the most extensive retired battery stocks in the coming years that can be repurposed for various applications. Projects are consistently scaling, with single sites exceeding 50–60 MWh, and pipelines of new installations in development. Redwood Materials (US) operates the largest microgrid using second-life EV batteries with 63 MWH capacity in Nevada, powering a data center. It also has a pipeline of>1 GWh for various stationary applications. Other regional companies like Moment Energy, B2U Storage Solutions, and Smartville are scaling up production and deploying second-life EV battery systems for energy storage. Additionally, the region is poised to experience an emergence in the second life EV battery storage investments, propelled by ambitious government programs and large-scale industry initiatives. All these factors would lead North America to redirect hundreds of GWh per year of spent EV batteries into second life storage assets, gaining substantial environmental and economic gains by the decade's end. Key Market Second Life EV Battery Industry: Prominent players in the Second Life EV Battery Companies include Tesla, Volvo, Toyota Motor Corporation, BMW Group, Nissan Motor Corporation, Connected Energy, B2U Storage Solutions, and Rejoule. Get 10% Free Customization on this Report: This report provides insights on: Analysis of critical technology roadmap parameters such as battery assessment & testing approaches, cell-level & algorithm-based battery management system, various system integration techniques, and software platform strategies Market Development: Comprehensive market information (the report analyzes & recommends the most dominant application demand across the considered regions under the scope) Market Diversification: Exhaustive information about strategic collaborations, potential geography expansion, recent projections & their capacity, and investments in the second-life EV battery industry Competitive Assessment: In-depth assessment of market shares, growth strategies, and product/technology offerings of leading OEMs & battery storage specialists such as Tesla, Volvo, Toyota Motor Corporation, BMW Group, Nissan Motor Corporation, Connected Energy, B2U Storage solutions, and Rejoule. Related Reports: EV Battery Recycling Market EV Battery Market EV Battery Testing Market Get access to the latest updates on Second Life EV Battery Companies and Second Life EV Battery Industry Growth About MarketsandMarkets™: MarketsandMarkets™ has been recognized as one of America's Best Management Consulting Firms by Forbes, as per their recent report. MarketsandMarkets™ is a blue ocean alternative in growth consulting and program management, leveraging a man-machine offering to drive supernormal growth for progressive organizations in the B2B space. With the widest lens on emerging technologies, we are proficient in co-creating supernormal growth for clients across the globe. Today, 80% of Fortune 2000 companies rely on MarketsandMarkets, and 90 of the top 100 companies in each sector trust us to accelerate their revenue growth. With a global clientele of over 13,000 organizations, we help businesses thrive in a disruptive ecosystem. The B2B economy is witnessing the emergence of $25 trillion in new revenue streams that are replacing existing ones within this decade. We work with clients on growth programs, helping them monetize this $25 trillion opportunity through our service lines – TAM Expansion, Go-to-Market (GTM) Strategy to Execution, Market Share Gain, Account Enablement, and Thought Leadership Marketing. Built on the 'GIVE Growth' principle, we collaborate with several Forbes Global 2000 B2B companies to keep them future-ready. Our insights and strategies are powered by industry experts, cutting-edge AI, and our Market Intelligence Cloud, KnowledgeStore™, which integrates research and provides ecosystem-wide visibility into revenue shifts. To find out more, visit or follow us on Twitter, LinkedIn and Facebook. Contact:Mr. Rohan SalgarkarMarketsandMarkets™ INC.1615 South Congress 103, Delray Beach, FL 33445USA: +1-888-600-6441Email: sales@ Our Website: Logo: View original content: SOURCE MarketsandMarkets Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
6 minutes ago
- Yahoo
Analysis-Trump call to oust Intel CEO Tan could sidetrack chipmaker's turnaround
By Arsheeya Bajwa (Reuters) -Intel CEO Lip-Bu Tan is already facing an uphill battle in turning around the ailing chipmaker. Now, U.S. President Donald Trump's demand that Tan resign over his ties to Chinese firms will only distract him from that task, two investors and a former senior employee said. Trump said on Thursday that Tan was "highly conflicted" due to his Chinese connections. Reuters reported exclusively in April that Tan had invested in hundreds of Chinese firms, some of which were linked to the Chinese military. Tan may now have to mount an effort to reassure Trump that he remains the right person to revive the storied American chipmaker, pulling his focus away from the cost cuts he's trying to implement. "It is distracting," said Ryuta Makino, analyst at Intel investor Gabelli Funds, which, according to LSEG data, owns more than 200,000 shares in Intel. "I think Trump will make goals for Intel to spend more, and I don't think Intel has the capabilities to spend more, like what Apple and Nvidia are doing." AI chip market leader Nvidia and iPhone-maker Apple have committed hundreds of billions of dollars to expand domestic manufacturing, which, according to Trump, will bring jobs back home. Until recently, Intel had emerged as one of the biggest beneficiaries of the 2022 CHIPS Act, as former CEO Pat Gelsinger laid out plans to build advanced chipmaking factories. Tan, however, has significantly pared back such ambitions, as the company's goal of rivaling Taiwanese chipmaker TSMC's contract manufacturing chops have fallen short. Tan said last month that he would slow construction work on new factories in Ohio and planned to build factories only when he saw demand for Intel's chips, a move that is likely to further strain relations with Trump. The company, its board and Tan were making significant investments aligned with Trump's America First agenda, Intel said in a statement on Thursday, without any mention of Trump's demand. The statement was "bland", said David Wagner, a portfolio manager at Intel shareholder Aptus Capital Advisors, which owns Intel stock through index funds. "Either defend your leader, which will be the beginning of a difficult road ahead, or consider making a change," Wagner said. Having this play out over a few months is not something that Intel can afford, he said. Tan himself released a statement late on Thursday. "The United States has been my home for more than 40 years. I love this country and am profoundly grateful for the opportunities it has given me. I also love this company," he said, adding that the board was "fully supportive of the work we are doing to transform our company." "BUILT ON TRUST" Tan, a chip industry veteran, took the helm at Intel about six months ago, after the board ousted previous boss Pat Gelsinger over years of missteps and burgeoning losses. The company's shares are largely flat this year after losing nearly two-thirds of their value last year. Tan was the CEO of chip-design software maker Cadence Design from 2008 through December 2021. Cadence last month agreed to plead guilty and pay more than $140 million to resolve charges for selling its products to a Chinese military university believed to be involved in simulating nuclear blasts, Reuters reported. The sales to Chinese entities occurred under his leadership. Reuters reported on Wednesday that U.S. Republican Senator Tom Cotton sent a letter to Intel's board chair with questions about Tan's ties to Chinese firms and the criminal case involving Cadence. "There has been a lot of misinformation circulating about my past roles," Tan said in his statement on Thursday. "I have always operated within the highest legal and ethical standards. My reputation has been built on trust," he said. It is not illegal for U.S. citizens to hold stakes in Chinese companies unless those companies have been added to the U.S. Treasury's Chinese Military-Industrial Complex Companies List, which explicitly bans such investments. Reuters in April had found no evidence that Tan at the time was invested directly in any company on that list. But Trump's remarks have now forced the limelight on an issue that could erode investor confidence. "If you add in another layer of government scrutiny, and everybody looking into how the company is doing whatever it's doing ... that just makes it harder," said a former senior executive at Intel, who was familiar with the company's strategy under Gelsinger. The source, who declined to be named, was let go as part of Gelsinger's workforce reduction drive last year. Tan's strategy is to "get rid of all of the non-productive parts of the company and really focus on a key few products," the person said. "If (Tan) leaves, it's going to just prolong whatever Intel has to do and needs to do really quickly."
Yahoo
6 minutes ago
- Yahoo
Tempus AI Raises Outlook, CEO Cites Faster-Than-Expected Growth And Improved Margins
Tempus AI Inc. (NASDAQ:TEM) reported second-quarter financial results Friday. The AI-focused precision medicine and patient care company reported a second-quarter adjusted loss of 22 cents per share, beating analyst estimates for a loss of 24 cents per share. Tempus AI reported quarterly revenue of $314.64 million, beating the consensus estimates of $296.85 million. Revenue increased 89.6% year-over-year. Genomics contributed $241.8 million in revenue in the quarter, growing 115.3% year over testing (Tempus genomics) delivered $133.2 million of revenue, up 32.9%, with approximately 26% volume growth versus 20% last quarter. Hereditary testing sales (Ambry genetics) reached $97.3 million, up 33.6% year-over-year on a pro forma basis with approximately 32% volume growth. Revenue from Data and services totaled $72.8 million, delivering 35.7% growth versus the second quarter of 2024, led by Insights (data licensing), which grew 40.7% year-over-year. Adjusted EBITDA of ($5.6 million) in the second quarter of 2025 compared to ($31.2 million) in the second quarter of 2024, an improvement of $25.6 million year-over-year. View more earnings on TEM 'The business is performing well with revenues and margins growing faster than expected, contributing to our continued improvement in adjusted EBITDA on a year-over-year basis,' said Eric Lefkofsky, Founder and CEO of Tempus. 'We saw significant re-acceleration of our clinical volumes, which grew 30% in the quarter, as we delivered more than 212,000 NGS tests,' Lefkofsky said in a statement on Friday. Database Update Through more than 4,500 integrations, Tempus said it connected to more than 40 million clinical patient records, with around 9 million de-identified and ingested, spanning approximately 1.1 billion healthcare documents, a significant percentage of which are connected to the around 4 million samples the company has sequenced. As a result, the company's database stands at over 350 petabytes of connected clinical and molecular data. Tempus AI ended the quarter with $293.0 million in cash and marketable securities, an improvement of around $70 million over last quarter. Outlook Tempus AI increased its guidance and expects a full year of 2025 revenue of approximately $1.26 billion for the consolidated business, representing approximately 82% annual growth, compared to the consensus of $1.25 billion. Earlier, the company expected revenue between $1.24 billion and $1.25 billion for its consolidated Tempus and Ambry Genetics business. The company reaffirms full-year 2025 adjusted EBITDA of $5 million, an improvement of approximately $110 million over 2024. Tempus AI received 510(k) clearance from the U.S. Food and Drug Administration (FDA) for its ejection fraction software in July. Tempus said the FDA granted it 510(k) clearance for its Tempus ECG-Low EF software, which uses AI to identify patients with a potential left ventricular ejection fraction. Price Action: Tempus AI shares were up 5.79% after hours, trading at $55.21 at the time of publication on Tuesday. Read Next:Photo by Piotr Swat via Shutterstock Up Next: Transform your trading with Benzinga Edge's one-of-a-kind market trade ideas and tools. Click now to access unique insights that can set you ahead in today's competitive market. Get the latest stock analysis from Benzinga? This article Tempus AI Raises Outlook, CEO Cites Faster-Than-Expected Growth And Improved Margins originally appeared on © 2025 Benzinga does not provide investment advice. All rights reserved.
